laptop security/theft recovery - Tilted Forum Project Discussion Community

mikec · 10-06-2007, 11:00 PM

I've been talking with some people in my company about laptop security ...we exclusively use dell laptops.

We need some additional security in place because of the potential for laptops to be stolen. I thought some security measures that could be put into place are: using XP's functionality to encrypt the HD, use a bios hard drive password, and possibly install lojack for laptops on all machines.

My questions to the group are: how difficult do you think it is to break xp's encryption?

how hard to bypass a bios HD password? it's easy enough to work around a windows password (super ERD), and lojack for laptops only seems to work on the windows install it was installed to. if a HD was wiped and a fresh install went on, lojack would be toast.

is there any hardware level theft recovery software that would remain even if windows was reinstalled?

Thanks.... MikeC

drego · 10-07-2007, 10:08 AM

Well, the XP encrypt is alright, it's much better than nothing. I haven't ever tried to crack it myself, but on the other hand I haven't seen any uber-easy cracks or anything.

Bios passwords are alright, as long as no one resets the bios.

Essentially, no matter what you do, something is better than nothing.

Hhhmm, I think that's about all that I have to offer...

~Drego

freeload · 10-07-2007, 12:29 PM

At work we use SafeGuard Easy encryption for our laptops - all data on the harddrives are encryptet with a pretty strong encryption. Should give a good security - but for easy maintenance all computers have the same password to unlock the encryption

Slims · 10-07-2007, 12:51 PM

PGP makes a real good product. Including good hard drive encryption.

Don't waste your time with a BIOS password, or a windows password. Well, do it to keep out the rifraff, but anybody who knows about computers can bypass them both in about ten minutes.

The BIOS password can be manually reset, and then you tell the BIOS to boot from a CD, which you do using a CD bootable linux distribution. Then simply ditch the hash file containing the windows password, and boot the computer normally...your in.

Lowjack is probably not worth it, because if they are just after the data they will probably ditch the laptop after removing the hard drive.

An encrypted hard drive is really the only way to keep your data secure.

trib767 · 10-07-2007, 02:18 PM

We too use Safeguard Easy www.utimaco.com
Our techs have had issues with some hard drives ending up unbootable - I haven't the personal experience to know whether it's the tech's fault or the software's.
I also keep a 'personal' drive on my work pc encrypted with Truecrypt which is open source so it's free.

mikec · 10-07-2007, 09:36 PM

Thanks for the info on encryption, I'll definitely check out safeguard & pgp.

for locating already stolen laptops, I found Computrace that will embed into the bios, and withstand HD reformats & even a HD swap..

Glory's Sun · 10-08-2007, 09:54 AM

Quote:

Originally Posted by mikec

Thanks for the info on encryption, I'll definitely check out safeguard & pgp.

for locating already stolen laptops, I found Computrace that will embed into the bios, and withstand HD reformats & even a HD swap..

I have the computrace lojack on my laptop.

Of course I have no idea how good it works since it hasn't been stolen .. yet.

10-06-2007, 11:00 PM	#1 (permalink)
mikec I flopped the nutz... Location: Stratford, CT	laptop security/theft recovery I've been talking with some people in my company about laptop security ...we exclusively use dell laptops. We need some additional security in place because of the potential for laptops to be stolen. I thought some security measures that could be put into place are: using XP's functionality to encrypt the HD, use a bios hard drive password, and possibly install lojack for laptops on all machines. My questions to the group are: how difficult do you think it is to break xp's encryption? how hard to bypass a bios HD password? it's easy enough to work around a windows password (super ERD), and lojack for laptops only seems to work on the windows install it was installed to. if a HD was wiped and a fresh install went on, lojack would be toast. is there any hardware level theft recovery software that would remain even if windows was reinstalled? Thanks.... MikeC __________________ Until the 20th century, reality was everything humans could touch, smell, see, and hear. Since the initial publication of the charted electromagnetic spectrum, humans have learned that what they can touch, smell, see, and hear is less than one millionth of reality

10-07-2007, 10:08 AM	#2 (permalink)
drego Upright Location: WA......somewhere....I hope......	Well, the XP encrypt is alright, it's much better than nothing. I haven't ever tried to crack it myself, but on the other hand I haven't seen any uber-easy cracks or anything. Bios passwords are alright, as long as no one resets the bios. Essentially, no matter what you do, something is better than nothing. Hhhmm, I think that's about all that I have to offer... ~Drego __________________ There is no such thing as "Bug Free" software....there is only software with an acceptable (and documented) level of failure. Hack the Planet!!!! Last edited by drego; 10-07-2007 at 10:18 AM..

10-07-2007, 12:29 PM	#3 (permalink)
freeload Done freeloading here Location: on my ass :) - Norway	At work we use SafeGuard Easy encryption for our laptops - all data on the harddrives are encryptet with a pretty strong encryption. Should give a good security - but for easy maintenance all computers have the same password to unlock the encryption __________________ The future ain't what it used to be.

10-07-2007, 12:51 PM	#4 (permalink)
Slims Eccentric insomniac Location: North Carolina	PGP makes a real good product. Including good hard drive encryption. Don't waste your time with a BIOS password, or a windows password. Well, do it to keep out the rifraff, but anybody who knows about computers can bypass them both in about ten minutes. The BIOS password can be manually reset, and then you tell the BIOS to boot from a CD, which you do using a CD bootable linux distribution. Then simply ditch the hash file containing the windows password, and boot the computer normally...your in. Lowjack is probably not worth it, because if they are just after the data they will probably ditch the laptop after removing the hard drive. An encrypted hard drive is really the only way to keep your data secure. __________________ "Socialism is a philosophy of failure, the creed of ignorance, and the gospel of envy, its inherent virtue is the equal sharing of misery." - Winston Churchill "All men dream: but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity: but the dreamers of the day are dangerous men, for they may act out their dream with open eyes, to make it possible." Seven Pillars of Wisdom, T.E. Lawrence

10-07-2007, 09:36 PM	#6 (permalink)
mikec I flopped the nutz... Location: Stratford, CT	Thanks for the info on encryption, I'll definitely check out safeguard & pgp. for locating already stolen laptops, I found Computrace that will embed into the bios, and withstand HD reformats & even a HD swap.. __________________ Until the 20th century, reality was everything humans could touch, smell, see, and hear. Since the initial publication of the charted electromagnetic spectrum, humans have learned that what they can touch, smell, see, and hear is less than one millionth of reality

10-07-2007, 02:18 PM	#5 (permalink)
trib767 Crazy Location: London, UK	We too use Safeguard Easy www.utimaco.com Our techs have had issues with some hard drives ending up unbootable - I haven't the personal experience to know whether it's the tech's fault or the software's. I also keep a 'personal' drive on my work pc encrypted with Truecrypt which is open source so it's free.