Security Basics mailing list archives

RE: In light of what has happened with the theft of the VA laptop , what are the "best practices" for securing laptops?

From: "Ruiz, Rolando" <rolando_ruiz () jetaviation com>
Date: Tue, 13 Jun 2006 14:54:05 -0400

Here's my thoughts on this:

We had a similar incident here and we (finally) put the following steps in
place.

1 - We sync data to server at logon and logoff. This ensures that if the
laptop is lost or stolen the data is AVAILABLE to the VP. Critical data MUST
be stored on My Documents folder to ensure its availability

2 - We encrypt the data on both ends. 

3 - We enable and password protect screensavers

4 - If stolen while in screensaver, thief will have to force restart. For
this we enable Bios password. When enabling bios password you have to change
the default bios admin password to prevent access to bios. 

5 - In some cases we enable Outlook to prompt for password. 

Hope this helps. 

Regards,

 

Rolando Ruiz

Information Technology


-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm () ornl gov] 
Sent: Tuesday, June 13, 2006 12:12 PM
To: Mike Foster; security-basics () securityfocus com
Subject: RE: In light of what has happened with the theft of the VA laptop,
what are the "best practices" for securing laptops?

1.  Don't put unnecessary sensitive information on a laptop.
2.  Encrypt data on the drive or encrypt the entire hard drive.

Dennis

-----Original Message-----
From: Mike Foster [mailto:mike () mytechcoach com] 
Sent: Monday, June 12, 2006 8:49 PM
To: security-basics () securityfocus com
Subject: In light of what has happened with the theft of the VA laptop,
what are the "best practices" for securing laptops?

In light of what has happened with the theft of the VA laptop, what are
the "best practices" for securing laptops?  Am curious how all of you
feel about the options.

How do  you feel and/or what is your experience with:
--Power-on passwords in the hardware/CMOS/BIOS Setup --Hard drive
locking passwords in the hardware/CMOS/BIOS Setup --Laptops equipped
with fingerprint readers for the above two options --Windows NTFS EFS
encryption --TrueCrypt from www.truecrypt.org for encrypted storage
areas --Trusted Platform Module (TPM)
https://www.trustedcomputinggroup.org
--Tokens that plug into USB
--Others?

Thank you in advance...

Current thread:

RE: In light of what has happened with the theft of the VA laptop , what are the "best practices" for securing laptops? Ruiz, Rolando (Jun 14)