Chumly
 
Reply Sat 27 Mar, 2010 09:22 am
What’s the simplest best way to safeguard a laptop? This is what I have enabled now:

1) The hard drive is password protected so if the hard drive is removed it can’t be read.
2) The BIOS is password protected so the laptop can't boot.
3) Windows XP is password protected so the OS can't boot.
4) I use a laptop lock cable.
 
tsarstepan
 
  1  
Reply Sat 27 Mar, 2010 09:31 am
@Chumly,
The problem with passwords is that they can temporarily be stored in the RAM if for only brief seconds after the computer is turned off.

You could try to hire a dog and wizard team....
http://unrealitymag.com/wp-content/uploads/2009/10/cerebrus-costume.jpg

Or use a physical USB encryption key thingy....
Quote:
Make Your System Impossible to Crack with Encryption
Using software it's possible to "lock" your laptop with such a high level of data encryption that it would be impossible for any thief to get access. And even if this theif [sic] was determined enough to attempt to unlock your information, bypassing the 256 bit code I am about to show you how to create would take this guy a thousand years.

For you however, accessing the information will be easy. The strategy is simple: the data is encrypted or "locked away" and the only way to unlock it is to enter the 256 bit code. This code actually resides on a separate USB drive. You keep this not in your laptop bag, but in a different location such as an inside coat pocket or key chain. So when you boot up the laptop, you insert the USB drive, copy the code, and gain access to the decrypted data.

http://nerdbusiness.com/articles/data-encryption/data_keys.jpg
http://nerdbusiness.com/blog/what-if-someone-steals-your-laptop-tutorial-mobile-data-encryption
0 Replies
 
Chumly
 
  1  
Reply Sat 27 Mar, 2010 09:36 am
Even if the OS password may be held is RAM (are you sure and even so what of it?) the BIOS password and the hard drive password are both held in EPROM not RAM...right?
tsarstepan
 
  3  
Reply Sat 27 Mar, 2010 09:51 am
@Chumly,
Someone did a study (as insanely paranoid as its premise was...) that a potential thief could swipe the laptop then given a brief amount of time remove the RAM chips, and spray the RAM with some cooling agent to slow the data loss and plug the RAM into another computer then mine the password.

Give me some time to refind the source but this bizarre experiment has been retested and confirmed again by tech guru, Leo Laporte and clearly I'm simplifying the details. Though it's very unlikely given the time constraints on how long the RAM can hold the password after the laptop being turned off.
tsarstepan
 
  1  
Reply Sat 27 Mar, 2010 09:57 am
@tsarstepan,
I'll look for the actual transcript but I would have heard about this off a TWIT podcast.

I would have heard about it on the TWIT (This Week In Tech) but the actual experiment would have been done by the Security Now podcast....
http://www.grc.com/securitynow.htm
0 Replies
 
Chumly
 
  1  
Reply Sat 27 Mar, 2010 10:12 am
I should point out I still want to easily make full backups using external HD's so whatever I use has to allow me to do that easily as well.

Will your suggestion allow this easily?
http://nerdbusiness.com/blog/what-if...ata-encryption

Kind'a wild/weird about cooled RAM chips being read externally!
Rockhead
 
  1  
Reply Sat 27 Mar, 2010 10:16 am
@Chumly,
here chumly.

try this...
http://www.youtube.com/watch?v=8_iayEsW89Y

and good luck to you.
0 Replies
 
tsarstepan
 
  1  
Reply Sat 27 Mar, 2010 10:40 am
@Chumly,
Sounds like once the computer is turned on and the encrypted password is given then full backup should be as easy as if your computer did not have the password. Sounds like the security measure is for prohibiting access to the laptop only.
0 Replies
 
DrewDad
 
  1  
Reply Sat 27 Mar, 2010 11:05 am
@Chumly,
The question I have to ask is this:

Are you trying to keep your data from being stolen and used (you have confidential client information that you have to protect), or are you trying to prevent your laptop from being stolen (you're trying to prevent the expense and inconvenience of insurance claims, restoring from backup, etc.)?
parados
 
  3  
Reply Sat 27 Mar, 2010 11:10 am
@Chumly,
Quote:
1) The hard drive is password protected so if the hard drive is removed it can’t be read.

Is the hard drive encrypted in order to do this?

The only other thing would be to create a hidden encrypted drive on your already encrypted drive and then password protect your files on that drive.



Of course all that doesn't matter if you are using the same password for all. Then they only need to find one password to get through all your measures.
DrewDad
 
  3  
Reply Sat 27 Mar, 2010 11:20 am
@Chumly,
Depending on your goals:

1) Hard drive and BIOS passwords can make it difficult or impossible to use the laptop once it has been stolen. Depends on the manufacturer. They will not prevent the laptop from being stolen.
2) Windows XP password protection is not a reliable protection. There are password reset tools that allow folks to reset the local administrator password. (I've used such tools more than once when my clients got locked out of their machines.)
3) Laptop lock cables are the most effective deterrent from someone physically stealing your laptop. Our company policy explicitly states that we are to always use a lock cable, especially when traveling. Lock cables can be cut, or ripped free from their anchor, but usually the thief will just move to the next target.
4) Whole-disk encryption is the standard for when you have confidential data that has to be protected. Windows 7 has bitlocker built in to it.. There are many 3rd-party products, such as TrueCrypt (free), or Guardian Edge (not free). Make sure you shut down your system (don't just standby or hibernate) when you are not using it, or you lose much of the protection provided by whole-disk encryption.
Chumly
 
  1  
Reply Sat 27 Mar, 2010 11:35 am
@DrewDad,
Not that I would want the hardware stolen but new laptops are cheap enough so it's the on-board data that I'm most interested in making sure cannot be accessed. Note in my preamble that 4) addresses the issues of hardware theft.

I should point out I still want to easily make full backups using external HD's so whatever I use has to allow me to do that easily as well. Also using a USB flash drive as a dongle would not be my first choice (not that it's a bad choice) as per the below URL as I'm looking for simple and easy.

http://nerdbusiness.com/blog/what-if-someone-steals-your-laptop-tutorial-mobile-data-encryption

One of my laptops has a finger print ID scanner on-board but again I would prefer simple / easy plus whatever method(s) I choose I want it to be the same for all the laptops I use (four at the moment as well as four external backup HD's).

I am not sure I am a great fan of whole-disk encryption as it reduces the ease and reliablity with which I can edit data, backup the HD and tinker with the OS etc...right
Chumly
 
  1  
Reply Sat 27 Mar, 2010 11:39 am
@parados,
To password protect an HD you do not encrypt the HD data, to password protect an HD you assign a password to its internal EPROM via the computer`s BIOS such that trying to use it in another computer is impossible and you cannot even reformat the HD in another computer let alone read the data.
0 Replies
 
Chumly
 
  1  
Reply Sat 27 Mar, 2010 11:49 am
I should mention all my machine are on XP (except one on Win 7) and I'm not wanting to change over any time soon. Also I worry (perhaps unreasonably) that if I have whole-disk encryption and something goes wrong that my backup software and or recovery procedures in case of a crash will not be as reliable.
0 Replies
 
Chumly
 
  1  
Reply Sat 27 Mar, 2010 12:49 pm
Hi-ya tsarstepan,
I am starting to think your reference to KeePass + TrueCrypt sounds very promising.
Obliged indeed!
0 Replies
 
DrewDad
 
  2  
Reply Sat 27 Mar, 2010 12:57 pm
@Chumly,
Chumly wrote:
I am not sure I am a great fan of whole-disk encryption as it reduces the ease and reliablity with which I can edit data, backup the HD and tinker with the OS etc...right

Only if you want to access the hard drive when the OS is not running. If the OS is running, the encryption is completely transparent.
Chumly
 
  1  
Reply Sat 27 Mar, 2010 03:00 pm
@DrewDad,
That's sounds spiffy enough, I exhume this means I can:

a) remove the internal HD to place in another machine as long as I use the same password and same whole-disk encryption software and as long as I do not have the EPROM-based HD password enabled and/or,

b) use my four external USB HD's for backup etc as long as I again use the same password and same whole-disk encryption software and/or,

c) notice no loss of speed or reliability because of whole-disk encryption delay or whole-disk encryption data corruption.
DrewDad
 
  1  
Reply Sat 27 Mar, 2010 03:07 pm
@Chumly,
If you turn off the PC, remove the drive, and try to read it, it should be gobbledy-gook.

(Similarly, if you make an image of the drive and then try to read the image, it will be gobbledy-gook.)

If your PC is running, and you copy the file to other media (thumb drive, USB hard drive, floppy disk, network storage, etc), the file will be unencrypted on the new media (unless the media has its own encryption scheme).


We tell our customers that encrypting backup media is more dangerous than simply backing up and storing the backup media securely. In a disaster recovery situation, you're generally happy enough to have a good backup, let alone have a good backup and be able to find the password and compatible encryption software.
Chumly
 
  1  
Reply Sat 27 Mar, 2010 03:46 pm
@DrewDad,
That all OK except I cannot (with any ease) ensure that all my four external USB backup HD's will always be securely stored. To ensure up-to-date backups plus redundancy plus ease of access for emergencies I rotate my four external backup HD's in the following manner:

1) Home safe - very secure
2) Home office on desk - could steal if home broken into
3) Work in locked cupboard - fairly secure I figure
4) Mother in Law's - could steal if home broken into

I need to have the four external HD's encrypted using the same encryption methods...but you tell me that all data gets decrypted as it leaves the USB port of the laptops to gets backed-up to the four external HD's.

This is unacceptable because I cannot ensure secure storage for all four external HD's all at the same time!
0 Replies
 
Chumly
 
  1  
Reply Sat 27 Mar, 2010 04:05 pm
To further clarify:

1) I had my home broken into, two laptops were stolen, I did not recover them.
2) Recently a laptop was stolen at work, it was not mine, it was recovered, I expect further thefts at work as time progresses.
3) I use four laptops throughout the day on a regular basis at work and at home.
4) There is sensitive data on my laptops.
5) I work with the public and carry my laptops about with me.
6) I cannot negate the risk of hardware theft but believe I can negate the risk of data theft.
7) I have four backup HD's that I rotate and store in different locations as discussed.
8) I also have two desktops at home as well as sundry other external HD's and "raw" HD's (that I have not talked about)... I would like to protect these as well.
0 Replies
 
 

Related Topics

Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Safeguard Laptop?
Copyright © 2020 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 10/24/2020 at 02:05:34