Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Tip #15: Protecting Laptops

Published: 2007-10-15
Last Updated: 2007-10-15 14:22:22 UTC
by Maarten Van Horenbeeck (Version: 4)
0 comment(s)

Laptops have made our life much easier. We can now work when we want to, and where we want to – and do a better job. However, INFOSEC practitioners also suffer a bit due to that same advantage. Laptops are much more likely to leave company premises, and are relatively expensive and as such an interesting object for thieves. While the cost of a laptop fleet is significant to organizations, what we are most worried about is the data contained on them.

There are several issues related to laptop security:

  • Physical protection of the device;
  • Maintaining control over the networks it connects to;
  • Preventing malicious code from being introduced in other settings than the “protected office”;
  • Preventing leakage of data despite the higher risk of theft.

The risk posed to a laptop can also differ significantly based on location. For example, suppose you use full disk encryption. When you are logged in, such encryption is of little value. In the average American/European environment, we use full disk encryption as a means to gard the data on our device when it is ‘out of sight’. While we are watching the laptop, all data is relatively safe. Is this also valid for our oil executive travelling to Nigeria ?

I’m looking forward to all your ideas, suggestions and comments, and will update the diary continuously when they arrive! Write to us here.

Boris wrote in how he avoids having any data at all on the endpoint. They are inherently prone to theft, and by enabling a connection to the home base and uploading work data there, one can maximally reduce risk of data theft on the endpoint. While this is not possible in all locations (try getting your oil exec a stable connection in areas around Port Harcourt, for example), the increasing availability of internet is making this more of a reality for many companies.

Moving further into the Nigerian plot, Derek proposed using a decoy partition which you can load with a secondary password as a way to avoid leaking data when under duress. He mentions Truecrypt as a great tool to implement this.

Neal had some other great ideas (actually a couple of pages of them, great job and thanks!) Here are a couple of the most interesting ones:

  • Always carry a cable and lock for your device;
  • When you don't need wireless on a trip, (e.g. during a presentation), disable it. Also ensure that your wireless drivers/software is hardened so you won't make unexpected connections. (editor's note: There is also wireless-specific security software available today to monitor the connections you make or connection attempts others make towards you. This may be overkill in some cases, but it's interesting to know about them);
  • System hardening is important (disable autorun, you never know what untrusted material you may need to plug in to "get a presentation copy". Also keep a thumb drive on you which you can write protect to hand things out, and another one they can write to so you can take it with you and use elsewhere after further scrutiny;
  • Do not walk through a metal detector until you see your laptop entering the X-Ray machine. Do make sure you don't have anything on you that may delay you further while your machine moves ahead. Mention you want to keep your laptop in sight if this would happen.
0 comment(s)
Diary Archives