If they're already in, hackers can look at stored passwords that may lead to other sensitive information -- especially those stored in VPN clients that could provide a direct link into your network. You can find this type of information using a tool such as ElcomSoft Ltd.'s Proactive System Password Recovery. It will recover logon passwords, network passwords, wireless encryption keys, dialup/VPN passwords and more that can be used against you. Figure 1 shows the Proactive System Password Recovery interface.
Figure 1: Proactive System Password Recovery
If you've done the right thing and require Windows logins combined with Windows-enforced strong passwords, you're probably wondering how else someone could possibly get in. Well, never fear, it can be done. It is simple password cracking, and you don't even have to buy a commercial tool to do it. There's a relatively new tool I've been using called Ophcrack that uses rainbow tables for really fast Windows password cracking. Ophcrack has a bootable "Live CD" version that you can use without having any other access to the Windows system. So, think about this: The bad guy finds/steals your system, boots it up using a tool such as Ophcrack and -- viola! -- in just a few minutes, he's got one or more Windows account passwords. It's all over after that. Try running the Ophcrack Live CD yourself and see what you can find.
Figure 2 shows the Windows version of Ophcrack - the Linux version on the Live CD is essentially the same.
Figure 2: Windows version of Ophcrack
Step 1: How it can happen
Step 2: How to crack a laptop
Step 3: How to secure a laptop
Step 4: Laptop security summation
About the author: Kevin Beaver, CISSP, is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Beaver has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance(Auerbach). He can be reached at firstname.lastname@example.org.