Security Basics mailing list archives

Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?

From: "Saqib Ali" <docbook.xml () gmail com>
Date: Thu, 15 Jun 2006 06:51:40 -0700

Encrypting the
whole drive could be risky if you lose the OS/way to recover. So if
planning to use drive encryption, better make sure you have way to get
your data in case you got issues with OS. Still i would say don't keep


That is why I would prefer using hardware based encryption that
utilizes TPM for wrapping the encryption key. This allows for key
escrow and key recovery. Dell Business Laptops are shipping with TPM
1.2 modules and the Wave Sys Security Center TPM Management Software.
Couple that with hardware based encryption <
http://www.full-disc-encryption.com/lurker/message/20060608.143400.a400d5f2.en.html

and you have good security.

Noaman

On 6/13/06, Bryan S. Sampsel <bsampsel () libertyactivist org> wrote:
> If somebody has physical possession of the equipment, then there's not
> much you can do.  BIOS passwords can be reset.  Fingerprint readers aren't
> silver bullets.  Any encrypted data can be cracked given sufficient
> determination and time.  There's ERD to reset the local admin password,
> then the EFS does you no good, since that person is a local user on the
> system that owns the EFS.
>
> USB tokens would probably have been left in the laptop...just like CACs
> get left in by most users.
>
> I'm not first hand familiar with TruCrypt or TPM...
>
> Your better bet would have been to have the laptop act as a thin client to
> a remote, secured computer (physically secured as well)...such as Citrix
> or something.  Then, unless the user wrote down his credentials to get
> onto the Citrix solution, he's got no actual data.
>
> It's not bullet proof, but better than having sensitive data outside of a
> secured environment.
>
> Sincerely,
>
> Bryan S. Sampsel
> LibertyActivist.org
>
>
> Mike Foster wrote:
> > In light of what has happened with the theft of the VA laptop, what are
> > the "best practices" for securing laptops?  Am curious how all of you feel
> > about the options.
> >
> > How do  you feel and/or what is your experience with:
> > --Power-on passwords in the hardware/CMOS/BIOS Setup
> > --Hard drive locking passwords in the hardware/CMOS/BIOS Setup
> > --Laptops equipped with fingerprint readers for the above two options
> > --Windows NTFS EFS encryption
> > --TrueCrypt from www.truecrypt.org for encrypted storage areas
> > --Trusted Platform Module (TPM) https://www.trustedcomputinggroup.org
> > --Tokens that plug into USB
> > --Others?
> >
> > Thank you in advance...
> >
>
>



--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------

Current thread:

Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops?, (continued)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dana (Jun 13)
  - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Eric Furman (Jun 14)
  - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? cc (Jun 23)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Harrison Holland (Jun 13)
  - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Gethin Jones (Jun 14)
    - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Greg Merideth (Jun 15)
    - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? zipk0der (Jun 16)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Sadler, Connie (Jun 13)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Bryan S. Sampsel (Jun 13)
  - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Noaman Khan (Jun 14)
    - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Saqib Ali (Jun 15)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dave Patterson (Jun 13)
  - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Dave Patterson (Jun 20)
- Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Brian Daniel Beck (Jun 13)
  - Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Ken S (Jun 14)
- RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Robertson, Seth (JSC-IM) (Jun 14)
  - RE: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? Bryan S. Sampsel (Jun 15)
- Re: Re: In light of what has happened with the theft of the VA laptop, what are the "best practices" for securing laptops? michal (Jun 26)