laptop security

Discussion in 'Computer Security' started by Allen Anderson, Jun 18, 2004.

  1. I want to put sensitive files on my laptop that I need to have while I
    travel. However, I want to do my due dilligence to make sure I do
    whatever I can to make sure that the laptop and all the files on it
    are innaccessable if the laptop gets stolen or lost. What are my
    options for encyprtion? I would prefer whole OS encryption instead of
    just specific files as I don't want to 'forget' to encrypt a file and
    have it accessable for some reason.
     
    Allen Anderson, Jun 18, 2004
    #1
    1. Advertising

  2. Allen Anderson

    Jim Watt Guest

    On Fri, 18 Jun 2004 00:20:51 -0600, Allen Anderson
    <> wrote:

    >I want to put sensitive files on my laptop that I need to have while I
    >travel. However, I want to do my due dilligence to make sure I do
    >whatever I can to make sure that the laptop and all the files on it
    >are innaccessable if the laptop gets stolen or lost. What are my
    >options for encyprtion? I would prefer whole OS encryption instead of
    >just specific files as I don't want to 'forget' to encrypt a file and
    >have it accessable for some reason.


    If its an IBM laptop all you need do is set a hard disk password
    if its not, leave it in a public place, wait for it to be stolen,
    claim on the insurance and buy an IBM next time.

    You could also look at this group on Google as the subject
    of disk encryption is a frequent one discussed in detail.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 18, 2004
    #2
    1. Advertising

  3. On Fri, 18 Jun 2004 00:20:51 -0600, Allen Anderson
    <> wrote:

    >I want to put sensitive files on my laptop that I need to have while I
    >travel. However, I want to do my due dilligence to make sure I do
    >whatever I can to make sure that the laptop and all the files on it
    >are innaccessable if the laptop gets stolen or lost. What are my
    >options for encyprtion? I would prefer whole OS encryption instead of
    >just specific files as I don't want to 'forget' to encrypt a file and
    >have it accessable for some reason.


    Have a look at Marcus Hahn's Blowfish Advanced CS ( freeware, widely
    available ).

    Among its many options is a 'work with' option - which allows you to
    view and edit a file, re-encrypting it when closed.

    It also has a batch file capability, and it wouldn't take too much
    effort to knock up a script/batch file that can be linked to your OS
    shutdown routine - ensuring you don't leave unencrypted data lying
    about.

    Other than that, encrypted virtual disks is the way to go - though I
    don't know what the performance hit would be.

    Regards,



    --
    Stephen Howard - Woodwind repairs & period restorations
    www.shwoodwind.co.uk
    Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk
     
    Stephen Howard, Jun 18, 2004
    #3
  4. Allen Anderson

    John Guest

    Jim Watt wrote:

    > On Fri, 18 Jun 2004 00:20:51 -0600, Allen Anderson
    > <> wrote:
    >
    >
    >>I want to put sensitive files on my laptop that I need to have while I
    >>travel. However, I want to do my due dilligence to make sure I do
    >>whatever I can to make sure that the laptop and all the files on it
    >>are innaccessable if the laptop gets stolen or lost. What are my
    >>options for encyprtion? I would prefer whole OS encryption instead of
    >>just specific files as I don't want to 'forget' to encrypt a file and
    >>have it accessable for some reason.

    >
    >
    > If its an IBM laptop all you need do is set a hard disk password
    > if its not, leave it in a public place, wait for it to be stolen,
    > claim on the insurance and buy an IBM next time.
    >


    And add SafeGuard Easy to it.

    Groetjes
    John
     
    John, Jun 18, 2004
    #4
  5. Allen Anderson

    Jim Watt Guest

    On Fri, 18 Jun 2004 15:05:49 +0200, John
    <> wrote:

    >Jim Watt wrote:
    >
    >> On Fri, 18 Jun 2004 00:20:51 -0600, Allen Anderson
    >> <> wrote:
    >>
    >>
    >>>I want to put sensitive files on my laptop that I need to have while I
    >>>travel. However, I want to do my due dilligence to make sure I do
    >>>whatever I can to make sure that the laptop and all the files on it
    >>>are innaccessable if the laptop gets stolen or lost. What are my
    >>>options for encyprtion? I would prefer whole OS encryption instead of
    >>>just specific files as I don't want to 'forget' to encrypt a file and
    >>>have it accessable for some reason.

    >>
    >>
    >> If its an IBM laptop all you need do is set a hard disk password
    >> if its not, leave it in a public place, wait for it to be stolen,
    >> claim on the insurance and buy an IBM next time.
    >>

    >
    >And add SafeGuard Easy to it.


    Why ?



    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 18, 2004
    #5
  6. Allen Anderson

    Martin Guest

    Allen Anderson wrote:

    > I want to put sensitive files on my laptop that I need to have while I
    > travel. However, I want to do my due dilligence to make sure I do
    > whatever I can to make sure that the laptop and all the files on it
    > are innaccessable if the laptop gets stolen or lost. What are my
    > options for encyprtion? I would prefer whole OS encryption instead of
    > just specific files as I don't want to 'forget' to encrypt a file and
    > have it accessable for some reason.
    >


    You haven't told us who are you trying to hide data from. What kind of data.

    Is it intellegence services? Casual robbers? what?
    Company data? Secret porn stash? Child porn? Political propoganda?

    Hard to give advice unless we (TINW) know the target.
     
    Martin, Jun 18, 2004
    #6
  7. Company secrets and data mostly that I have to work with as well as
    contacts.

    It is information that a foreign government would potentially want to
    access, so the encryption needs to be very strong. Performance really
    isn't important as long as its secure.

    On Fri, 18 Jun 2004 21:57:45 +0000 (UTC), Martin
    <> wrote:

    >Allen Anderson wrote:
    >
    >> I want to put sensitive files on my laptop that I need to have while I
    >> travel. However, I want to do my due dilligence to make sure I do
    >> whatever I can to make sure that the laptop and all the files on it
    >> are innaccessable if the laptop gets stolen or lost. What are my
    >> options for encyprtion? I would prefer whole OS encryption instead of
    >> just specific files as I don't want to 'forget' to encrypt a file and
    >> have it accessable for some reason.
    >>

    >
    >You haven't told us who are you trying to hide data from. What kind of data.
    >
    >Is it intellegence services? Casual robbers? what?
    >Company data? Secret porn stash? Child porn? Political propoganda?
    >
    >Hard to give advice unless we (TINW) know the target.
     
    Allen Anderson, Jun 19, 2004
    #7
  8. I will check out the blowfish advanced stuff. thanks

    On Fri, 18 Jun 2004 11:29:20 +0100, Stephen Howard
    <> wrote:

    >On Fri, 18 Jun 2004 00:20:51 -0600, Allen Anderson
    ><> wrote:
    >
    >>I want to put sensitive files on my laptop that I need to have while I
    >>travel. However, I want to do my due dilligence to make sure I do
    >>whatever I can to make sure that the laptop and all the files on it
    >>are innaccessable if the laptop gets stolen or lost. What are my
    >>options for encyprtion? I would prefer whole OS encryption instead of
    >>just specific files as I don't want to 'forget' to encrypt a file and
    >>have it accessable for some reason.

    >
    >Have a look at Marcus Hahn's Blowfish Advanced CS ( freeware, widely
    >available ).
    >
    >Among its many options is a 'work with' option - which allows you to
    >view and edit a file, re-encrypting it when closed.
    >
    >It also has a batch file capability, and it wouldn't take too much
    >effort to knock up a script/batch file that can be linked to your OS
    >shutdown routine - ensuring you don't leave unencrypted data lying
    >about.
    >
    >Other than that, encrypted virtual disks is the way to go - though I
    >don't know what the performance hit would be.
    >
    >Regards,
     
    Allen Anderson, Jun 19, 2004
    #8
  9. Allen Anderson <> wrote:

    > Company secrets and data mostly that I have to work with as well as
    > contacts.
    >
    > It is information that a foreign government would potentially want to
    > access, so the encryption needs to be very strong. Performance really
    > isn't important as long as its secure.
    >

    probably worth having a look at some of the open source disk encription,
    i use a encripted disk image known as 'data vault" in mac speak which is
    suposed to fairly hard to crack it doesn't apear to have slowed the disk
    down at all, which is good. so i'd have a look for some of the options
    for encrpting the data be that the files or the disk its' self. probably
    the most useful thing to rember is to use a good password that will not
    be supectablte to dictorary attacks or the hassel of encripting the data
    is worthless.
    > On Fri, 18 Jun 2004 21:57:45 +0000 (UTC), Martin
    > <> wrote:
    >

    snips.

    Roger
    --
    usr is wodger
     
    Roger Merriman, Jun 21, 2004
    #9
  10. Allen Anderson

    John Guest

    Jim Watt wrote:
    >>>If its an IBM laptop all you need do is set a hard disk password
    >>>if its not, leave it in a public place, wait for it to be stolen,
    >>>claim on the insurance and buy an IBM next time.
    >>>

    >>
    >>And add SafeGuard Easy to it.

    >
    >
    > Why ?


    eg. http://www.computacenter.com/beLux/news/pressreleases/ibm.asp

    John
     
    John, Jun 22, 2004
    #10
  11. Allen Anderson

    Jim Watt Guest

    On Tue, 22 Jun 2004 17:31:56 +0200, John
    <> wrote:

    >Jim Watt wrote:
    >>>>If its an IBM laptop all you need do is set a hard disk password
    >>>>if its not, leave it in a public place, wait for it to be stolen,
    >>>>claim on the insurance and buy an IBM next time.
    >>>>
    >>>
    >>>And add SafeGuard Easy to it.

    >>
    >>
    >> Why ?

    >
    >eg. http://www.computacenter.com/beLux/news/pressreleases/ibm.asp


    in a distributed environment thats perhaps necessary, to protect one
    laptop, the hardware disk protection is pretty good.. I'm still
    looking for a way to circumvent it.
    >John


    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 22, 2004
    #11
  12. Allen Anderson

    Frode Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Allen Anderson wrote:

    >I want to put sensitive files on my laptop that I need to have while I
    >travel. However, I want to do my due dilligence to make sure I do
    >whatever I can to make sure that the laptop and all the files on it
    >are innaccessable if the laptop gets stolen or lost. What are my
    >options for encyprtion? I would prefer whole OS encryption instead of
    >just specific files as I don't want to 'forget' to encrypt a file and
    >have it accessable for some reason.


    http://tinyurl.com/2mwzq (Safeboot)

    http://www.securstar.com/products_drivecryptpp.php

    Personally I use the first. At $50 for a single-user license it's a
    bargain.

    There are lots of similar solutions available for varying amounts of cash.

    - --
    Frode

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1

    iQA/AwUBQNiEAOXlGBWTt1afEQITVACfW1ze3ZmB7rxf6Lz8UN3HPT8QDc0AoK2b
    5XEH62GSivA9Qx6la+f7+WO7
    =tskB
    -----END PGP SIGNATURE-----
     
    Frode, Jun 22, 2004
    #12
  13. Allen Anderson

    Andrew Guest

    Re: Re: laptop security

    6/18/2004 10:10:19 PM

    Allen Anderson <> wrote in message

    <>



    > Company secrets and data mostly that I have to work with as well as


    > contacts.


    >


    > It is information that a foreign government would potentially want

    to

    > access, so the encryption needs to be very strong. Performance

    really

    > isn't important as long as its secure.


    >




    I'm kind of surprised that your company doesn't have a policy and
    product in place already. As I was reading through the thread, I was
    wondering what level of security you wanted. I'm happy with my BIOS
    and disk password and standard EFS with XP and Syskey. But I'm just
    spitefully protecting against laptop lifters and some personal
    financial data that I can invalidate if I need to. NOT sufficient for
    you.

    This really sounds like something that needs to be explored in a
    larger context. What the bad guys don't get from your laptop, they
    will get from someone else's. People are the weakest link.

    Andrew
    --
    Composed with Newz Crawler 1.7 http://www.newzcrawler.com/
     
    Andrew, Jun 22, 2004
    #13
  14. Allen Anderson

    John Guest

    Jim Watt wrote:
    > On Tue, 22 Jun 2004 17:31:56 +0200, John
    > <> wrote:
    >
    >>Jim Watt wrote:
    >>
    >>>>>If its an IBM laptop all you need do is set a hard disk password
    >>>>>if its not, leave it in a public place, wait for it to be stolen,
    >>>>>claim on the insurance and buy an IBM next time.
    >>>>>
    >>>>
    >>>>And add SafeGuard Easy to it.
    >>>
    >>>
    >>>Why ?

    >>
    >>eg. http://www.computacenter.com/beLux/news/pressreleases/ibm.asp

    >
    >
    > in a distributed environment thats perhaps necessary, to protect one
    > laptop, the hardware disk protection is pretty good.. I'm still
    > looking for a way to circumvent it.
    >


    The problem is that the manufacturers are able to circumvent it, afaik.
    And if they can, someone else can, like data recovery businesses, or
    nosy "repairmen".

    Which means complete disk encryption is still in order.

    John
     
    John, Jun 23, 2004
    #14
  15. Allen Anderson

    Jim Watt Guest

    On Wed, 23 Jun 2004 08:47:55 +0200, John
    <> wrote:

    >Jim Watt wrote:
    >> On Tue, 22 Jun 2004 17:31:56 +0200, John
    >> <> wrote:
    >>
    >>>Jim Watt wrote:
    >>>
    >>>>>>If its an IBM laptop all you need do is set a hard disk password
    >>>>>>if its not, leave it in a public place, wait for it to be stolen,
    >>>>>>claim on the insurance and buy an IBM next time.
    >>>>>>
    >>>>>
    >>>>>And add SafeGuard Easy to it.
    >>>>
    >>>>
    >>>>Why ?
    >>>
    >>>eg. http://www.computacenter.com/beLux/news/pressreleases/ibm.asp

    >>
    >>
    >> in a distributed environment thats perhaps necessary, to protect one
    >> laptop, the hardware disk protection is pretty good.. I'm still
    >> looking for a way to circumvent it.
    >>

    >
    >The problem is that the manufacturers are able to circumvent it, afaik.


    In the case of the disk password, IBM say no, they can't.

    >And if they can, someone else can, like data recovery businesses, or
    >nosy "repairmen".


    Nosy repairmen stand no chance.

    >Which means complete disk encryption is still in order.


    Depending on the confidentiality of the data on the disk - for
    most purposes the disk password locks up the data so that
    nobody can access it very effectivly.

    However, there are data recovery services who say they can
    reconstruct the data at a fee 10x the cost of the drive.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 23, 2004
    #15
  16. Allen Anderson

    KBob Guest

    On Fri, 18 Jun 2004 10:00:00 +0200, Jim Watt <_way>
    wrote:

    >On Fri, 18 Jun 2004 00:20:51 -0600, Allen Anderson
    ><> wrote:
    >
    >>I want to put sensitive files on my laptop that I need to have while I
    >>travel. However, I want to do my due dilligence to make sure I do
    >>whatever I can to make sure that the laptop and all the files on it
    >>are innaccessable if the laptop gets stolen or lost. What are my
    >>options for encyprtion? I would prefer whole OS encryption instead of
    >>just specific files as I don't want to 'forget' to encrypt a file and
    >>have it accessable for some reason.

    >
    >If its an IBM laptop all you need do is set a hard disk password
    >if its not, leave it in a public place, wait for it to be stolen,
    >claim on the insurance and buy an IBM next time.
    >
    >You could also look at this group on Google as the subject
    >of disk encryption is a frequent one discussed in detail.


    A lot depends on the level of security you desire. Hard disk
    passwords are fine for keeping casual snoops out, but will fail to
    provide sufficient protection from someone who is determined.

    Simply pop the drive out of the laptop (IBM or not), put it in a USB2
    case, run EnCase on the drive and it's all there for the world to see,
    since the drive's content is not encrypted. On my IBM I prefer to use
    a separate 60G drive (in the Ultrabay) that is encrypted and can be
    removed. For any laptop you might consider putting the sensitive
    material on an encrypted partition using TrueCrypt (free) or
    SecurStor's DriveCrypt which is also available in a full-drive
    boot-protected version. I tend to shy away from the latest versions
    of the latter, since even changing the system date can mess things up.

    In the best of worlds, I'd like to have something similar to DCPP with
    boot protection, but without the unneccessary tattle features (earlier
    vers?). After playing around with DCPP for a while, I've decided it's
    not for me, and am much more comfortable with TrueCrypt for now, and
    sometimes use SecureFile.
     
    KBob, Jul 19, 2004
    #16
  17. Allen Anderson

    Jim Watt Guest

    On Mon, 19 Jul 2004 19:56:47 GMT, KBob <> wrote:
    <snip>

    >>If its an IBM laptop all you need do is set a hard disk password
    >>if its not, leave it in a public place, wait for it to be stolen,
    >>claim on the insurance and buy an IBM next time.
    >>
    >>You could also look at this group on Google as the subject
    >>of disk encryption is a frequent one discussed in detail.

    >
    >A lot depends on the level of security you desire. Hard disk
    >passwords are fine for keeping casual snoops out, but will fail to
    >provide sufficient protection from someone who is determined.
    >
    >Simply pop the drive out of the laptop (IBM or not), put it in a USB2
    >case, run EnCase on the drive and it's all there for the world to see,
    >since the drive's content is not encrypted.


    Have you actually tried that with an IBM?

    HINT: If you have set the hard disk password you cannot access
    the drive. Not with Encase, not with nothing.


    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jul 19, 2004
    #17
  18. Allen Anderson

    KBob Guest

    On Mon, 19 Jul 2004 23:53:46 +0200, Jim Watt <_way>
    wrote:

    ><
    >Have you actually tried that with an IBM?
    >
    >HINT: If you have set the hard disk password you cannot access
    >the drive. Not with Encase, not with nothing.


    Unfortunately my A31P has been sitting in the repair depot for the
    past month (MB fried). I'll post my findings (w/Encase) later. I
    hope you're right-- however if the drive isn't actually encrypted but
    simply has the MBR modified by the lock, it does not appear that
    Encase or WinHex would have any problem, since I've viewed the content
    of other "boot-protected" drives without difficulty, as long as
    they're standard drives.
     
    KBob, Jul 25, 2004
    #18
  19. Allen Anderson

    Jim Watt Guest

    On Sun, 25 Jul 2004 15:41:35 GMT, KBob <> wrote:

    >On Mon, 19 Jul 2004 23:53:46 +0200, Jim Watt <_way>
    >wrote:
    >
    >><
    >>Have you actually tried that with an IBM?
    >>
    >>HINT: If you have set the hard disk password you cannot access
    >>the drive. Not with Encase, not with nothing.

    >
    >Unfortunately my A31P has been sitting in the repair depot for the
    >past month (MB fried). I'll post my findings (w/Encase) later. I
    >hope you're right-- however if the drive isn't actually encrypted but
    >simply has the MBR modified by the lock, it does not appear that
    >Encase or WinHex would have any problem, since I've viewed the content
    >of other "boot-protected" drives without difficulty, as long as
    >they're standard drives.


    The password protection is a built in feature of the drive
    firmware and does not allow the drive to do anything
    unless the correct 256 bit password is entered. The drive
    itself is not encrypted but you cannot access it at drive
    electronics level. And its well thought out.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jul 25, 2004
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    838
  2. Replies:
    0
    Views:
    730
  3. Rick Sears
    Replies:
    0
    Views:
    515
    Rick Sears
    Jul 29, 2003
  4. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    615
    COMSOLIT Messmer
    Sep 5, 2003
  5. rafael
    Replies:
    7
    Views:
    1,910
    Jack \(MVP-Networking\).
    Jan 21, 2008
Loading...

Share This Page