Password protecting your laptop HDD is sufficient to keep someone from booting/mounting it. To crack that requires a ~$2000 hardware solution.
AIN/Autorun should always be disabled. Using Syskey via floppy or boot time password in combination with 15+ character user passwords will keep someone from cracking your passwords & makes EFS a viable alternative to 3rd party encryption of user files. WiFi is hard to firewall externally, but LAN is not if you take a simple hardware firewall with you & plug it in between laptop & LAN. You could just use a WAP and have your own firewalled WIFI if LAN jack is near enough to needed coverage area. I do all this when I go on vacation since I don't trust the hotel LAN and they charge for their WIFI anyway, never mind the issue of "loosing" my laptop to a thief. Of course I go beyond HDD password, Syskey, EFS & long Windows passwords for my personal data but that's because I want to be secure from even big brother snooping. Brian Weeden wrote: > I will be doing some traveling in the summer to places where I have at > least a little worry about organizations/people trying to sneak > keyloggers/trojans/etc onto my laptop. So I am starting o think about > how I would secure it Here are my thoughts so far. > > There are several ways you would be vulnerable, and thus probably need > a combination of solutions to be as secure as possible. > > Sources of Vulnerability > 1. Inserted CD/DVD/USB/Floppy with executable/autorun > 2. Software spyware installed via #2 or after hacking an admin account > 3. External penetration over internet/local LAN > 4. Hardware keylogger > > Possible Solutions: > 1. Disable autorun and removable drives > > 2. Encrypt entire hard drive > Unlike encrypting just the data, this would prevent installation of > any bad software without first encrypting the drive. I have used > Truecrypt before to encrypt just data but not sure how to use it or > another solution to encrypt an entire drive from boot through > shutdown. > > 3. Good firewall and/or NAT > 4. ? > > So are there any major sources of vulnerability that I am missing? > Any idea how to protect against someone sneaking in and installing a > hardware keylogger? Would mounting a WinPE or Ubunutu image each time > be a better solution? > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
