Protecting Data From Cloning

[brandoo]

Hi,

I'm wondering if anyone has suggestions as to how to protect a system from cloning?

I understand it's near impossible to stop someone cloning a drive, but anyone have suggestions how to make it impossible to use the data?


If I were to rent out a computer system for a specific task, what would be the best way to ensure no one could just copy everything on the drive and duplicate what I've created?

Hope this makes sense

[jayd512]

Welcome to LinuxForums!

If I were to rent out a computer system for a specific task, what would be the best way to ensure no one could just copy everything on the drive and duplicate what I've created?

Simple answer...
There is no way to guarantee security. Especially if physical access is involved.
Once I have a machine in my possession, data and cloning could be just a LiveCD away.
Encrypting a drive will help, but it's really just an obstacle.

[oz]

Hello and welcome!

I agree with jayd512 that encryption is probably your best option, unless you want to stay right beside the renter and personally watch everything that he/she does with the machine.

[brandoo]

That's what I thought.

A padlock + encryption might be the best solution.

If nothing else, a padlock would be a visual reminder.

[tmarrero1234]

That's what I thought.

A padlock + encryption might be the best solution.

If nothing else, a padlock would be a visual reminder.

1. A padlock securing the computer chassis is an excellent solution. You may have the customer who rents the computer sign a contract with a clause reading that he/she must pay an Extra Fee if the padlock is broken (Example: $200.00 to cover most of the cost of the Operating System License).
2. Optical Drives must be disabled in the Boot Sequence in the CMOS Settings. This would help to avoid booting from Live CD's.
3. The Hard Drive must be the First Option in the Boot Sequence.
4. Booting from Additional Devices must be disabled in the Boot Sequence. This would help to avoid booting a Live Operating System from a USB Disk
5. The CMOS Settings would must be password protected so no one could change the Boot Settings, or the Boot Secuence.

Also, you may search on the Internet for software that may protect the System Files from being cloned or copied to external storage.

[kurtdriver]

You could also change the hard drive; give the renter one that has nothing on it. When you get it back, overwrite it with badblocks a bunch of times to get rid of whatever they did on it. You could even have them provide their own drive(s).

[Djhg2000]

Well I guess you could have an encypted drive with the key locked by some hardware parameter (like an ethernet MAC address), but anything beyond encryption would just be security by obscurity which is known to not work in the long run.

I personally would open source the solution, but consider copyrighting it and leave it at that, if it's a good way of doing something it will get out eventually anyway so you might as well make sure you get credit for it.

[voidpointer69]

Hello Brandoo,

I am not sure if this is in any way the right direction for what you eventually want but there is a GNU/Linux & Unix command "hostid" that was useful in nailing which particular box a software should run on. They can clone the disc and put it on their own machine but if your software is built to run on a specific value of "hostid", that might be enough to thwart them.

I have just run the command on two different GNU/Linux boxes. Got "6f0axxxx" on one but "00000000" on the other.

[alf55]

I have just run the command on two different GNU/Linux boxes. Got "6f0axxxx" on one but "00000000" on the other.

I have run it on three other Linux machines and each returned "00000000". All of them were assembled not purchased pre-assembled with Microsoft stuff on them.

[voidpointer69]

Hello again.

I have been looking at a lot of stuff to do with this hostid and there is an awful lot of inconsistency out there - even in the Solaris world.

How about tieing the software to the actual disc?

hdparm -I /dev/sdx will give a ton of info about sdx and, what's more, will get it from the actual drive. Build your target software in such a way that it incorporates say, the serial number of the disc. This software, or a checker program that runs as soon as the filesystem becomes available, can then see if the right disc is being used.

The checker would give you good privileges to do some very irritating stuff indeed.

If they clone your disc and replace yours with the clone, you can detect that as soon as you get your kit back by booting it up in same way as the thieves have to.

I'd be interested to know what you finally implement.

Cheers - VP