Ideas For Tech Segments?

[marv at madmarvonline.com (Mad Marv)]

How about a pen test on laptop security?  I.e. Have someone setup some
laptops as securely as possible and then have P & L crack it.  This
would test various strategies for securing data and give recommendations
on which strategies will work in "real life" scenarios.  Test subjects
should include:

1.  Laptop with no hard disk encryption, but the data is stored on USB
thumb drives or SD cards.  Hypothetical example is where the laptop is
stolen but the USB drive is safe.  Primary goal is to see how much data
is leaked via swap file, temp folders, cached passwords etc.  This may
become common in the future w/ netbooks.

2.  Laptop that uses file and/or folder based encryption (EFS,
Truecrypt, etc.).  This strategy assumes all important files are
protected.  But this still leaves the potential for data leakage in
unencrypted areas of the hard drive.

3.  Laptop w/ full disk encryption (Bitlocker, PGP, Truecrypt, etc.).
This should be a pretty short test unless P & L want to practice cold
boot attacks.  How realistic is that scenario anyway?

I'm not sure how easy these will be to set up.  To open the door for
data leakage, the test requires that the laptop will have been used
regularly and assumes that the user will take some care in protecting
important data.

Marv