Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?

From: zipk0der <zipk0der () pandora-security com>
Date: Thu, 15 Jun 2006 19:36:02 -0700
One thing I do for added security, is enable an extra password to
access syskey (required before msgina.dll is loaded). Go to start >
run > syskey.exe [enter]

Make sure encryption is enabled, then press "update".

You can choose to use a system generated password, or set your own.

If you use a system generated startup key, you can choose to place it
on a floppy disk or usb key; the system wont boot to Windows without
it inserted it/plugged in.

Also of course I set up a bios password that is required at boot, and
enable the password on resume from screensaver.

I've been using truecrypt for a while now, and I have to say I love
it. More important than truecrypt itself, are the extensions tcgina
and tctemp which can be found here:
http://www.truecrypt.org/third-party-projects/

tcgina puts the entire user profile (My documents etc) into a
encrypted virtual drive that is mounted at login, this process is
almost transparent to the user.

tctemp encrypts the entire page file, which, is clearly a good idea.

Thats all I can think of for now...

In my case, I use different passwords for each step of the boot up
process, but in a real life business enviroment, getting a vp or ceo
to follow by this is near impossible.

Daniel Hückmann
Previous By Date Next
Previous By Thread Next

Current thread: