Security Basics mailing list archives
Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?
From: "Noaman Khan" <noamank () gmail com>
Date: Tue, 13 Jun 2006 14:48:32 -0400
I would support the last comments, if you have physical access of system you can preety much break any kind of security. Encrypting the whole drive could be risky if you lose the OS/way to recover. So if planning to use drive encryption, better make sure you have way to get your data in case you got issues with OS. Still i would say don't keep any confidential stuff on your laptop, rather keep it on secure servers and just access remotely when really need to. Noaman On 6/13/06, Bryan S. Sampsel <bsampsel () libertyactivist org> wrote:
If somebody has physical possession of the equipment, then there's not much you can do. BIOS passwords can be reset. Fingerprint readers aren't silver bullets. Any encrypted data can be cracked given sufficient determination and time. There's ERD to reset the local admin password, then the EFS does you no good, since that person is a local user on the system that owns the EFS. USB tokens would probably have been left in the laptop...just like CACs get left in by most users. I'm not first hand familiar with TruCrypt or TPM... Your better bet would have been to have the laptop act as a thin client to a remote, secured computer (physically secured as well)...such as Citrix or something. Then, unless the user wrote down his credentials to get onto the Citrix solution, he's got no actual data. It's not bullet proof, but better than having sensitive data outside of a secured environment. Sincerely, Bryan S. Sampsel LibertyActivist.org Mike Foster wrote: > In light of what has happened with the theft of the VA laptop, what are > the "best practices" for securing laptops? Am curious how all of you feel > about the options. > > How do you feel and/or what is your experience with: > --Power-on passwords in the hardware/CMOS/BIOS Setup > --Hard drive locking passwords in the hardware/CMOS/BIOS Setup > --Laptops equipped with fingerprint readers for the above two options > --Windows NTFS EFS encryption > --TrueCrypt from www.truecrypt.org for encrypted storage areas > --Trusted Platform Module (TPM) https://www.trustedcomputinggroup.org > --Tokens that plug into USB > --Others? > > Thank you in advance... >
Current thread:
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?, (continued)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Depp, Dennis M. (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dana (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Harrison Holland (Jun 13)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Sadler, Connie (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Bryan S. Sampsel (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Noaman Khan (Jun 14)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dave Patterson (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Brian Daniel Beck (Jun 13)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Robertson, Seth (JSC-IM) (Jun 14)
- Re: Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? michal (Jun 26)