Security Basics mailing list archives
RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?
From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Thu, 15 Jun 2006 10:33:42 -0600 (MDT)
Except that sensitive data such as this should NEVER be on a laptop or any other computer resource that isn't physically secured as well as logically secured. Physical possession gives the possessor quite an advantage if he thinks the payoff is worth his investment. Sincerely, Bryan S. Sampsel LibertyActivist.org Robertson, Seth (JSC-IM) wrote:
These steps basically work but if your theif has any data recovery/forensics skills he may find 5 temporary versions of your "My Documents" Word docs in other places of the drive (unencrypted) or unencrypted versions of deleted spreadsheets, etc. (deleted files are just deallocated but not wiped from the drive). The reason for full-disk encryption is to be sure that all free space, slack space, swap space, database, and temp files are always encrypted so that no matter how sophisticated the theif (or the person he sells the hard drive to) your data is safe. Seth Robertson -----Original Message----- From: Ruiz, Rolando [mailto:rolando_ruiz () jetaviation com] Sent: Tuesday, June 13, 2006 1:54 PM To: Depp, Dennis M.; security-basics () securityfocus com Subject: RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Here's my thoughts on this: We had a similar incident here and we (finally) put the following steps in place. 1 - We sync data to server at logon and logoff. This ensures that if the laptop is lost or stolen the data is AVAILABLE to the VP. Critical data MUST be stored on My Documents folder to ensure its availability 2 - We encrypt the data on both ends. 3 - We enable and password protect screensavers 4 - If stolen while in screensaver, thief will have to force restart. For this we enable Bios password. When enabling bios password you have to change the default bios admin password to prevent access to bios. 5 - In some cases we enable Outlook to prompt for password. Hope this helps. Regards, Rolando Ruiz Information Technology -----Original Message----- From: Depp, Dennis M. [mailto:deppdm () ornl gov] Sent: Tuesday, June 13, 2006 12:12 PM To: Mike Foster; security-basics () securityfocus com Subject: RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? 1. Don't put unnecessary sensitive information on a laptop. 2. Encrypt data on the drive or encrypt the entire hard drive. Dennis -----Original Message----- From: Mike Foster [mailto:mike () mytechcoach com] Sent: Monday, June 12, 2006 8:49 PM To: security-basics () securityfocus com Subject: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Am curious how all of you feel about the options. How do you feel and/or what is your experience with: --Power-on passwords in the hardware/CMOS/BIOS Setup --Hard drive locking passwords in the hardware/CMOS/BIOS Setup --Laptops equipped with fingerprint readers for the above two options --Windows NTFS EFS encryption --TrueCrypt from www.truecrypt.org for encrypted storage areas --Trusted Platform Module (TPM) https://www.trustedcomputinggroup.org --Tokens that plug into USB --Others? Thank you in advance...
Current thread:
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?, (continued)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Sadler, Connie (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Bryan S. Sampsel (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dave Patterson (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Brian Daniel Beck (Jun 13)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Robertson, Seth (JSC-IM) (Jun 14)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Bryan S. Sampsel (Jun 15)
- Re: Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? michal (Jun 26)