Safeguard Laptop?

The problem with passwords is that they can temporarily be stored in the RAM if for only brief seconds after the computer is turned off.

You could try to hire a dog and wizard team....


Or use a physical USB encryption key thingy....


http://nerdbusiness.com/blog/what-if-someone-steals-your-laptop-tutorial-mobile-data-encryption

Even if the OS password may be held is RAM (are you sure and even so what of it?) the BIOS password and the hard drive password are both held in EPROM not RAM...right?

Someone did a study (as insanely paranoid as its premise was...) that a potential thief could swipe the laptop then given a brief amount of time remove the RAM chips, and spray the RAM with some cooling agent to slow the data loss and plug the RAM into another computer then mine the password.

Give me some time to refind the source but this bizarre experiment has been retested and confirmed again by tech guru, Leo Laporte and clearly I'm simplifying the details. Though it's very unlikely given the time constraints on how long the RAM can hold the password after the laptop being turned off.

I'll look for the actual transcript but I would have heard about this off a TWIT podcast.

I would have heard about it on the TWIT (This Week In Tech) but the actual experiment would have been done by the Security Now podcast....
http://www.grc.com/securitynow.htm

I should point out I still want to easily make full backups using external HD's so whatever I use has to allow me to do that easily as well.

Will your suggestion allow this easily?
http://nerdbusiness.com/blog/what-if...ata-encryption

Kind'a wild/weird about cooled RAM chips being read externally!

here chumly.

try this...
http://www.youtube.com/watch?v=8_iayEsW89Y

and good luck to you.

Sounds like once the computer is turned on and the encrypted password is given then full backup should be as easy as if your computer did not have the password. Sounds like the security measure is for prohibiting access to the laptop only.

The question I have to ask is this:

Are you trying to keep your data from being stolen and used (you have confidential client information that you have to protect), or are you trying to prevent your laptop from being stolen (you're trying to prevent the expense and inconvenience of insurance claims, restoring from backup, etc.)?

Is the hard drive encrypted in order to do this?

The only other thing would be to create a hidden encrypted drive on your already encrypted drive and then password protect your files on that drive.



Of course all that doesn't matter if you are using the same password for all. Then they only need to find one password to get through all your measures.

Depending on your goals:

1) Hard drive and BIOS passwords can make it difficult or impossible to use the laptop once it has been stolen. Depends on the manufacturer. They will not prevent the laptop from being stolen.
2) Windows XP password protection is not a reliable protection. There are password reset tools that allow folks to reset the local administrator password. (I've used such tools more than once when my clients got locked out of their machines.)
3) Laptop lock cables are the most effective deterrent from someone physically stealing your laptop. Our company policy explicitly states that we are to always use a lock cable, especially when traveling. Lock cables can be cut, or ripped free from their anchor, but usually the thief will just move to the next target.
4) Whole-disk encryption is the standard for when you have confidential data that has to be protected. Windows 7 has bitlocker built in to it.. There are many 3rd-party products, such as TrueCrypt (free), or Guardian Edge (not free). Make sure you shut down your system (don't just standby or hibernate) when you are not using it, or you lose much of the protection provided by whole-disk encryption.

Not that I would want the hardware stolen but new laptops are cheap enough so it's the on-board data that I'm most interested in making sure cannot be accessed. Note in my preamble that 4) addresses the issues of hardware theft.

I should point out I still want to easily make full backups using external HD's so whatever I use has to allow me to do that easily as well. Also using a USB flash drive as a dongle would not be my first choice (not that it's a bad choice) as per the below URL as I'm looking for simple and easy.

http://nerdbusiness.com/blog/what-if-someone-steals-your-laptop-tutorial-mobile-data-encryption

One of my laptops has a finger print ID scanner on-board but again I would prefer simple / easy plus whatever method(s) I choose I want it to be the same for all the laptops I use (four at the moment as well as four external backup HD's).

I am not sure I am a great fan of whole-disk encryption as it reduces the ease and reliablity with which I can edit data, backup the HD and tinker with the OS etc...right

To password protect an HD you do not encrypt the HD data, to password protect an HD you assign a password to its internal EPROM via the computer`s BIOS such that trying to use it in another computer is impossible and you cannot even reformat the HD in another computer let alone read the data.

I should mention all my machine are on XP (except one on Win 7) and I'm not wanting to change over any time soon. Also I worry (perhaps unreasonably) that if I have whole-disk encryption and something goes wrong that my backup software and or recovery procedures in case of a crash will not be as reliable.

Hi-ya tsarstepan,
I am starting to think your reference to KeePass + TrueCrypt sounds very promising.
Obliged indeed!

Only if you want to access the hard drive when the OS is not running. If the OS is running, the encryption is completely transparent.

That's sounds spiffy enough, I exhume this means I can:

a) remove the internal HD to place in another machine as long as I use the same password and same whole-disk encryption software and as long as I do not have the EPROM-based HD password enabled and/or,

b) use my four external USB HD's for backup etc as long as I again use the same password and same whole-disk encryption software and/or,

c) notice no loss of speed or reliability because of whole-disk encryption delay or whole-disk encryption data corruption.

If you turn off the PC, remove the drive, and try to read it, it should be gobbledy-gook.

(Similarly, if you make an image of the drive and then try to read the image, it will be gobbledy-gook.)

If your PC is running, and you copy the file to other media (thumb drive, USB hard drive, floppy disk, network storage, etc), the file will be unencrypted on the new media (unless the media has its own encryption scheme).


We tell our customers that encrypting backup media is more dangerous than simply backing up and storing the backup media securely. In a disaster recovery situation, you're generally happy enough to have a good backup, let alone have a good backup and be able to find the password and compatible encryption software.

That all OK except I cannot (with any ease) ensure that all my four external USB backup HD's will always be securely stored. To ensure up-to-date backups plus redundancy plus ease of access for emergencies I rotate my four external backup HD's in the following manner:

1) Home safe - very secure
2) Home office on desk - could steal if home broken into
3) Work in locked cupboard - fairly secure I figure
4) Mother in Law's - could steal if home broken into

I need to have the four external HD's encrypted using the same encryption methods...but you tell me that all data gets decrypted as it leaves the USB port of the laptops to gets backed-up to the four external HD's.

This is unacceptable because I cannot ensure secure storage for all four external HD's all at the same time!

To further clarify:

1) I had my home broken into, two laptops were stolen, I did not recover them.
2) Recently a laptop was stolen at work, it was not mine, it was recovered, I expect further thefts at work as time progresses.
3) I use four laptops throughout the day on a regular basis at work and at home.
4) There is sensitive data on my laptops.
5) I work with the public and carry my laptops about with me.
6) I cannot negate the risk of hardware theft but believe I can negate the risk of data theft.
7) I have four backup HD's that I rotate and store in different locations as discussed.
8) I also have two desktops at home as well as sundry other external HD's and "raw" HD's (that I have not talked about)... I would like to protect these as well.