According to a recent information security survey conducted by PCQuest of around 90 CIOs, nearly 40% said that they had suffered from laptop theft, which was the highest of all other security incidents. As the number of laptops is bound to grow in the organization, these incidents will only increase. Another more serious issue is with the loss of data on stolen laptops. Data is of course far more valuable than the cost of laptops themselves. Then, there's an even more serious issue of that data being mis-used. So the obvious question is, what should you do?
The answer according to the same survey is to encrypt your hard drive and use data loss prevention solutions. A majority of respondents had plans of adopting both in their organization. Given the high demand for hard drive encryption, in this article, we've talked about how it's done. Most laptops these days come with a TPM (Trusted Platform Module) chip, which can store the public key of an encrypted hard drive. In this article, we'll talk about how to use this feature along with some hard disk encryption software.
Next comes the issue of laptop theft. Currently, there are various online services that promise to help you track your laptop if it gets stolen. So later in this section, we've covered five different online services that offer you this capability, and tell you the best one.
Lastly, another thing you might want to do is to check with your laptop vendors on whether they offer any kind of laptop protection services. These could be helpful in cases of laptop or data theft. Some vendors offer insurance of both the laptop and data on them. Some even offer port locking capabilities, so that you can control port usage. This can be useful in data leakage prevention.
Encrypting Data on Notebooks
One of the biggest concerns for laptop users is to save their data in case the laptop or its hard drive is accessed by someone with malicious intent. One can easily bypass any kind of OS level security by just booting a machine with Live OS or by taking out the hard drive of the machine and connecting to another machine as a secondary volume. Then the person can just browse the data from the victim's drive and copy it to some other desired location. The only way to save yourself against this is by encrypting data on your disk. There are many ways by which you can encrypt your data, but the most hassle free and safe mechanism is by using TPM or Trusted Platform Module. This is essentially a chip which resides on the motherboard and is used for storing the public key generated while encrypting data.
|You need to turn on the Trusted Platform Module to use BitLocker. Just follow the steps in the window and continue.||You need to save a copy of your recovery password at a safe place; this could be a USB drive, a folder or just a printout.|
The data can be easily encrypted by tools such as BitLocker, which come with Windows Vista Ultimate and Business Edition and other third party software, but with TPM the benefit you get is that you don't have to store the public key to a USB drive, and connect it every time to access your data. At the same time it makes sure that no one can read the data in the disk unless and until the disk is accessed from the same machine, through the same OS and even from the same channel of the hardware connector connecting the disk with the motherboard. We actually tried testing the level of security by booting the machine with a Live OS and by taking the disk out and connecting it to another machine. In the case of a Live OS, the encrypted partition didn't even get mounted and the command gave a file system error. In the second case, again we were not able to read anything from the disk. This clearly states that after encrypting your hard drive you can actually make your data invisible to others. Here, the only weak link could be your password, because once you logon to Windows Vista with your password, then only you can read your data. So while using this encryption tool, please make sure that you use a very strong password else it can be compromised.
Unlike a standard application in Windows, this installation is pretty complex and asks you to run quite a few commands. The best time to configure your machine to the state where BitLocker can run on it is while doing a fresh install. This is because Windows Vista can only run BitLocker when you have a very specific disk partition structure. And some of those requirements can only be fulfilled while doing a fresh install. There is a tool called BitLocker Drive Preparation Tool from Microsoft which can help you do the partition settings on an installed machine. But it's a bit more complex and even risky as you might experience loss of data. So, we talk about how you can install BitLocker on a fresh machine.
Before we begin, let's first identify what all you shall need. You will of course need TPM in the machine where you try to run BitLocker. You will then need Windows Vista Ultimate or Business Edition or for that matter even Windows 7. Then you will need to start the installation of Windows Vista and create two partitions. One partition will be the system partition which will have the Windows folder and will be used as C drive and shall later be encrypted. The other one will be a small, around 1.5 GB partition. This will work as the boot partition and will not be encrypted, so that the machine can boot with the OS. To do so, first boot your machine with the Windows Vista DVD. And when it gives you the option, 'Install Now,' look at the bottom left corner. You will see another option that says, 'Repair your Computer.' Select this option and you will see a list of utilities. In this list, select and click on 'Command Prompt.' When the command prompt opens up, run the following command:
Note that we are assuming that the machine doesn't have any data and is going to be freshly installed. So if you have any data in the drive please back it up else it will be lost.
Diskpart> select disk 0
Diskpart> create partition primary size=1500
Diskpart>create partition primary
Running these commands shall create a partition of 1.5 GB which is active and will be used for booting and another system partition that has the rest of the space on the disk. Now you will need to format these partitions. To do so run:
X:\\format c: /q /fs:NTFS
X:\\format s: /q /fs:NTFS
Once the partitions have been formatted, exit this wizard and go back to the
'Install Now' window by clicking on the close button. Once you are back, you can
just continue the standard Windows installation process. As the first boot
partition is only 1.5 GB the installer will never take it as the system
partition, so you have to select the other partition for the system drive.
Once the installation is over, boot on to the OS and run the BitLocker wizard from the Control Panel. If your machine has an installed TPM chip and you have done the partitioning correct, it will not give you any warning and you will see an option which says 'Turn On BitLocker.' Click on that link. It should give you a message that it needs to turn on TPM from BIOS and for that it needs to reboot. Follow the instructions and click on the reboot button.
After the system has rebooted, you might see a BIOS message that asks you to press a key to turn on TPM from BIOS. Please follow the step instructions. Once the machine reboots, it will automatically continue the BitLocker wizard. First it will ask you where you want to take a backup of your recovery password or key. Here you can either save it to a USB drive or to a folder or just take a printout.
Once you select the drive and proceed, it will start the encryption process. This process is going to take so much time that you can easily leave your machine and go out to watch a movie! It took us around 3 hours to encrypt a 300 GB drive with just 15 GB of used space. Once the process is over, your hard drive is safe from theft. However, do not forget to use a strong password or to lock your machine while you go out.
When your laptop goes missing!
Laptops have become an integral part of mobility. Extremely important for employees who need to travel frequently while remaining in continual touch with their offices, laptops are seen to be used everywhere – shopping malls, cafes, cars, etc. However, with the number of laptops increasing in organizations, the cases of notebook theft started to scale a new high. This made organizations worry a lot about the security of their data. Users keep a lot of corporate data on their laptops, and at times, this even resulted in targeted attacks.
When we first wrote about a laptop recovery solution six month back we got many responses from our readers. In fact, this has inspired us to write this story. Let's have a look at some such solutions that can help track not only your stolen notebook or smartphone but also the data inside. Before we drill deep into the solutions, it's important to understand the scenarios in which these solutions will be able to help you, and some of the issues surrounding the solutions.
|LocateMyLaptop shows the location of the notebook on Google Maps along with the information like IP, ISP, etc.|
Situations in which recovery solutions won't work
If the hard drive is formatted: If your laptop with a recovery solution installed in it goes missing, it needs to be connected to Internet at least once, to give the running agent on it a chance to send IP address and other information to you. But, if the thief formats the laptop's HDD without connecting it to Internet, you are just out of luck.
If users are password protected: Again, if all Windows login users of your laptop are password protected and you have a recovery solution very much on place, it is less likely that the solution will work. The thief won't be able to gain access to your system. A work around to this is to have a user with no password and restricted rights, and encrypt all your data with a good hard disk encryption solution (covered in previous section). However, this also means you are opening a security hole on your notebook.
Choose a laptop recovery partner carefully
One of the most talked about laptop recovery solutions is 'Adeona'. The solution is currently not working and its website claims 'the back-end service (OpenDHT on PlanetLab) is proving to be unreliable'. One reason could be that it being a free open source service, a lot of users from around the world have started using it and perhaps its owner, Washington University, didn't expect that much traffic. It's not known when Adeona will be back, worse there is a possibility that there could be users running Adeona, thinking they have a chance to retrieve their laptop back, if it gets lost.
|LocatePC shows entire trace route information to user's email along with MAC address of the machine.||On AseeTrax portal, you can view entire tracking information including external IP.|
Just incase you are an Adeona user; do try to retrieve your laptop information, to see if it works. Plus do take some extra measures such as encrypting your critical data which is always useful.
Motion sensor solutions
Another good idea is to equip your laptop with a small motion detection alarm or an infrared transmitter device which will trigger an alarm if your laptop is taken 15-20 feet away. A solution like laptop alarm (www.syfer.nl) will trigger a loud alarm if your laptop's power cable is unplugged or an external mouse is removed or someone tries to shutdown your laptop.
The tag way
That old fashioned way of ID everything still makes sense. You can simply ID your laptop and in case it gets missing, there is a chance of getting it back. However, if it lands in the wrong hand, there are chances of misusing your contact details and other important information. This is where lost and found services like Zreturn (www.zreturn.com) and Bommerrangit (http://www.boomerangit.com) come to help. These give a tag with a service number on it and the tag will read, if the device is found, 'please return it to their portal'. Once a person goes to their website and types the serial number, the information found will be sent to you via email or IM. This means the person who has found your laptop will not have your contact information, thus ruling out the possibility of a blackmail. However, such cases should ideally be 'lost' and not 'stolen'.
For a large enterprise with a fleet of around 400-500 laptops, you can create your own tag and even create a small portal, which doesn't reveal company information. Also, when you go for recovering your laptop, it might be a good idea to take security personnel along.
Intel Anti-theft Technology
Intel Centrino 2 with vPro notebooks come with Intel AT (Anti-Theft) Technology. It has hardware detection mechanisms that can recognize if a notebook is stolen and even can disable access to the laptop. For instance, if there are excessive failed attempts to login to a laptop which exceeds the number of attempts specified by IT policy, or if laptop does not connect back to the central server with in the IT policy specified time, actions can be automatically triggered. In case, a laptop is stolen and next time the notebook is connected to the Internet, it will automatically disable access to notebook.