Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Lundquists Guide To Not Getting Fired for Losing Your Laptop



 By: Eric Lundquist
2006-03-27
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Opinion: Keeping your sensitive data off your laptop can help you keep your job. Following these rules and guidelines to avoid becoming another in the long line of recent data theft victims.

How often do we have to read about someone losing a laptop with a bunch of client data? Ive included some links to recent stories: Stolen Fidelity Laptop Exposes HP Workers and Lost Fidelity Laptop Stirs Fear of ID Theft. Stop and think for a second. You are a high-powered road warrior jetting around the world making lots of complex but incredibly lucrative financial deals. You lose your laptop with all that important information. You have to call your boss back at the home office. Your next job involves asking customers if they want the large or the super-jumbo Slurpee.

What follows is my guide to keeping from being a professional Slurpee machine operator for the rest of your career.

The most important rule:

1. You will get fired for losing your data, but you will not get fired for losing your laptop. Well, maybe you will get fired for losing your laptop; I dont know your companys policies. But I do know I have never heard about a company being forced to make a public announcement because an employee lost a laptop. I have read lots of stories about companies being forced to announce they lost customer data. In this age of endless regulation, this public shaming will only increase. You dont want to be the one stuck in the laptop pillory. Therefore, remember: If the customer data does not exist on your laptop, it cannot be stolen from your laptop.

Most articles on laptop security start backward. Heres how you can encrypt your data and your files. Heres how to change your BIOS. Heres how to etch and chain your laptop to the leg of the table. Heres how you can dismantle your infrared port. Heres how to secure your USB ports. Ill get into all of those, but the safest way to keep you from being a Slurpee-lever puller is to not have the data on the laptop in the first place. If the data you are displaying or manipulating for your big-time financial deal really resides only at the corporate headquarters, then your laptop is in the clear. It is up to the IT security staff at HQ to figure out how to build a secure channel, provide user authentication and make sure the valuable data is being displayed but not downloaded. Not your problem. If you are the entire IT staff, then it is your problem, but, then again, you know who you are, which makes authentication a whole lot easier. Far greater minds than mine have worked at making thin clients fast, secure and reasonable in price. I think this year will see a big shift to this architecture based on security considerations alone. Citrix is a good place to start looking at and understanding thin-client computing. Also, Sun, with its Sunray strategy, and CA (in particular, its affiliation with Wyse Technologies) are committed to thin-client strategies. Microsoft is more conflicted in offering thin computing.

Resource Library:
This is a hot area of enterprise startups. On the hardware side, there are several diskless laptop offerings.

The second most important rule:

If you are not going to leave your data back at the company HQ, then divorce your data from your laptop.

People used to do this with floppy disks. Now you can put your data with relative security on a USB drive that travels with you rather than traveling in your laptop. Ill answer the question, "What if my USB is stolen?" in a moment. But, first, a little divergence to talk about data and data storage.

When people kept paper files in folders, they used to set up a hierarchy of storage. The files you used all the time but werent confidential were readily available. The files you only used once in a while were shifted to some file cabinet in the storeroom. The files that were private but not super-confidential were kept in a locked cabinet. The files that really, really mattered and were confidential were kept locked away and had to be signed out and signed in and, often, read only in certain areas to keep you away from copy machines. Remember all those spy movies with the files and the tiny cameras?

Laptop computers and the software that runs those machines often treated all files as one big heap of files that any user, once logged on, could peruse as their curiosity led them. This is changing, but it is still a hassle.

The file might be secure, but the presentation made from the data might not be secure. The file might be secure, but the spreadsheet that links to the data might not be secure. This leads to the odd situation where the data might be secure, but the information created from the data is not secure.

If the best answer (see rule number one) is to keep your data back at HQ, then the second-best answer is to keep your data divorced from your laptop. There are many ways to do this today, but most of them involve a storage device being attached to a laptop via a USB port. Those drives can be further protected by passwords and encryption. This is still a second-best answer, in my opinion. Passwords can be stolen and encryption can be defeated; although, at the point where someone is hacking your password and defeating your encryption, you are up against a professional data thief.

But you are still way ahead of the game of leaving your data on your laptop. If you treat the USB drive as what it is: the only thing standing between riches and the Slurpee machine, you can lose the laptop and still keep the job. But all your private data and presentations, files and so on associated with that data all have to reside on that drive.

You can always back up the data at HQ where backed-up data is supposed to reside. Get a special little case for your USB drive rather keep it in your pocket, and make sure the drive is in that case when it is not attached to your computer. The USB drive market may be the fastest changing tech business on the planet. You can get drives that require fingerprint authentication. You can get drives that shred the data after a certain number of password attempts. All those products are intriguing. The better idea is to not lose the drive and to keep it separate from your laptop.

Which gets us to the laptop. Your laptop is not secure and is an easy target for someone wanting to steal data or simply to steal your laptop.

Your laptop isnt secure because it was never designed to be secure, and all the security features are bolt-ons added after the fact. That cool wireless connection always searching for the next Wi-Fi hot spot? Big hole. Those USB ports ready to accept all those nifty USB devices? They are ready to cough up your data. The password you always forget? The hackers are better guessers than you are and are more than ready to look over your shoulder.

If you remember that your laptop is not designed to be secure, you will gain a lot more respect for rules 1 and 2. There is plenty you can do to make your laptop harder to hack, make your file folders more secure, make your files contain encrypted data and to shut down the easy access into your computer via all those nifty sockets. Ill go over those, but you should really read rules 1 and 2 again.

A lost laptop is not a big deal if it doesnt have any confidential data on it. Try saying this, "Gee boss, somebody stole my laptop out of the hotel room while I was at dinner. What a bummer, but you should know first off that I made sure that all my data was (and here you can go off script) (1) safe back at the home office or (2) safe in the USB drive that I keep locked in the hotel safe." That is a far easier conversation to have.

Here are some ways to secure your laptop:

1. Encrypt everything and make sure the encryption extends all the way to before you boot up of the system. I havent tried it yet, but a product that intrigues me is from a company called WinMagic. The product is being incorporated into Toshiba notebooks in Japan. WinMagic is working with the Department of State on a Homeland Security project.

2. Make your Microsoft operating system password-protected and encrypted. This is at least a minimum starting point.

3. Use password protection in general. You can have passwords for your BIOS (the stuff your computer needs to know before it starts), for your operating system, for your files and probably for just about any other part of your computer. If you rely on passwords for your sole source of protection, you might as well leave the system wide open. Passwords will deter the curious but will not deter the determined. Dont store your passwords on your computer. They are safer on a piece of paper in your wallet than in any electronic file. Dont assume a password that keeps you from starting up your computer also protects the data on a disk drive. Youd be surprised how easy it is to take a disk drive out of one computer, put it in another system and start reading files.

4. Lock up all those leaky ports. I think your first (and maybe your last) stop should be Safend. Is was the first to bring to my attention over a year ago the vulnerabilities inherent in USB as well as Bluetooth wireless and all those other ports where data can flow. This company understands the problems associated with locking down the laptop.

Eric Lundquist can be reached at eric_lundquist@ziffdavis.com.





  Reader Comments: Lundquists Guide To Not Getting Fired for Losing Your Laptop
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Eric Lundquist
 


x}ks㶲*Q3皢HR%:cY>fIm"!1Eɞ?q?q-ٞxjl@_h4{$ G3L{Jz(ٟ;ȧGLzIj}ݻ@CiFN)#c3rD廚fw2v#S;^ > \?g#Q;Y|AuӱaG'P5#o8 heynJ\WkQZ x>oچs[x0Q9n^w?_B7_H FcKo -'ijQT'AtH.;q\`'H |'k[oDZ.JX<'ȇ¤TzW qf%èoPKT/H-\jGzZzO``%MpbQB9SKrع:d99?vN|bPUUz 12ؕ3Az3u7훗Ke3 k|tH G|L  Wh -NZ[_nGs'^sQ&ںa#j庤~Fb?~Yo]}8螐$7Yna247QZh,w.s$dbZ~@X ,>JAͼ94oߖAw[ a7tBmҌj )B%yȝ5!Hr Ca)#8?3%i8@r1YSl \MoB@d$e ,}PYtBFͨ4 . If0;A0<^f/_\D 0 p1S{l2.S4epv]/7Du,Ⱥ*s5-wnxˬTw9yi ?\wdpտS3:xXaZ`I). Ƹ@]Զ7jORQ ^,ԕo+& r f[Ԗ-ò˄A' ># 6aͩ6wbkx>:ACA4icŦh4@g&h`CCҏ:LZ L{ͣn]?'tao7,Ab@a`Ω6rjLP"iAЂMx>tTڎ]6}l2w9;-(;hk=`DkwCXb (բ!Tg,Zz][ X.s6Gv66-0 RN\QoDm2(%łdh$@!"-i]NP@Ar6< -8,rrd++~Cy=#!b\JZ2(ݞHpH)%scMX.QY,p[/ Pf%)5{~u}bB+|#'"Xr`Y \h+|^h)lc l[6؛RHU|:IoBg21u08Bdp=^AZ& C K,tt?{\ύ7!v<8%`p=fX4К =QA\^XP̴;Im)tsnڰ`DWjP6~@-Q͜{luVs]ˤFi5K\ıAsރn5 ~"Wnzjr#ʇ&fy9e~>Ꭴm|(&]LqαrB&k:H(X3b-yrpm ֌M'W.s1r@@-T%XScXO`D~w Lzb4sm/n$1aV|\uΖM"kͲ'{_No6veZZ @)Ui-a70Ԣ(`|M(" !tsqʹ,C /0<MJТ=i ccG9}svV/E\W˟AtXjR{5>k断,0!/Ȁ2n7$X Q[ ҆b| ku8.`Cϱvo0]v { pH%2Ă?ATi3t ˀQ*5%R>ka@/ı@b== Czf//+ igu]ؗ.[B՜L|z P[az{>8`Tfla81-&ğy;ۈy EEQD[d"vd\6˰@e9ִ&3q,˹F z4f?0RʤgڋPxP߄SsLL,T `'7sMԑ'a§^hLa섏k 570M;cLKo3:gjQIBMB%A)` L] T<5y;  XA \ =D(rHUX#±U鬢cKQ0SKm{hAy-X\>(Dtm?`"! }:nssQ*r73 TgHZ+kP+Rj _>2z4Ebwc9 оNf,h'Ȑ]M;HhG 2cP.'1Pc0 (H30=Gf^9/&?!'j7j8@Z_gw-T)ӱ%NJt, ҹD\+b_awk* :A Wt Aݛ,(D)EഩZ/iYS)%Vt u| `_ܚ:^x>z,LH0?v#0Hoa7X[ RkE}vW7{%|h#R @ i`1 Kx{ZCAm3۩Dw\܁c2PH(Tg`ME]ac6U{zn&)ZmMӓU;4 /cIۛp#|5{-rFLk 0j(Y|;` rfVɍ#u6霎0 M"g\Qrb/Y`#1s* <)3PW4.`Y̙KG_k`pl1\APB1lk•ۿk􁯍_-&oZ d6.ōfπỉǖ2mԺ VNLO^WavG8fK^{~w?Ijp>mzʅJg PW4qMݗ?sq:0jeHY0kTrHU m{\ cg=ULzخOlqTYe)$k@q5΀4OxZT+EZ{,jJHBD5|dE C/ ސOkZDCAg$"W>WK KO}b*ŪR.$yVp8.7xџ1XD+++0/7"h ނ-cr[ e|R/fK%2_vܖ[J,]^!a u0 M\ܒ(t].7 2aI3M%`{IO, J3dVVZ]@ש5I-֊R{̡2e{Sі$ \EI'sSfn utDoSwg4cć) scRRHwضZVrG'DzaqC` HR{PD( ,E~w9ـo9 |R)T*Gr2RDBRNBq<9N+4CN\6ǷWXdK!M$DDOCVngX&Պ 1ǟM1ΉyՇ}Z+=JL_BP`&w,OɪO@T #NEw%]w7UO}ڿJ^!1@q3f;/ wg((^+{^i\#-JvCR>"jyvpٖYM q ߲oSR=H3 J@SG$=ĸژ9}dvj3隿F>"$r=׺>^/~/(^vdcxx\#;R{vyȒu8*DEup|ly0amG 'ELkڃa3H0 BX5' ^t&֒}UYq!q6aglꏽ5/OQ֭Ě_f?B!|FG<؇A(1@kNF֧HvZfp跆"BtX 1uJ(_RJI"Q6#=)#WYYsҿnq3Klo}EN&0sᷔo%?ů1&o8~P6hLVf:n~$B2^'68/hp19ޏH%a]Zqns zsHfaP;DZ3pq*hhwxȜFM{@uS意g ڝ9krĸ~om6 =YlKx?Koҽ{g;᧥}e4r7tR*9$TH!H~ݍe_"+2gNIȅ^t;>rix7Yux3D?-ye9>R3-4|2GP !Q>]f+wP;_zÞ6YiYu9/s\ -"n'Z^⽸|W90.5=y$/Av} ,D>?G{oD:*pS޸o` \KT%u#,g>a}>]|Mh^_(M }\YLx,SdrN Hʂ","41,u4K<-TRr]J!a`@#תƶGC-|3Fe[\D% KJ 5mM 9L3吤!jǯ@D>pkn.Qfq](3XJ9gczcV]||||_GTrm,^UI=V4Wᶬԅ,˜R[ghCzKZE`ǙےZ)5Y4[ԘRհ^kW%7Hbv!GRaMl=ܺ$=MK~D /^.n]H? |5P[i lSG,3S$Mjx19Ͷ, ʌ`0I f(A_9&i-Iw3sޡZha~N; ɦ9 DA$0$uB(k򞅡 ^ޒ^͛=H<]`ʸ9>n/̈́7O:z 2ԆQ7%%_@zNgHEb-$r1/7]+"oY7Oǀ_źӠn3R4)u5ıT([UҞh-50 ]tJ5EmQyUKػ$|EQ_o1(5k. _ڣa%<&#T 6u%€Qs 0b&GܾIܭRx_%@pw2^>@|DZxG#r-+~iۆ_wg)?` s;Xt?/|5,8| 6¤#Asͽo<~:3YUj[ɑ;vLyOK_B5SS?pW?J +jHŒeDu:]/얎Ez L11WA(C`"$;1)LHJ~P}Aͽ=V43 nY[`cXEɷ0m5mYޣs玮?{UrjjNL&iw>j1=[ LÀ#MlD5:!VJE`ѿW@+✱fnmO*% XI4PW"[K+ɻt zD]MsLMG|O_/Un/RPi!Fv{Kb+fJ7{F$qdxLjkj5"5V^ }]>aZrF-?xUHH^X0k,pD]dbɠ:87‹$?ؘHZz1lsy̩,, ^4𢭐J711ǜSkOj\(.IQ:-~e=^_@F33 n /TJ9t[`ɣ.j",( JD:-~;h1]ds5)lW+V+s eRZ`VSz(OYZ+)`{T& 1mpFUr({攫Ht'}\rYģV=H6Rd3+nіmmy.G4K,2; 4}$皭٦v lсH.YP>#V̯nЃq}%|#MX:n2Oٻ`W1OjZmxU⩌):xpJ!#Q*j@(eYir' o.gUo{Wp+XyPkGoh}exxuJG"쌯rGiY4V|~1}^N$xNSx⑻C7)*E-%=ht|ڀkSEl~E:xd›K6ȝ>B&s'M؏p;S;BΈE௥nXV{+$νOg-<-cWld"$@_ٹt#=s3 zxX2T(M$7: .h@{$죋L~r?0xd+/%  [zkڊc(2/\n\ t$rkqCL9)חBP0FDu2t4^3h*%L&cP <"m G=׃nr-i`IkBx$lx ~>F$1Ʉb1aں`1;m>Az@>WXjm !1gGi>'_1JJ +DjcTH]N"@[  o! v7UI,3`/xs\Xej xpƧxm6|L <27LkR>ɖàFP8Y|oby` ?vc.us x\jJ@j$!Ѕ8i,)@"!9͉ō1a]Lݗ?0#(.ŌC 5Z(OBVB 2,=Vr~Kwy|WBfE3{8~9ROr%-rEeV0`A#'92ag44\K6?fr4v ZWWiuC'ݫaI;<DŽm[8Z?N9?>v/;Wayjz10lB[db(L]$,C rzu8sKs!Yx9K x5" /WEyx&0f?> L*a^e=DU@*}v 頞V} llŵg5>;ٙϋ_MLedHw> !r:X)` чFQ3` p!>Et.:'Cҿ䚡IJ/./2C_׌k(\~JmeQ>\;'P~s3YF>@\󼻹5r_7^fC?52?A">hf/c~z0^{oO賗A=^}"^f#(?@?2{P(̘K ̘>>ȟ~|gȗ+ 2޿Π11!0@/?}}ȠP11c|3w7Y@7{dwAI]'Iz[|ֺ…)qFy9<ΠrEU৬rXB]fס&c˼XH{R}tEI>t+qLw<_[nNJ>K\ȜHqaN@B01;FUyD4{HO8ѭ=\zI[F,[Q^=W]6rpSn&o<(UOnsOkr>uxvY^][\;Yo%P.cIsgegA#:*5OKWX-Jaġ]==ʹ}FzVj?f4h9p~bOvHu1juC{1o'K{  8 ߜ:RNw }YV&ƀY8'}p)NBhعkjZ|t=på̹~o8S5c[&4H]JIUKJ~+jZ}'ۦ""CDQe jro9 Z)˥*D`q9CTx|Femګ,91C=b{hǬ[ɖP=^?FG&^l _1 {7/TE5// {_C1B R1K1@ͽe^*q0*j1f%Q<8 d3Imf..eа!,sv[z |wN:3X&38W "Z7hlգ{wh9ĩiSrO?g)b|3s`&`" >oٔ^^CB N ˗ X627\$V|_ S [2FdX XJr ;9_ӾZ$ǖDCI_1\3u{ª}E}Q!je: ]nn\3X?ap[gc2 Bj>f`ԃ`wƨ^f\cy/13Ӯ3ߒwIE=Q hkоx^ Y4H-'cB诿aXkt$J7BIb7N˩=sM^W -_?y.ͅc[: 5 ճmbxEnԙex\,x`ڦUeL~#zTÓ]v >%v jSf\gHa)x܃AR~Q "~ A}FV$5 ௛B|z^Dl, - O*HQq1^R[aʹD.vUj v[!RǞ,`'/2^;' / 8H2Gd!᳤c"3ލg% ']^ΠbO_wsԶeEQ&PL®#U%$tnP/9"Ź oPm b/3yJ>? T@|- %.X&";>m?'.}N5+I'"@2xԴ5[Pŗ;39 m'#84C>غmQ޺ϟpml.;+C%P^pgUvy* *>`H6A1^<;zއ7Ku!AY=_v{[=/'R``U)Y<d鞎NjGtM-IS`i#ނ4(NGQeRb0yM&~0qGĶ2C|R4o̝UpvRvcdLwvø) 3/: Ǣ8BU(]6s/>^|˼kAсYnw0w1L/#}ZFS`p ۂ{3+Urcdk{f:ePeX l'ᠢ׀5V`9H\S(|9NRnãǍ'HǸ׬[ [ qy6` <Щ1D\bv9E9bꛦD]khT[%*ʢ36M 9/ߵ33pݼ®,vyXOF\X3' cgb@xO=e_qxN|L/Xט} 2^;FB~eagZϼ:?ʂo/ QF$V30(ylH9m50X1'NRGQv7CA 'Ɣ ϰ" sWexDh^N"?H+o%ӫrXotlC"|f@XjtP9͓Z0 9BMhc{pfi#sS3 {τ ixv4<3@TF_E@G7fyUĄfٵ\RJnrmmkJ(iF 5cP.vX-n$B@ εx CG,$?ˋ} byx Uf}')VS//.?i*g\`