According to a recent information security survey conducted by PCQuest of
around 90 CIOs, nearly 40% said that they had suffered from laptop theft, which
was the highest of all other security incidents. As the number of laptops is
bound to grow in the organization, these incidents will only increase. Another
more serious issue is with the loss of data on stolen laptops. Data is of course
far more valuable than the cost of laptops themselves. Then, there's an even
more serious issue of that data being mis-used. So the obvious question is, what
should you do?
The answer according to the same survey is to encrypt your hard drive and use
data loss prevention solutions. A majority of respondents had plans of adopting
both in their organization. Given the high demand for hard drive encryption, in
this article, we've talked about how it's done. Most laptops these days come
with a TPM (Trusted Platform Module) chip, which can store the public key of an
encrypted hard drive. In this article, we'll talk about how to use this feature
along with some hard disk encryption software.
Next comes the issue of laptop theft. Currently, there are various online
services that promise to help you track your laptop if it gets stolen. So later
in this section, we've covered five different online services that offer you
this capability, and tell you the best one.
Lastly, another thing you might want to do is to check with your laptop
vendors on whether they offer any kind of laptop protection services. These
could be helpful in cases of laptop or data theft. Some vendors offer insurance
of both the laptop and data on them. Some even offer port locking capabilities,
so that you can control port usage. This can be useful in data leakage
prevention.
Encrypting Data on Notebooks
One of the biggest concerns for laptop users is to save their data in case
the laptop or its hard drive is accessed by someone with malicious intent. One
can easily bypass any kind of OS level security by just booting a machine with
Live OS or by taking out the hard drive of the machine and connecting to another
machine as a secondary volume. Then the person can just browse the data from the
victim's drive and copy it to some other desired location. The only way to save
yourself against this is by encrypting data on your disk. There are many ways by
which you can encrypt your data, but the most hassle free and safe mechanism is
by using TPM or Trusted Platform Module. This is essentially a chip which
resides on the motherboard and is used for storing the public key generated
while encrypting data.
You need to turn on the Trusted Platform Module to use BitLocker. Just follow the steps in the window and continue. |
You need to save a copy of your recovery password at a safe place; this could be a USB drive, a folder or just a printout. |
The data can be easily encrypted by tools such as BitLocker, which come with
Windows Vista Ultimate and Business Edition and other third party software, but
with TPM the benefit you get is that you don't have to store the public key to a
USB drive, and connect it every time to access your data. At the same time it
makes sure that no one can read the data in the disk unless and until the disk
is accessed from the same machine, through the same OS and even from the same
channel of the hardware connector connecting the disk with the motherboard. We
actually tried testing the level of security by booting the machine with a Live
OS and by taking the disk out and connecting it to another machine. In the case
of a Live OS, the encrypted partition didn't even get mounted and the command
gave a file system error. In the second case, again we were not able to read
anything from the disk. This clearly states that after encrypting your hard
drive you can actually make your data invisible to others. Here, the only weak
link could be your password, because once you logon to Windows Vista with your
password, then only you can read your data. So while using this encryption tool,
please make sure that you use a very strong password else it can be compromised.
Installation
Unlike a standard application in Windows, this installation is pretty
complex and asks you to run quite a few commands. The best time to configure
your machine to the state where BitLocker can run on it is while doing a fresh
install. This is because Windows Vista can only run BitLocker when you have a
very specific disk partition structure. And some of those requirements can only
be fulfilled while doing a fresh install. There is a tool called BitLocker Drive
Preparation Tool from Microsoft which can help you do the partition settings on
an installed machine. But it's a bit more complex and even risky as you might
experience loss of data. So, we talk about how you can install BitLocker on a
fresh machine.
Before we begin, let's first identify what all you shall need. You will of
course need TPM in the machine where you try to run BitLocker. You will then
need Windows Vista Ultimate or Business Edition or for that matter even Windows
7. Then you will need to start the installation of Windows Vista and create two
partitions. One partition will be the system partition which will have the
Windows folder and will be used as C drive and shall later be encrypted. The
other one will be a small, around 1.5 GB partition. This will work as the boot
partition and will not be encrypted, so that the machine can boot with the OS.
To do so, first boot your machine with the Windows Vista DVD. And when it gives
you the option, 'Install Now,' look at the bottom left corner. You will see
another option that says, 'Repair your Computer.' Select this option and you
will see a list of utilities. In this list, select and click on 'Command
Prompt.' When the command prompt opens up, run the following command:
Note that we are assuming that the machine doesn't have any data and is going
to be freshly installed. So if you have any data in the drive please back it up
else it will be lost.
X:\ diskpart
Diskpart> select disk 0
Diskpart> clean
Diskpart> create partition primary size=1500
Diskpart>Assign letter=S
Diskpart>active
Diskpart>create partition primary
Diskpart>assign letter=C
Diskpart>exit
Running these commands shall create a partition of 1.5 GB which is active and
will be used for booting and another system partition that has the rest of the
space on the disk. Now you will need to format these partitions. To do so run:
X:\format c: /q /fs:NTFS
X:\format s: /q /fs:NTFS
Once the partitions have been formatted, exit this wizard and go back to the
'Install Now' window by clicking on the close button. Once you are back, you can
just continue the standard Windows installation process. As the first boot
partition is only 1.5 GB the installer will never take it as the system
partition, so you have to select the other partition for the system drive.
Once the installation is over, boot on to the OS and run the BitLocker wizard
from the Control Panel. If your machine has an installed TPM chip and you have
done the partitioning correct, it will not give you any warning and you will see
an option which says 'Turn On BitLocker.' Click on that link. It should give you
a message that it needs to turn on TPM from BIOS and for that it needs to
reboot. Follow the instructions and click on the reboot button.
Recovery password
After the system has rebooted, you might see a BIOS message that asks you to
press a key to turn on TPM from BIOS. Please follow the step instructions. Once
the machine reboots, it will automatically continue the BitLocker wizard. First
it will ask you where you want to take a backup of your recovery password or
key. Here you can either save it to a USB drive or to a folder or just take a
printout.
Drive encryption
Once you select the drive and proceed, it will start the encryption process.
This process is going to take so much time that you can easily leave your
machine and go out to watch a movie! It took us around 3 hours to encrypt a 300
GB drive with just 15 GB of used space. Once the process is over, your hard
drive is safe from theft. However, do not forget to use a strong password or to
lock your machine while you go out.
When your laptop goes missing!
Laptops have become an integral part of mobility. Extremely important for
employees who need to travel frequently while remaining in continual touch with
their offices, laptops are seen to be used everywhere — shopping malls, cafes,
cars, etc. However, with the number of laptops increasing in organizations, the
cases of notebook theft started to scale a new high. This made organizations
worry a lot about the security of their data. Users keep a lot of corporate data
on their laptops, and at times, this even resulted in targeted attacks.
When we first wrote about a laptop recovery solution six month back we got
many responses from our readers. In fact, this has inspired us to write this
story. Let's have a look at some such solutions that can help track not only
your stolen notebook or smartphone but also the data inside. Before we drill
deep into the solutions, it's important to understand the scenarios in which
these solutions will be able to help you, and some of the issues surrounding the
solutions.
LocateMyLaptop shows the location of the notebook on Google Maps along with the information like IP, ISP, etc. |
Situations in which recovery solutions won't work
If the hard drive is formatted: If your laptop with a recovery solution
installed in it goes missing, it needs to be connected to Internet at least
once, to give the running agent on it a chance to send IP address and other
information to you. But, if the thief formats the laptop's HDD without
connecting it to Internet, you are just out of luck.
If users are password protected: Again, if all Windows login users of your
laptop are password protected and you have a recovery solution very much on
place, it is less likely that the solution will work. The thief won't be able to
gain access to your system. A work around to this is to have a user with no
password and restricted rights, and encrypt all your data with a good hard disk
encryption solution (covered in previous section). However, this also means you
are opening a security hole on your notebook.
Choose a laptop recovery partner carefully
One of the most talked about laptop recovery solutions is 'Adeona'. The
solution is currently not working and its website claims 'the back-end service (OpenDHT
on PlanetLab) is proving to be unreliable'. One reason could be that it being a
free open source service, a lot of users from around the world have started
using it and perhaps its owner, Washington University, didn't expect that much
traffic. It's not known when Adeona will be back, worse there is a possibility
that there could be users running Adeona, thinking they have a chance to
retrieve their laptop back, if it gets lost.
LocatePC shows entire trace route information to user's email along with MAC address of the machine. |
On AseeTrax portal, you can view entire tracking information including external IP. |
Just incase you are an Adeona user; do try to retrieve your laptop
information, to see if it works. Plus do take some extra measures such as
encrypting your critical data which is always useful.
Motion sensor solutions
Another good idea is to equip your laptop with a small motion detection
alarm or an infrared transmitter device which will trigger an alarm if your
laptop is taken 15-20 feet away. A solution like laptop alarm (www.syfer.nl)
will trigger a loud alarm if your laptop's power cable is unplugged or an
external mouse is removed or someone tries to shutdown your laptop.
The tag way
That old fashioned way of ID everything still makes sense. You can simply ID
your laptop and in case it gets missing, there is a chance of getting it back.
However, if it lands in the wrong hand, there are chances of misusing your
contact details and other important information. This is where lost and found
services like Zreturn (www.zreturn.com) and Bommerrangit (http://www.boomerangit.com)
come to help. These give a tag with a service number on it and the tag will
read, if the device is found, 'please return it to their portal'. Once a person
goes to their website and types the serial number, the information found will be
sent to you via email or IM. This means the person who has found your laptop
will not have your contact information, thus ruling out the possibility of a
blackmail. However, such cases should ideally be 'lost' and not 'stolen'.
For a large enterprise with a fleet of around 400-500 laptops, you can create
your own tag and even create a small portal, which doesn't reveal company
information. Also, when you go for recovering your laptop, it might be a good
idea to take security personnel along.
Intel Anti-theft Technology
Intel Centrino 2 with vPro notebooks come with Intel AT (Anti-Theft)
Technology. It has hardware detection mechanisms that can recognize if a
notebook is stolen and even can disable access to the laptop. For instance, if
there are excessive failed attempts to login to a laptop which exceeds the
number of attempts specified by IT policy, or if laptop does not connect back to
the central server with in the IT policy specified time, actions can be
automatically triggered. In case, a laptop is stolen and next time the notebook
is connected to the Internet, it will automatically disable access to notebook.