Locking down the Thunderbolt interface Lightning Protection
Linux Magazine|#260/July 2022: Privacy
The Thunderbolt interface supports extremely fast data transfer rates, but be careful about what you plug into your port, because Thunderbolt devices access memory directly. We'll show you some Linux tools for locking down your Thunderbolt interface.
Thorsten Scherf
Locking down the Thunderbolt interface Lightning Protection

The Thunderbolt interface is an interface used for connecting peripheral devices to many modern computers. Thunderbolt connections (with the familiar lightning arrow symbol - see Figure 1) support fast transfer of audio, video, and other data over a single cable and can also charge devices connected through the same interface.

The Thunderbolt specification was developed by Intel in collaboration with Apple. Many users might think of Thunderbolt in the context of Apple hardware. Apple actually started shipping MacBook Pro models with the interface back in 2011 (see the box entitled "Thunderbolt Through the Years"). Thunderbolt has become a common feature on MacBook computers, as well as many other Intel-based systems.

Through the years, however, the power and speed of Thunderbolt has led to some security issues. Like other technologies that communicate with a syste via PCI Express (PCIe), Firewire, or similar protocols, Thunderbolt supports direct access to system memory. Directly accessing memory enables fast data transfer rates, but it also poses a security risk, because many different components access memory at the same time, which creates the potential for a DMA attack. (A DMA attack involves unauthorized access to the system memory in order to read arbitrary data.)

Security concerns have led to a new approach with recent Thunderbolt versions. Some of the basic security features available in Thunderbolt 3 have been enhanced for version 4. Thunderbolt now uses the Intel Virtualization Technology for Directed I/O (VT-d) to provide protection against DMA attacks.

Esta historia es de la edición #260/July 2022: Privacy de Linux Magazine.

Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 9,000 revistas y periódicos.

Esta historia es de la edición #260/July 2022: Privacy de Linux Magazine.

Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 9,000 revistas y periódicos.

MÁS HISTORIAS DE LINUX MAGAZINEVer todo
Tracking your finances with plain text accounting Plain Numbers
Linux Magazine

Tracking your finances with plain text accounting Plain Numbers

If you're tired of tinkering with spreadsheets, using hledger and plain text accounting offers a simpler method for managing your finances without vendor lock-in

time-read
4 minutos  |
#285/August 2024: Kernel Exploits
Dependency resolution with apt-get and apt Evolutionary Tale
Linux Magazine

Dependency resolution with apt-get and apt Evolutionary Tale

Over the past 30 years, the apt family has played an important role in dependency resolution for Debian distros.

time-read
5 minutos  |
#285/August 2024: Kernel Exploits
Cryptomining with Litecoin Traveling Lite
Linux Magazine

Cryptomining with Litecoin Traveling Lite

Although not as popular as headliners like Bitcoin and Ethereum, Litecoin is one of the oldest crytocurrencies, and it offers some useful features, such as dual-mining with Dogecoin.

time-read
5 minutos  |
#285/August 2024: Kernel Exploits
Software Update SnoopGod
Linux Magazine

Software Update SnoopGod

SnoopGod delivers an Ubuntu-based pentesting distribution with an emphasis on security education.

time-read
6 minutos  |
#285/August 2024: Kernel Exploits
Kernel Trouble
Linux Magazine

Kernel Trouble

This deep look at how intruders attack an out-of-date kernel should be enough to convince you of the need to stay vigilant.

time-read
3 minutos  |
#285/August 2024: Kernel Exploits
Using Wake-on-LAN for a NAS backup Power Saver
Linux Magazine

Using Wake-on-LAN for a NAS backup Power Saver

Put your backup server to sleep when you don't need it and then wake it on demand using the Wake-on-LAN feature built into network adapters.

time-read
5 minutos  |
#285/August 2024: Kernel Exploits
Time Travel
Linux Magazine

Time Travel

Mike Schilli uses a Go program to check whether a strategy for trading stocks is making gains or losses on the basis of historical price data.

time-read
8 minutos  |
#285/August 2024: Kernel Exploits
URL filtering with Pi-hole Into the Funnel
Linux Magazine

URL filtering with Pi-hole Into the Funnel

Supporting browser plug-ins, network-based DNS blockers like Pi-hole help protect you against online tracking and unwanted content.

time-read
10+ minutos  |
#274/August 2023: The Best of Small Distros
Artificial intelligence on the Raspberry Pi Learning Experience
Linux Magazine

Artificial intelligence on the Raspberry Pi Learning Experience

You don't need a powerful computer system to use Al. We show what it takes to benefit from Al on the Raspberry Pi and what tasks the small computer can handle.

time-read
7 minutos  |
#274/August 2023: The Best of Small Distros
MakerSpace Manage your greenhouse with a Raspberry Pi Pico W Sheltered Growth
Linux Magazine

MakerSpace Manage your greenhouse with a Raspberry Pi Pico W Sheltered Growth

You can safely assign some greenhouse tasks to a Raspberry Pi Pico W, such as controlling ventilation, automating a heater, and opening and closing windows.

time-read
7 minutos  |
#274/August 2023: The Best of Small Distros