There's a simple solution
Having shown you all these laptop hacking techniques and tools, you can still lock down your
systems to keep bad things from happening. You could create encrypted "partitions," which,
basically, are files that mount as a regular drive. But I'm not a big fan of that. It all boils
down to the fact that you cannot trust your users to store sensitive information on the secured
partition every time. People will store things on their desktop, in their email application, and in
local temp directories that may not be protected. Plus, if someone is able to obtain a laptop and
crack various Windows passwords as I described above, what do you think the odds are that the
encrypted partition uses one of those same passwords? Based on what I see, the chances are pretty
darn good.
Many people are installing laptop-tracking software such as LoJack for Laptops, which can certainly aid in recovery. The problem is that by the time the system is recovered, sensitive information on the laptop could've been compromised. Good solution -- just a little too late in the security breach time window for me.
The only truly secure solution (although still not 100% -- nothing is) to keep information from being compromised is to use a whole disk encryption technology such as
Requires Free Membership to View
SearchMobileComputing.com members gain immediate and unlimited access to expert guides for mobile deployment, management and security, industry trends, and more-- all at no cost. Join me on SearchMobileComputing.com today!
Kate Gerwig, Editorial Director
PGP Whole Disk Encryption and
TrueCrypt.
They're independent of the operating system and use much stronger encryption technologies and some
can even be centrally managed reducing administrative burdens. Even if stolen computers are powered
on, as long as the entire drive is encrypted and the screen is locked, the only option for the
criminal is to reboot the system to try and get in. Once he does that, he'll be prompted for a
passphrase to unlock the drive. As long as the passphrase to encrypt the drive is strong -- he's at
a dead-end. Also, be on the lookout for the built-in encryption features in the new Seagate Momentus drives. This technology seems
promising as well.
Remember that policies enforced by technologies -- not just trusting users to do the right thing -- will keep sensitive information on your computers from being compromised. Sure, it's going to cost money (up front and ongoing) in both software licenses and operational costs. But that seems like a better alternative than losing credit card merchant privileges, explaining to one or more government regulatory bodies why your stolen systems weren't protected or having to notify every single person whose information is believed to be compromised.
Laptop Hacking
Home: Introduction
Step 1: How it can happen
Step 2: How to crack a laptop
Step 3: How to secure a laptop
Step 4: Laptop security summation
About the author: Kevin Beaver, CISSP, is an independent information security
consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of
experience in IT and specializes in performing information security assessments. Beaver has written
five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For
Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security
Compliance(Auerbach). He can be reached at kbeaver@principlelogic.com.
This was first published in July 2006