Step 3: How to secure a laptop

Laptops with sensitive data are getting stolen every day. Contributor Kevin Beaver says the best way to secure your laptops is to understand how they will be attacked. He provides the basic attack methods and a set of contingencies in this step-by-step guide

There's a simple solution
Having shown you all these laptop hacking techniques and tools, you can still lock down your systems to keep bad things from happening. You could create encrypted "partitions," which, basically, are files that mount as a regular drive. But I'm not a big fan of that. It all boils down to the fact that you cannot trust your users to store sensitive information on the secured partition every time. People will store things on their desktop, in their email application, and in local temp directories that may not be protected. Plus, if someone is able to obtain a laptop and crack various Windows passwords as I described above, what do you think the odds are that the encrypted partition uses one of those same passwords? Based on what I see, the chances are pretty darn good.

Many people are installing laptop-tracking software such as LoJack for Laptops, which can certainly aid in recovery. The problem is that by the time the system is recovered, sensitive information on the laptop could've been compromised. Good solution -- just a little too late in the security breach time window for me.

The only truly secure solution (although still not 100% -- nothing is) to keep information from being compromised is to use a whole disk encryption technology such as PGP Whole Disk Encryption and TrueCrypt. They're independent of the operating system and use much stronger encryption technologies and some can even be centrally managed reducing administrative burdens. Even if stolen computers are powered on, as long as the entire drive is encrypted and the screen is locked, the only option for the criminal is to reboot the system to try and get in. Once he does that, he'll be prompted for a passphrase to unlock the drive. As long as the passphrase to encrypt the drive is strong -- he's at a dead-end. Also, be on the lookout for the built-in encryption features in the new Seagate Momentus drives. This technology seems promising as well.

Remember that policies enforced by technologies -- not just trusting users to do the right thing -- will keep sensitive information on your computers from being compromised. Sure, it's going to cost money (up front and ongoing) in both software licenses and operational costs. But that seems like a better alternative than losing credit card merchant privileges, explaining to one or more government regulatory bodies why your stolen systems weren't protected or having to notify every single person whose information is believed to be compromised.


Laptop Hacking

 Home: Introduction
 Step 1: How it can happen
 Step 2: How to crack a laptop
  Step 3: How to secure a laptop
 Step 4: Laptop security summation

About the author:  Kevin Beaver, CISSP, is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Beaver has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance(Auerbach). He can be reached at kbeaver@principlelogic.com.

Dig Deeper on Mobile Security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

We do use disk encryption on all laptops at my organization. I believe that it is necessary, and it seems like the best option according to the author, but it does unfortunately cause a bit of performance degradation while working on the laptop.
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchUnifiedCommunications

SearchSecurity

Close