Hello all Forwarding a mail from our member. Harish Kotian
Laptop security tips: The physical perspective Michael Cobb, Contributor 09.23.2009 Many laptops and mobile devices are lost each year, so their physical security should be high on any priority list, particularly as the right protection can save time, money, data and embarrassment. In this tip, we'll explore the available tools and technologies that can help you lock down your laptop. A lot of the improvements I am going to cover are straightforward to implement and won't break your budget. Take the Phoenix Freeze<http://www.phoenixfreeze.com/>, for example. The protection mechanism costs just $14.95 and locks and unlocks your laptop using your Bluetooth-enabled phone. Let's look, however, at a wider range of laptop physical security options. LAPTOP SECURITY PRODUCTS AND TOOLS Identification tags Asset tags, or identification marks, are an obvious laptop protection choice as long as they are not easily removable. A cheap alternative is to mark or engrave the outer case of the laptop with a contact number. This can greatly increase the chances of getting the computer returned if it gets lost, and the ID is often enough to deter the opportunist thief who is only interested in the resale value. The STOP security plate<https://www.stoptheft.com/site/products_security_plate.php> is a bar-coded metal tag with a registration number, indelible identification and 24x7 hotline number. The make, model, serial number and laptop owner are also stored in an online asset tracking database. Locks, cables and safes Another effective method of deterring the casual thief is to use a security cable, connecting the laptop from the Universal Security Slot to a strong immovable and unbreakable object. Remember, though, that this won't stop someone from walking off with any attached peripherals such as USB thumb drives. Keep those items with you at all times! For overnight protection, consider a portable safe such as the PortaSafe<http://www.lockalarm.com/lockalarmportasa.html>, which also sounds a powerful alarm if an attempt is made to cut the cable or tamper with the safe door. An added advantage of using a safe is that all the laptop's peripherals are secured as well. Privacy screens You, of course, need to prevent shoulder surfers from seeing the documents that you're working on. Here, privacy screens, such as those produced by 3M Corp., narrow the viewing area so screen data is visible only to those directly in front of the monitor. Motion sensors When working away from the office and it's not practical to take your laptop wherever you go, motion sensors can provide additional security. The Targus DefCon Motion Data Protection PC Card<http://www.targus.com/us/drivers_manuals_archive.asp?SKU=PA480U>, for example, sounds an alarm, encrypts the computer's files, and shuts down the laptop if it is moved too far. The mechanism even requires a series of motions, instead of a password, to unlock the machine again. The Kensington Sonic Lock from the Kensington Computer Products Group is another option. The product has a combination lock with a built-in motion sensor that sounds at 100 dB if the unit is moved. Laptop data loss: Mobile technology to the rescue For some companies, if a laptop is stolen, nothing short of total destruction of the laptop data will be good enough. Learn which two products may be suitable for those types of organizations. LAPTOP SECURITY TIPS AND BEST PRACTICES Travel tips If you're travelling with a colleague, use a buddy system to watch each others' backs while making calls, ordering food or drinks, or going to the lavatory. If you are on your own, consider a backpack which makes it easier to keep your laptop on you in such situations. Also try to avoid using flashy carry cases as they can attract unnecessary attention, particularly if they feature corporate logos. Always travel with a car that has a locking boot and never leave your laptop in a vehicle where it can be seen through the window. Even when it's in the boot, use your cable lock to secure it. Of course, a laptop should only have the minimal amount of data stored on it that's required for the current task. If a laptop is being taken on a sales pitch to a client, it doesn't need the entire client database and budget figures on it, just the presentation. If you do need to have access to sensitive documents, consider using offline storage as a way of transporting the data, instead of bringing it on the laptop. The data can then be securely accessed when you've arrived at your destination. Laptop security policies For whatever policies that you put in place, users should sign off on them whenever a portable computer is taken out of the office, thus ensuring they remain aware of their responsibilities in the protection and, potentially, replacement of the device. You should also make them aware of the potential value of any data stored on their laptop; combined with a healthy dose of paranoia, this will make them treat it with the care it deserves. Unfortunately, even with all these measures in place, your organisation may still have a laptop go missing. It's essential therefore that your security policy includes an incident plan. Incident response plan You will need to ascertain how vulnerable the laptop is: What was on it? Does it have remote access software? You should have a contact list of those people or organisations that need to be notified -- police, clients or other third parties such as tracking services. Dell offers a range of laptop and data protection services, including Laptop Tracking and recovery for lost or stolen laptops and Remote Data Delete, so that administrators can remotely delete sensitive data if a laptop is lost or stolen. Similar services are offered by AbsoluteSoftware<http://www.absolute.com/> Corp. and Trace Technologies LLC<http://www.ztrace.com/zSecuritySuite.asp>'s zSecurity Suite. Laptop authentication To make life harder for anyone who does take a laptop, make sure to implement strong BIOS passwords and hard drive passwords. The latter prevents a laptop from being usable if a hard drive is removed and reinstalled into a similar machine. Of course, users who do carry sensitive data should have encryptable drives or files. Many laptops now have fingerprint readers built-in, allowing a fingerprint to be used instead of a password to log in to the machine. DigitalPersona Inc<http://www.digitalpersona.com/>. provides swipe fingerprint readers so your fingerprint can replace all your passwords. Finally, remember that if mobile workers access the Internet via public Wi-Fi, then an attacker doesn't necessarily need physical access to steal data from it. Infrared and Bluetooth ports should certainly be disabled on laptops if not needed, and your security policy must include strict rules on accessing the Internet outside the safety of the office. If there are no open communication channels, then you only have to worry about the laptop's physical security. About the author: Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. ________________________________ Notice: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this email by error, please notify us by return e-mail or telephone and immediately and permanently delete the message and any attachments. The recipient should check this email and any attachments for the presence of viruses. The Bank accepts no liability for any damage caused by any virus transmitted by this email.
To unsubscribe send a message to accessindia-requ...@accessindia.org.in with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in