Locking it Down: Simple Laptop Security

1
Locking it Down Simple Laptop Security

• Shawn Sines
• Digital Union
• September 7, 2007

2
Agenda

• 1. Physical security
• 2. Information Security
• 3. Hands On/Discussion

3
Laptop Security Overview

• Laptops are mobile computing devices.
• While that works well for you it also works well
  for thieves and adds a number of factors to how
  we have to handle our property and the data we
  store on it.

• Key Concerns
• Physical Theft
• Information Theft
• Recovery

4
What to Do if your Laptop is Stolen!

• Keep a list of the serial numbers and model
  numbers of laptop and parts like portable hard
  drives/mice/etc.
• MAC address is key - write it down even if youre
  not sure what it is
• It looks like this
• 000c4E68B698
• File a police report
• If it is university owned and contained any
  sensitive data notify your DNA or CIO Security.

5
Physical Security

• Stolen/Lost Laptops
• In 2005, 78 of the 152 incidents reported were at
  higher education institutions of those, 14 were
  the results of stolen computers. These physical
  thefts represent stolen personal data involving
  more than 360,000 individuals.
• Gartner, Stolen Laptops Denote a Growing Data
  Security Breach for Higher Education, March 10th,
  2006
• 47 of computer security professionals surveyed
  reported a laptop theft over the past twelve
  months.
• FBI CSIs annual Computer Crime and Security
  Survey, 2006
• From 2005 to 2006 there was an 81 increase in
  the number of companies reporting stolen laptops
  containing sensitive information.
• 2006 Annual Study The Cost of Data Breach.
  Ponemon Institute, LLC, 2007

6
Physical Security

• Laptops have a secondary value. Going rates on
  popular auction sites like eBay are often 2/3 to
  full retail for laptops.
• Laptop theft is often a matter of opportunity,
  dont encourage it.
• Remember the harder/more risky you make the
  proposition, the more likely you are to deter
  theft.

7
Physical Security

• Never leave your laptop unattended or in plain
  sight
• When leaving your laptop in a car, be certain to
  keep it stored safely out of site in your trunk
  or under a blanket
• Invest in a laptop backpack - thieves often look
  for laptop style brief bags.
• Use a laptop lock whenever possible.

8
Physical Security

• Laptop recovery services
• Lojack for Laptops by Computrace
• Works if a thief/buyer uses internet
• Basically Insurance for your laptop
• According to their marketing research 1 in 10
  laptops are stolen or lost every year and a
  laptop is stolen once every 53 seconds.
• They claim to recover 3 out of 4 laptops using
  their service.
• Annual Cost - around 50 a year.

9
Information Security

• Encryption
• Protects files or the whole hard drive
• Makes your data unreadable without a key
• Free in modern operating systems
• EFS for Windows
• Bitlocker for Vista
• Filevault for MacOS 10
• Can result in data loss if you dont practice
  backing up your files.

10
Free Encryption Tools

• Macintosh OS X FileVault
• Protects user home directory and desktop
• On-the-fly encryption/decryption
• Uses login password no secret code
• Can use Master phrase in case of user corruption

• Windows EFS
• Protects files and folders
• Keyed to user to keep personal files safe from
  prying eyes
• Can have key backed up

11
Caveats

• Disk encryption increases wear on drives because
  of the on-the-fly read/write nature
• Many encryption forms are susceptible to
  corruption if users do not shut down properly or
  power off properly - UPS and frequent data
  backups mitigate this risk
• Both EFS and FileVault rely on users to do the
  right thing to protect the data - it is not a
  whole disk solution.

12
How to Encrypt FileVault on OS X

• Go to "System Preferences", then click on
  "Security".
• If desired, click on "set Master Password" to set
  a master password.
• Click on "Turn on FileVault" to turn on
  FileVault select other options as desired.
• When finished, close the FileVault window.

13
How to Encrypt File Vault on OS X

• Notes
• FileVault only encrypts data stored in your user
  directory
• FileVault is not a tool to protect against
  hackers or viruses
• Because of the nature of encryption you should be
  careful to avoid force-quitting applications and
  minimize the number of improper shutdowns.

14
How to Encrypt Windows EFS

• Locate the files you want to encrypt
• We recommend that you encrypt folders as opposed
  to individual files any new files you add to
  this folder will also be encrypted.
• Select the file or folder and right-click on it
  select Properties.
• In Properties, select the General tab.
• Select the Advanced button. The Advanced
  Attributes window will open and there will be 4
  check boxes.
• Check Encrypt contents to secure data (bottom).
• Select OK button. EFS encrypts the file or
  folder.

15
How to Encrypt EFS for Windows

• Notes
• Can only encrypt files and folders on NTFS file
  system volumes.
• Cannot encrypt
• compressed files or folders. If a compressed file
  or folder is encrypted, it will be uncompressed.
• files marked with the System attribute
• files in the system root directory structure

16
How to Encrypt EFS

• Notes
• When a single file is encrypted, you are asked if
  you also want to encrypt the folder that contains
  it.
• When a folder that contains files or subfolders
  is encrypted, you are asked if you want all files
  and subfolders within the folder to be encrypted.
• If you choose to encrypt the folder only, all
  files and subfolders currently in the folder are
  not encrypted.
• Any new files or subfolders added to the
  encrypted folder are encrypted once they are
  created.

17
The 3 Ps -Password! Patch! Protect!

• Passwords
• The simplest way to deny access to your personal
  files is to use a good password.
• Good Passwords contain
• 7 or more characters
• A mix of numbers, letters and other characters
• Are easy for you to remember but hard for others
  to guess
• Should not be names of pets, children, addresses,
  popular people, books or movies but can include
  them if properly done.
• Remembering is key, make your passwords mean
  something to you and youll remember them more
  easily.

18
The 3 Ps -Password! Patch! Protect!

• Patch
• Windows and MacOS X both offer autoupdate
  services - use them
• Enable Office Updates as well
• Frequently go to your manufacturers website to
  update hardware and software drivers.
• Automate when possible, set it to run at lunch or
  late at night on a certain day of the week, then
  leave the laptop on to get the updates.

19
The 3 Ps -Password! Patch! Protect!

• Protect
• Download Spybot Search Destroy and/or Adaware
• Turn on the Windows Firewall or download
  ZoneAlarm
• Turn on the Macintosh Firewall
• Use a router at home with a Firewall built-in
  when possible
• Use Antivirus Software
• Download AVG Free, a free Windows AV product.

20
Screen Privacy/Protection

• Remember if you can see your screen so can the
  person to the side and behind you.
• Consider purchasing a privacy filter
• 3M makes filters for laptops and desktops. (12 -
  20)
• Prices range from 45-100 based on size.
• Dim your screen so only you can read it.
• Lock you screen when you get up from your
  computer
• Windows-L to lock a Windows XP or Vista Computer
• MacOS X Turn on Require Password upon wakeup or
  screen saver in Security Panel. Then simply put
  the lid down when you walk away.

21
Wireless Protection

• Wireless Security is only a partial protection.
  Determined hackers can still get in, especially
  if you let them
• Turn off folder sharing BEFORE joining a
  wireless network
• If you dont use it turn off Bluetooth - its
  another way in, is on by default and not everyone
  uses it.
• Anyone on the same network can read shared files
  
• Under Windows XPs simple file sharing.
• Open Control Panel gt Administrative Tools gt
  Computer Management.
• Click on Shared Folders
• Double Click on Shares
• Right click on Shared Documents or other folders
  and choose Stop Sharing
• MacOS X
• Click on System Preferences
• Click on Sharing
• Disable Personal File Sharing if it is enabled

22
Application Security

• Develop good web surfing habits
• Avoid storing passwords
• Dont perform online financial transactions
  without a secure connection - HTTPS// is
  normally a good thing to see
• Clear History, Cookies and Other Stored Data
  regularly
• Consider alternate web browsers over Intrnet
  Explorer
• Firefox (Mac and PC)
• Safari (Mac now, PC soon)
• Opera
• Think before you email, clicking on a message
  could expose you to attacks - even from people
  you know.

23
Backups / Data Protection

• Laptops Die, get stolen and get lost. Dont let
  your hard work and personal memories die with it.
• Consider picking up an external hard drive for
  backups
• Many companies offer software on portable hard
  drives to automate the process and make it a
  schedule or one button operation.
• If you back up you may not want to take the drive
  with you
• Consider another external hard drives or a
  portable flash drive for on the go storage -
  having the data at home means its less likely to
  get stolen.
• A stolen laptop with a stolen backup drive is as
  good as having no backup.

24
Reference Links

• Here are links to download locations for the
  software mentioned in this presentation.
• Spybot http//www.safer-networking.org/en/downloa
  d/index.html
• Adaware http//www.download.com/Ad-Aware-2007-Fre
  e/3000-8022_4-10045910.html?partdl-ad-awaresubj
  dltagtop5
• ZoneAlarm http//www.pcworld.com/downloads/file/f
  id,7228-order,1-page,1-c,allfirewallsdownloads/des
  cription.html
• AVG Antivirus (Free) http//free.grisoft.com/doc/
  download-free-anti-virus/us/frt/0

25
Questions?

• Resources
• http//buckeyesecure.osu.edu/
• http//safecomputing.osu.edu
• 8help