Opinion: When data security is vital, don't take half-measures. Here are some ways to lock down laptops.
What happens when the data on your lost USB drive could get someone killed? Thats the question raised by the staggering and troubling lead story in April 13s L.A. Times.
In that story, L.A. Times Staff Writer Paul Watson explains how for $40 an L.A. Times reporter bought a gigabytes worth of apparently sensitive American intelligence data on a flash memory drive being openly sold outside a major U.S. base in Afghanistan.
The information, if authentic, obviously could be deadly if it fell into the wrong hands.
Why was the data available for download to a flash drive? Why wasnt the data encrypted? Why werent the ports locked down on whatever system stored the original data? All good and compelling questions, and ones that raise fundamental issues about how the military handles security information in a war zone.
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.
Im sure Watson and the U.S. intelligence establishment will delve deeper into how flash drives allegedly containing names, locations and contact information of individuals working with coalition forces became bazaar sale items.
While those investigations continue, what can be done to prevent further information from being traded outside the Bagram air base? And what can you do to lock down information that can seep from your USB ports?
Recently, I wrote a
security guide for laptop users,
which was spurred by a news story on a lost laptop that contained financial information for a large group of Hewlett-Packard employees. The guide drew a lot of response, including from a few readers who pointed to a recent news story about coffee drinkers getting their laptops swiped from under them as they sipped their lattes in San Francisco.
But if a laptop containing your love letters gets swiped, thats one thing (although in one case it seems the swiping included a stabbing), while losing your contact information regarding informants in wartime is to experience a whole other, and deadly, level of cyber-crime. As a follow-on to Watsons story, what follows is a quick guide regarding how to lock down your computer, your data and your USB ports.
Lock down your computer.
I had a few readers point out that in security, often the simplest solution is the best. If your computer (and in particular your laptop) is locked to the leg of the desk, you are moving the possibility of theft to the most dedicated and brazen thief. This is the bicycle lock theory that only the more professional and well equipped bicycle thief will be willing to cut your bike lock.
The most underused slot on your computer is the security slot, also called the Kensington security slot. For about $40 you can get a cable to lock down your laptop.
Thats cheap insurance.
Lock down your data.
I dont know where to begin on this one. If you had some data that could result in someones death if it fell into the wrong hands, wouldnt you take care of it? Even making allowance for wartime contingencies, the lack of reliable data networks and the need to distribute information quickly to a widely dispersed group, you need to make sure your data is at least password-protected.
I went into this in my guide mentioned above,
but creating a password-protected folder is the most basic step, which should be followed by encryption. I also said it is a good idea to separate the data from the computer, and mentioned USB devices as one method. But, and it is a big but, using a USB does not absolve you from protecting the data via passwords (for the drive as well as the data) and making sure that USB drive never lies around unprotected.
Lock down your drive.
You can lock down your computers to make the USB drives unavailable. You can do this via the operating system, although you will be fiddling around with the registry entries, which can lead to all sorts of computer problems. If you still want to try this route, here is a link to Microsofts instructions for turning off USB access.
If you want to avoid the risk of messing up your registry (which would probably mean having to reinstall the entire operating system), you can use a utility to manage your USB ports. Several companies make utilities that can allow you to manage individual ports, or just shut down all the ports until you get your security issues squared away. Two examples:
So, you are in some remote place and you need to shut down your USB ports and you dont want to become an operating system software engineer and you arent going to download some utility and hope it works. You can always use glue or chewing gum.
If you look at the business end of a USB drive before you insert it into your laptop, you see a small rectangular opening with four metal tracks for data transfer. Those tracks and tight connection are what make USB drives (including that iPod!) so fast at data transfer. Mess up the connection and you mess up the data transfer.
Just as the Kensington cable lockdown is a simple but effective laptop security device, so is messing up the USB port. I will say that a USB port once properly messed up will probably always be messed up. Glue strikes me as something that will keep that port permanently shut off from the outside world. Gum would be faster, but I suppose a dedicated degumming operation would eventually get it back in shape. Screws or other metal stuck in the port will probably get you into trouble with the electronic innards of your system.
Im looking for other suggestions.
eWEEK magazine editor in chief Eric Lundquist can be reached at firstname.lastname@example.org.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.