Security Basics mailing list archives
Re: Laptop Encryption & Hibernation
From: "Kevin Snively" <kevinsnively () comcast net>
Date: Wed, 22 Sep 2004 21:43:24 -0500
[Hope you don't mind me sharing this back with the group.] The solution I gave you comes from a corporate environment. (Always remember the KISS * principle - not my quote - feel free to use as needed). One password was used for all laptop users. True, not full proof, but it does get the job done and adds a level of security. This is a JIC (Just In Case) someone looses their laptop/notebook in someplace such as an airport terminal. Company secrets are not compromised. Now combine the BIOS password with the added security of NTFS and at minimal decent password schema and presto you have utilized C2 level security in proper measure. On the other note -- You should, as a "good" network admin (even if you're not one - meaning network admin), be documenting everything somewhere in writing. E.g. everything you or anyone else is doing to hardware, software or network configuration in your company that changes it from the "out of the box" defaults. Documentation should live in a secure place. If not the server room then a VP (VicePresidents) or Managers office. Traditionally IT (Information Technology), and before then IS (Information Systems) depts. were funded, managed and overseen by financial officers or comptrollers (or controllers depending on field of discipline i.e. manufacturing or financial institution). Now many shops or corporations have a VP of IT or something similar. On the other note: Hopefully the people of whom you suggest (the secretive Net admin or such -- when we let them write programs they are known as spaghetti coders) have long since become a thing of the past and a story we tell when things are slow - such as the "three envelopes story" (common to most introductions to computer security basics). Now back to documentation, "very important". All this simple yet good documentation "should" live in an office such as suggested above (as well as in some secure directory on a server). Pages can be added and the "book" can be checked out as needed (the "Book" should be signed for by employees if needed - this is for always knowing the location of the documentation). You should be getting the idea and if I say anymore I'd be tempted to charge or send a bill somewhere <smile>. Btw (ByTheWay) BIOSs are not passworded the way you are suggesting. Simply removing power from the bios (remove battery or battery connection on MB (motherboard) will reset any passwords and "Clear" the BIOS back to defaults - not an expensive or complicated fix. This depends on make and model of MB. Also some (such as Dell, if memory serves me) have a reset shunt (aka jumper) and on others you have to remove power by disconnecting the battery. * KISS - Keep It Simple Silly (silly sometime replaced by other S words - In reference to myself I use Stupid). Keeping this in mind saves much pain, toil and trouble. This is listed next to why most (including Moi) techs have flat foreheads. And I have know idea why I feel so talkative today. And forgive me if I have been a bit too wordy. But, I will share one last piece of info with you (and this is with a smile in my eyes): Remember never assume anyone knows what your doing (including yourself). And always fully explain terms and terminology (for instance if you are in IT the term ISP means Internet Service Provider -- BUT if you're in sales it means Item Specific Pricing. Hmmm - Yes, real Oceanographers know all about DSL but they think it means Deep Scattering Layers. I have always maintained the theory of telling others what I am doing and explaining it in non technical terms (not limiting my audience). For me, this saves much grief and confusion and worst case, if I forget what I am doing, they can remind me. <wink> regards, Kevin Snively The HelpDesk Inc ® 615-781-1922 (office) 615-582-0877 (Mobile) ----- Original Message ----- From: "Jonathan Loh" <kj6loh () yahoo com> To: "Kevin Snively" <kevinsnively () comcast net> Sent: Wednesday, September 22, 2004 5:42 PM Subject: Re: Laptop Encryption & Hibernation
I'm not sure that will work so well in a corporate setting. Remember prom
or
eprom passwords? When a sysadmin left the company no one else knew the password. So the computer is basically useless, unless you pay the
company
some money to get the bios replaced. --- Kevin Snively <kevinsnively () comcast net> wrote:How about something as simple as a bios password? Works for me. reguards, Kevin Snively The HelpDesk Inc ® 615-781-1922 (office) 615-582-0877 (Mobile) ----- Original Message ----- From: "James McGee" <J.McGee () syn-tec com> To: "Security Basics[List]" <security-basics () securityfocus com> Sent: Sunday, September 19, 2004 10:28 AM Subject: Laptop Encryption & Hibernation Hi We are trying to find a centrally manageable solution that we can deploy to 2000 Laptop users. The majority of our users also make frequent use of the hibernation function within WinXP. The problem lies with the fact that we can't seem to get a hard drive encryption tool that will enable users to continue to use the hibernation function. We have 2 options that I can recommend; bin the hibernation functionality or use a file and folder level encryption product, neither of which are the ideal solution for the situation. I am sure we are not the first to come across this problem, so I was wondering how anyone else has overcome it. Apparently the people who make entire hard-drive encryption products are aware of the issue and are working with MS to get it sorted, but how long that will take is anyone's guess. Any help or advice is appreciated.. Thanks JM--------------------------------------------------------------------------
-
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left behind
by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html--------------------------------------------------------------------------
--
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.766 / Virus Database: 513 - Release Date: 9/17/04--------------------------------------------------------------------------
-
Computer Forensics Training at the InfoSec Institute. All of our class
sizes
are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand
skills of
a certified computer examiner, learn to recover trace data left behind
by
fraud, theft, and cybercrime perpetrators. Discover the source of
computer
crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html--------------------------------------------------------------------------
--
__________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.766 / Virus Database: 513 - Release Date: 9/17/04 --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Laptop Encryption & Hibernation James McGee (Sep 20)
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 22)
- RE: Laptop Encryption & Hibernation dave kleiman (Sep 24)
- Re: Laptop Encryption & Hibernation GuidoZ (Sep 24)
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 24)
- Re: Laptop Encryption & Hibernation GuidoZ (Sep 25)
- Re: Laptop Encryption & Hibernation Barrie Dempster (Sep 27)
- RE: Laptop Encryption & Hibernation Philip Wagenaar (Sep 24)
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 22)
- <Possible follow-ups>
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 24)
- Re: Laptop Encryption & Hibernation Jonathan Loh (Sep 24)
- Re: Laptop Encryption & Hibernation Kevin Snively (Sep 24)
- Re: Laptop Encryption & Hibernation Jonathan Loh (Sep 24)
- Re: Laptop Encryption & Hibernation Jonathan Loh (Sep 24)
- Re: Laptop Encryption & Hibernation Ravishankar (Sep 25)
- Re: Laptop Encryption & Hibernation J. Theriault (Sep 27)