Security Basics mailing list archives
Re: stolen laptop
From: "Steven Adair" <steven () securityzone org>
Date: Wed, 11 Apr 2007 12:49:19 -0500 (EST)
I would say the stuff you are looking for and with which I am about to reply would follow more under a procedure than a policy. Things you might want to take into consideration in the event of a stolen laptop (sounds like a Windows laptop, so some answers will be M$ specific): 1) Determine what information was on the machine. Was there financial data, privacy data, etc. Take the appropriate steps in these cases. This may involve notifying users and engaging law enforcement. 2) This ties into #1 but what kind of other information would have been on the machine specific to authentication. Were there any PKI credentials, password files, auto-saved passwords, etc. You may want to have these accounts/credentials revoked, locked, and/or reissued for security purposes. -other credentials to be concerned with here would be VPN group passwords, IPSec pre-shared keys, etc. 3) This ties into #3 but you may want to also make sure the machine account is removed or locked. This way should the machine find its way back onto your network, it is no longer allowed to authenticate against the domain. This is really a trivial solution here though. 4) If you have a local administrator account with the same password across your organization (which would include on the stolen laptop), it may be time to reset this password to something new on the machines. 5) Checking for failed attempts to login is something you want to do and audit regularly. If you are not doing this already, you could look for any specific failures related to this instance. However, that will probably not yield much. If you have a monitoring/auditing process in place, by all means supplement it with any pertinent information. That's about all that comes to mind for me right now. Hope that helps. Steven securityzone.org
Hi I have a laptop policy about where it should/should not be kept, encryption, etc but what happens if one is stolen? Change the login password? Check AD for any failed login attempts? Any checklists much appreciated Jono !DSPAM:461d18f2275431782517640!
Current thread:
- stolen laptop security (Apr 11)
- Re: stolen laptop Kjetil Dahl-Hansen (Apr 11)
- Re: stolen laptop korozion (Apr 11)
- Re: stolen laptop Steven Adair (Apr 11)
- Re: stolen laptop killy (Apr 11)