jkinz@kinz.org wrote:
You are visiting the Otis Public Library in Norwich CT. They have Linux based public workstations (w/Internet access). (http://www.otislibrarynorwich.org/index.htm)
Do you trust the library, all of their employees, and every person who has ever used the computer you sit down at with the keys to your home? No? Don't give them the keys to your home.
Or you are a consultant visiting a corporate client who doesn't allow "outside equipment" to be used on their network, so they maintain specific machines for "guests" to use. (Hint, "DOD" )
Ditto.
Additionally, when using your employer's equipment, or your own equipment at on your employer's premises, the company is legally entitled to watch whatever you do, and demand that you provide keys so they can see through any encryption. Don't trust your employer with the keys to your home? Don't access your home system from work.
example three - A TSA attendant "accidentally" drops your laptop.. in front of a forklift... (Merry Christmas!)
Life is hard. You cannot plan for every eventuality.
All your ideas are good ones to which I would add using port knocking (not perfect at all but adds an additional small barrier)
Port knocking is just a type of key. If you use this from a system you do not trust or where the owner of the system has a right to know all the keys used on it and you don't want that person to know the key, don't give the key to that system.
Unfortunately, the worst case scenario ( a compromised machine that does key logging) which you pointed out, will always be a potential problem..
This is more than just a potential hazard. There are *millions* of zombies on the Internet now. Since there are only about a billion PCs in active use in the world, this means the chances of you borrowing time on a computer that's zombified is maybe 1 in a hundred. Would you get in a car if the chances of getting into an accident were 1:100?
The odds shift when you trust the security of the hardware.