Security Basics mailing list archives
Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?
From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Tue, 13 Jun 2006 10:22:30 -0600 (MDT)
If somebody has physical possession of the equipment, then there's not much you can do. BIOS passwords can be reset. Fingerprint readers aren't silver bullets. Any encrypted data can be cracked given sufficient determination and time. There's ERD to reset the local admin password, then the EFS does you no good, since that person is a local user on the system that owns the EFS. USB tokens would probably have been left in the laptop...just like CACs get left in by most users. I'm not first hand familiar with TruCrypt or TPM... Your better bet would have been to have the laptop act as a thin client to a remote, secured computer (physically secured as well)...such as Citrix or something. Then, unless the user wrote down his credentials to get onto the Citrix solution, he's got no actual data. It's not bullet proof, but better than having sensitive data outside of a secured environment. Sincerely, Bryan S. Sampsel LibertyActivist.org Mike Foster wrote:
In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Am curious how all of you feel about the options. How do you feel and/or what is your experience with: --Power-on passwords in the hardware/CMOS/BIOS Setup --Hard drive locking passwords in the hardware/CMOS/BIOS Setup --Laptops equipped with fingerprint readers for the above two options --Windows NTFS EFS encryption --TrueCrypt from www.truecrypt.org for encrypted storage areas --Trusted Platform Module (TPM) https://www.trustedcomputinggroup.org --Tokens that plug into USB --Others? Thank you in advance...
Current thread:
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?, (continued)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Saqib Ali (Jun 13)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Depp, Dennis M. (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dana (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Harrison Holland (Jun 13)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Sadler, Connie (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Bryan S. Sampsel (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dave Patterson (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Brian Daniel Beck (Jun 13)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Robertson, Seth (JSC-IM) (Jun 14)
- Re: Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? michal (Jun 26)