Re: [H] How would you secure a laptop?
Password protecting your laptop HDD is sufficient to keep someone from booting/mounting it. To crack that requires a ~$2000 hardware solution. AIN/Autorun should always be disabled. Using Syskey via floppy or boot time password in combination with 15+ character user passwords will keep someone from cracking your passwords & makes EFS a viable alternative to 3rd party encryption of user files. WiFi is hard to firewall externally, but LAN is not if you take a simple hardware firewall with you & plug it in between laptop & LAN. You could just use a WAP and have your own firewalled WIFI if LAN jack is near enough to needed coverage area. I do all this when I go on vacation since I don't trust the hotel LAN and they charge for their WIFI anyway, never mind the issue of "loosing" my laptop to a thief. Of course I go beyond HDD password, Syskey, EFS & long Windows passwords for my personal data but that's because I want to be secure from even big brother snooping. Brian Weeden wrote: > I will be doing some traveling in the summer to places where I have at > least a little worry about organizations/people trying to sneak > keyloggers/trojans/etc onto my laptop. So I am starting o think about > how I would secure it Here are my thoughts so far. > > There are several ways you would be vulnerable, and thus probably need > a combination of solutions to be as secure as possible. > > Sources of Vulnerability > 1. Inserted CD/DVD/USB/Floppy with executable/autorun > 2. Software spyware installed via #2 or after hacking an admin account > 3. External penetration over internet/local LAN > 4. Hardware keylogger > > Possible Solutions: > 1. Disable autorun and removable drives > > 2. Encrypt entire hard drive > Unlike encrypting just the data, this would prevent installation of > any bad software without first encrypting the drive. I have used > Truecrypt before to encrypt just data but not sure how to use it or > another solution to encrypt an entire drive from boot through > shutdown. > > 3. Good firewall and/or NAT > 4. ? > > So are there any major sources of vulnerability that I am missing? > Any idea how to protect against someone sneaking in and installing a > hardware keylogger? Would mounting a WinPE or Ubunutu image each time > be a better solution? > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [H] How would you secure a laptop?
I outlined all sources - hardware, hacking in from LAN/internet, and installing malicious software from floppy, CD, or USB. On 12/13/06, Winterlight <[EMAIL PROTECTED]> wrote: So you aren't worried about hackers, or people attempting illicit things over the net... your concerned about installed hardware devices... so you are worried about being monitored by your employer, or some one else who is authorized to do so is that it? At 02:22 PM 12/13/2006, you wrote: >I have seen keyloggers that look just like a bigger version of a PS/2 >connector. Take a look at this: > >http://www.thinkgeek.com/gadgets/security/5a05/ >http://www.thinkgeek.com/gadgets/security/7af2/ > >I am quite certain that if I can order those from Thinkgeek, there are >versions in use in the world by various organizations that are smaller >and could conceivably be put inside a laptop keyboard or a normal >keyboard and be very hard to detect. -- Brian
Re: [H] How would you secure a laptop?
Put a0quick release screw on the hdd and just take it when you walk away or boot to a pen drive Sent via BlackBerry from Cingular Wireless -Original Message- From: "Anthony Q. Martin" <[EMAIL PROTECTED]> Date: Wed, 13 Dec 2006 17:42:35 To:The Hardware List Subject: Re: [H] How would you secure a laptop? What the mind can conceive, the man can achieve! However: Do you really think someone would engineering such a small device for a laptop, get your machine, open it, find a way to install it, put it all back together, and then get it back into your possession to steal your keystrokes? There simply has to be a better way of getting infoperhaps you just finish watching MI:3! :) The only way you can defect such a device is to simply not allow it to get into your machine. Brian Weeden wrote: > I have seen keyloggers that look just like a bigger version of a PS/2 > connector. Take a look at this: > > http://www.thinkgeek.com/gadgets/security/5a05/ > http://www.thinkgeek.com/gadgets/security/7af2/ > > I am quite certain that if I can order those from Thinkgeek, there are > versions in use in the world by various organizations that are smaller > and could conceivably be put inside a laptop keyboard or a normal > keyboard and be very hard to detect. > > On 12/13/06, Anthony Q. Martin <[EMAIL PROTECTED]> wrote: >> but I was under the impression that on a desktop, one hides the >> "hardware" behind the PC (or under the keyboard, or someplace) so that >> it can do the logging...and then it gets removed later. I don't see how >> that works on a laptop, assuming you keep all the ports visible and >> don't connect it to anything else. If there is some other way to do it >> via hardware, I'd like to know. >> >> Brian Weeden wrote: >> > Same way it happens on a desktop I would assume - it records all your >> > keystrokes and then it is either removed or accessed remotely and the >> > strokes are extracted. It's not easy but you can sometimes extract >> > information like logins. For example, on a normal system, the first >> > string is going to be your Windows login/password. >> > >> > On 12/13/06, Anthony Q. Martin <[EMAIL PROTECTED]> wrote: >> >> >> >> >> >> Brian Weeden wrote: >> >> > >> >> > 4. Hardware keylogger >> >> > >> >> >> >> How does a hardware keylogger work on a laptop? >> >> >> > >> > >> > >
Re: [H] How would you secure a laptop?
What the mind can conceive, the man can achieve! However: Do you really think someone would engineering such a small device for a laptop, get your machine, open it, find a way to install it, put it all back together, and then get it back into your possession to steal your keystrokes? There simply has to be a better way of getting infoperhaps you just finish watching MI:3! :) The only way you can defect such a device is to simply not allow it to get into your machine. Brian Weeden wrote: I have seen keyloggers that look just like a bigger version of a PS/2 connector. Take a look at this: http://www.thinkgeek.com/gadgets/security/5a05/ http://www.thinkgeek.com/gadgets/security/7af2/ I am quite certain that if I can order those from Thinkgeek, there are versions in use in the world by various organizations that are smaller and could conceivably be put inside a laptop keyboard or a normal keyboard and be very hard to detect. On 12/13/06, Anthony Q. Martin <[EMAIL PROTECTED]> wrote: but I was under the impression that on a desktop, one hides the "hardware" behind the PC (or under the keyboard, or someplace) so that it can do the logging...and then it gets removed later. I don't see how that works on a laptop, assuming you keep all the ports visible and don't connect it to anything else. If there is some other way to do it via hardware, I'd like to know. Brian Weeden wrote: > Same way it happens on a desktop I would assume - it records all your > keystrokes and then it is either removed or accessed remotely and the > strokes are extracted. It's not easy but you can sometimes extract > information like logins. For example, on a normal system, the first > string is going to be your Windows login/password. > > On 12/13/06, Anthony Q. Martin <[EMAIL PROTECTED]> wrote: >> >> >> Brian Weeden wrote: >> > >> > 4. Hardware keylogger >> > >> >> How does a hardware keylogger work on a laptop? >> > >
Re: [H] How would you secure a laptop?
So you aren't worried about hackers, or people attempting illicit things over the net... your concerned about installed hardware devices... so you are worried about being monitored by your employer, or some one else who is authorized to do so is that it? At 02:22 PM 12/13/2006, you wrote: I have seen keyloggers that look just like a bigger version of a PS/2 connector. Take a look at this: http://www.thinkgeek.com/gadgets/security/5a05/ http://www.thinkgeek.com/gadgets/security/7af2/ I am quite certain that if I can order those from Thinkgeek, there are versions in use in the world by various organizations that are smaller and could conceivably be put inside a laptop keyboard or a normal keyboard and be very hard to detect.
Re: [H] How would you secure a laptop?
I have seen keyloggers that look just like a bigger version of a PS/2 connector. Take a look at this: http://www.thinkgeek.com/gadgets/security/5a05/ http://www.thinkgeek.com/gadgets/security/7af2/ I am quite certain that if I can order those from Thinkgeek, there are versions in use in the world by various organizations that are smaller and could conceivably be put inside a laptop keyboard or a normal keyboard and be very hard to detect. On 12/13/06, Anthony Q. Martin <[EMAIL PROTECTED]> wrote: but I was under the impression that on a desktop, one hides the "hardware" behind the PC (or under the keyboard, or someplace) so that it can do the logging...and then it gets removed later. I don't see how that works on a laptop, assuming you keep all the ports visible and don't connect it to anything else. If there is some other way to do it via hardware, I'd like to know. Brian Weeden wrote: > Same way it happens on a desktop I would assume - it records all your > keystrokes and then it is either removed or accessed remotely and the > strokes are extracted. It's not easy but you can sometimes extract > information like logins. For example, on a normal system, the first > string is going to be your Windows login/password. > > On 12/13/06, Anthony Q. Martin <[EMAIL PROTECTED]> wrote: >> >> >> Brian Weeden wrote: >> > >> > 4. Hardware keylogger >> > >> >> How does a hardware keylogger work on a laptop? >> > > -- Brian
Re: [H] How would you secure a laptop?
At 08:59 AM 13/12/2006, Anthony Q. Martin wrote: but I was under the impression that on a desktop, one hides the "hardware" behind the PC (or under the keyboard, or someplace) so that it can do the logging...and then it gets removed later. I don't see how that works on a laptop, assuming you keep all the ports visible and don't connect it to anything else. If there is some other way to do it via hardware, I'd like to know. You paint the keylogger pink and erect a somebody else's problem field around it. :) Actually, keyloggers aren't the real issue for security. Form scrapers are. Most people don't want to go through reams of keystrokes when they can just scrape forms and get the good stuff. Since these are software, good malware practices should take care of them. T
Re: [H] How would you secure a laptop?
but I was under the impression that on a desktop, one hides the "hardware" behind the PC (or under the keyboard, or someplace) so that it can do the logging...and then it gets removed later. I don't see how that works on a laptop, assuming you keep all the ports visible and don't connect it to anything else. If there is some other way to do it via hardware, I'd like to know. Brian Weeden wrote: Same way it happens on a desktop I would assume - it records all your keystrokes and then it is either removed or accessed remotely and the strokes are extracted. It's not easy but you can sometimes extract information like logins. For example, on a normal system, the first string is going to be your Windows login/password. On 12/13/06, Anthony Q. Martin <[EMAIL PROTECTED]> wrote: Brian Weeden wrote: > > 4. Hardware keylogger > How does a hardware keylogger work on a laptop?
Re: [H] How would you secure a laptop?
Same way it happens on a desktop I would assume - it records all your keystrokes and then it is either removed or accessed remotely and the strokes are extracted. It's not easy but you can sometimes extract information like logins. For example, on a normal system, the first string is going to be your Windows login/password. On 12/13/06, Anthony Q. Martin <[EMAIL PROTECTED]> wrote: Brian Weeden wrote: > > 4. Hardware keylogger > How does a hardware keylogger work on a laptop? -- Brian
Re: [H] How would you secure a laptop?
Brian Weeden wrote: 4. Hardware keylogger How does a hardware keylogger work on a laptop?
RE: [H] How would you secure a laptop?
I don't know the answer for most of this, but I just read the other day about one way of protecting your system - use a VM image that is located on an encrypted folder/drive. Bobby -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Weeden Sent: Tuesday, December 12, 2006 8:55 PM To: hwg Subject: [H] How would you secure a laptop? I will be doing some traveling in the summer to places where I have at least a little worry about organizations/people trying to sneak keyloggers/trojans/etc onto my laptop. So I am starting o think about how I would secure it Here are my thoughts so far. There are several ways you would be vulnerable, and thus probably need a combination of solutions to be as secure as possible. Sources of Vulnerability 1. Inserted CD/DVD/USB/Floppy with executable/autorun 2. Software spyware installed via #2 or after hacking an admin account 3. External penetration over internet/local LAN 4. Hardware keylogger Possible Solutions: 1. Disable autorun and removable drives 2. Encrypt entire hard drive Unlike encrypting just the data, this would prevent installation of any bad software without first encrypting the drive. I have used Truecrypt before to encrypt just data but not sure how to use it or another solution to encrypt an entire drive from boot through shutdown. 3. Good firewall and/or NAT 4. ? So are there any major sources of vulnerability that I am missing? Any idea how to protect against someone sneaking in and installing a hardware keylogger? Would mounting a WinPE or Ubunutu image each time be a better solution? -- Brian
[H] How would you secure a laptop?
I will be doing some traveling in the summer to places where I have at least a little worry about organizations/people trying to sneak keyloggers/trojans/etc onto my laptop. So I am starting o think about how I would secure it Here are my thoughts so far. There are several ways you would be vulnerable, and thus probably need a combination of solutions to be as secure as possible. Sources of Vulnerability 1. Inserted CD/DVD/USB/Floppy with executable/autorun 2. Software spyware installed via #2 or after hacking an admin account 3. External penetration over internet/local LAN 4. Hardware keylogger Possible Solutions: 1. Disable autorun and removable drives 2. Encrypt entire hard drive Unlike encrypting just the data, this would prevent installation of any bad software without first encrypting the drive. I have used Truecrypt before to encrypt just data but not sure how to use it or another solution to encrypt an entire drive from boot through shutdown. 3. Good firewall and/or NAT 4. ? So are there any major sources of vulnerability that I am missing? Any idea how to protect against someone sneaking in and installing a hardware keylogger? Would mounting a WinPE or Ubunutu image each time be a better solution? -- Brian