securing a laptop in case of theft?

Hello. Apologies if this is in wrong thread or already covered elsewhere. I have NOD32, Spybot, Ad-Aware etc for virus/spyware/malware protection, however what should I do to protect data from theft?

A friend recently had a laptop stolen and it caused him no end of hassle as he lost data which included bank details etc. He suggested that I scramble my hard drive data and put on a logon password for booting up but I'm a relative newbie - can you point me in the right direction for how to protect my data if my laptop is stolen?

 

http://www.lojackforlaptops.com/

Helps in recovery. Even a format won't rid it.

Other things you can to do prevent amateur people getting at data...don't leave the Administrator account with a blank password (one of the many reasons to never do this)..and have a decent password on your other accounts.

 

I would sugest to use some freeware encryption software like AxCrypt or TrueCrypt.
Use passphrase instead of password (passphrase generator) & at least 8 characters.

Setting up password will help to prevent newbies to get access to your data, but normal users will not have problems. They can just access your HDD via other PC or just reinstall Windows.

 

DriveCrypt is the best I've seen, but then I'm a reseller...

 

You're kidding, right? That won't protect data from anyone but 3-year olds. With physical access to the disk and hardware even a 300-chars long "logon" password won't prevent anyone from accessing the actual data on the disk.

Personally, I think "whole disk" encryption software is absolutely mandatory on laptops with important data on them. You never know where your data has been written to disk, and if the disk is not encrypted a copy might be easily retrievable from it (even if you kept your actual copies secure and encrypted).

 

There are admin tools for changing user and admin passwords even domain account and admin passwords. They take about 5 seconds and no previous knowledge of either the account or password is required... You don't even have to log in to anything first.
But having strong passwords will prevent amateurs - even if it's only the ones under three years old

Should note in case it wasn't obvious that Full Disk Encryption renders these tools useless...

Cheers

 

The point is, if you have physical access to the hardware and disk you can boot from another media, or you can take the hard drive out and attach it to another computer as a secondary disk, so the "logon" password is automatically bypassed, as are all filesystem permissions and *any* form of protection that's not related to encryption. And, in almost every universe imaginable a computer thief knows this, let alone a computer thief whose aim is to steal the data on the laptop rather than the hardware itself.

 

I know of 26.5 million+ Veterans that wish it was mandatory!


silverfox99,

Just to add to what has been said, "Whole Disk" or "Full Disk" Encryption can offer a good level of protection against physical theft.

But I think the next best thing would be to have enough RAM and disable the page file, use TrueCrypt to create an volume big enough to store your sensitive program and data, and install and run the program from the mounted volume.
Sure there are still registry traces about the last used file name, but not the actual data. And the data would be protected in case of physical theft. They may get all the other private info that windows leaks all over the drive, but the encrypted stuff would be relatively safe.

 

I don't think there's any way to disable the page file completely, but if you install Eraser it can be set to "securely erase" the pagefile at shutdown.

 

Hi Notok,

Thanks for the correction and advice! The minimum even with No Page File is set to 2MB. Go figure, I thought No Page File is supposed to mean 0MB.

Also, thanks to new member mrquestionmark for letting us know about TrueCrypt's TCGINA & TCTEMP, which may provide a good alternative to whole disk encryption by just encrypting the critical parts of windows. Very clever.

 

Yup.. you can disable paging of the system kernel, but all apps expect 4GB of memory so you'd probably want that much before lowering it that far.

 

I've successfully operated 1GB and 1.5GB RAM systems with no Page File without problems for some time. I guess it depends on what programs you run and how much they stress the system.

- - - - - - -

Another thing for securing a laptop, not to overlook the obvious, is a Kensington (or equivalent) cable lock. It won't stop determined thieves, but it will slow them down.

 

Sure you can. You simply disable the page file. Completely disabling the Page File means it is disabled - not just crippled. I haven't used a page file in three years or more. I run with 1GB of RAM and I have had no problems at all. In fact, I never had problems at 512MB.

http://aycu33.webshots.com/image/2712/1246554738653686860_rs.jpg

Oh. as for laptop security, I use TrueCrypt with ALL data inside.

----------securityx----------

 

Hi Notok,

Could you explain what you mean by completely?
I haven't looked into this for some time and at one point when troubleshooting a misbehaving app, I enabled the page file again. The page file size turned out to not be the problem, but I just forgot about it and left it on since then.
When you go to Change Virtual Memory, it says minimum allowed is 2MB, but you can set no page file and it will be 0MB.

If all apps expect 4GB, then why am I able to run without problems with just 1.5GB?
Is it that I am not reaching the end of my physical RAM in normal use?
When you disable the page file that is only disabling the page file for the system kernel and not individual apps?
Some apps like PhotoShop can manage their memory usage and restrict the maximum they use. PS does recommend a minimum page file of 16MB when starting up. But it seems to run fine with 0MB as well.

 

Hello,

On my system, 2GB of RAM, I tried not so far ago to disable the page file.
It worked, but then the system was much slower. While it seems not logical, there is may be some clues there :
http://mywebpages.comcast.net/SupportCD/XPMyths.html#Optimization

I noticed some HDD accesses that I didn't notice before, I have no explication. More detailed on this link :
http://www.windowsitpro.com/Article/ArticleID/42035/42035.html

About Full HDD encryption, any free software available ?

Regards,
gkweb.

 

Hi gkweb,

Thanks for the info.
On ancient windows systems it would have made a big performance boost. Now it doesn't seem to make any speed difference on my system.
Actually, my main reason for disabling the page file was for security/privacy, not performance.

Yes, there is a free whole disk encryption available, though I have not tried it. It is also available for Linux! CompuSec

 

I've just found BestCrypt Volume Encryption beta :
http://www.jetico.com/bcve.htm

As it is a beta it seems free for now, but of course no one can secure vital data
with beta softwares. I wonder when the final version will be out and for how much.

Regards,
gkweb.

 

As there is not a decent open-source Full-Drive Encryption product, the next best thing is a commercial offering from a well-respected company. I like Winmagic's products. MySecureDoc is an excellent FDE application. In fact, they even went the extra mile and opened up the source code for inspection by Bruce Schneier, who praised the product. Without open-source, I would venture to say this Winmagic product is the next best thing.
www.mysecuredoc.com
http://www.mysecuredoc.com/images/pe_box.gif

----securityx----

 

http://aumha.org/win5/a/xpvm.htm - and I'll see if I can find more. Basically you can tell it not to use any space, but you can't stop paging from happening. Apps are going to expect 4gb, but obviously not every app is going to use that much. If something does need to use that much, however, you'll run into problems. The main point there was that apps are going to expect a lot more memory than what you really have in physical RAM. I wouldn't be comfortable setting the pagefile to zero unless I had at least 4GB.

If you think about it, though, even if you could disable it completely, someone with that much access to your system will find the data they want elsewhere. This is what I would do:

• Install Eraser, set it to clear the pagefile at shutdown for you and wipe empty space in the background
• Set apps to not leave traces or clear them at shutdown and/or use a third party cleaning program that will erase that kind of thing for you automatically
• Use encryption for all of the stuff that you really wouldn't want anyone else to see (perhaps even your browser profile).

Personally I've not found a cleaner that has all the features I want *and* does good secure erasing, so I generally like to use the cleaner I like and then just let Eraser go in the background. Really, though, for anything you would want to really hide from a potential theif, I would just put it on an encrypted drive. This includes things like browser profile. If someone is really determined enough, they'll get the info they want. Encryption will make it significantly harder, to near imposibility, if used right. Just don't jump into encryption. With anti-malware software, the worst that would happen is that you might have to format, but encryption is not at all forgiving... if a mistake is made, that data is gone forever. It's best to do a trial run with some test files until you're completely confident with the program and restoring the data in case everything is lost (ie, practice restoring it on another computer).

 

Thanks again Notok!

I guess I never noticed a subjective speed difference because I wasn't pushing the RAM to the max with a 0MB page file. It seems this could lead to trouble if you had a lot of programs open or a few with large documents. Imagine in such a case, an opened TrueCrypt volume and TrueCrypt gets an out of memory error or worse and your open volume gets corrupted. Don't know if it's possible, but it is not worth it to disable Virtual Memory (Page File) when their are viable options like what you mentioned.

------------------------------

So then it looks like my options for securing a laptop without disabling the page file are:

1. Eraser to clean page file on shut down, cleaner of choice to clean the rest of the private tracks, encrypt all data and programs that should be kept private with favorite OTFE (on the fly encryption) program (like TrueCrypt).

2. If they are secure and reliable, use TrueCrypt's TCTEMP and TCGINA to encrypt the page file and the user's profile and private settings. Additionally use TrueCrypt to encrypt all data and programs that should be kept private.
One would not need to use Eraser or a cleaner in this case.

3. Use a FDE like MySecureDoc, PGP, DCPP, BestCrypt Volume Encryption, CompuSec, or the Seagate Momentus 5400 FDE 2.5" Hard Drive.
note: PGP FDE does allow peer review but it is not open source.

One thing bothered me on the MySecureDoc site. It pointed out that other FDE programs don't let you install an OS service pack unless you decrypt the whole thing! Is this true? Of which FDE programs?
This would be very inconvenient if true.

It also mentioned that it includes a backup utility for the encrypted volume.
When using FDE, can't you just create a backup image of the encrypted partition?

I assume that these FDE programs put something in the MBR of the HD to do their magic, so one should be careful of any other programs that might modify that area. This would include partition managers, multi-booting OS Boot Loaders and Boot Managers, and instant recovery apps like Goback, FD-ISR, etc.
It would be a good idea to do your compatibility research before you go FDE.

 

Once you use this step the two previous ones become redundant don't they?

Normally, using MS Backup or veritas etc. in any normal way but the backup would not be encrypted unless you also put it into an encrypted volume or container.

Indeed and indeed - but that doesn't necessarily mean that things like goback can not be used at all.

Cheers

 

Yes, that's why I said options not steps. Perhaps I should not have used numbers to list the options.

That makes sense with file backup utils. But I was wondering if drive imaging programs like True Image, Drive Snapshot, Image for Windows, or Image for DOS would be able to backup image the partition or full disk encrypted and restore the encrypted partition successfully. This way the backup would be encrypted as well.

Thank you and Cheers!

 

Oops...that's just me speed reading again..

Only safe that way if they operate inside the encryption mechanism, or possibly if they do a bit for bit backup regardless, so you would need to confirm the specific operation of each product. I'm sure I'll get around to testing some one day
But if you're set up to use them, file based backups are normally just as effective for total system recovery.

heheh - My pleasure

I've previously mentioned I'm a reseller of DriveCrypt - DCPP does have Multiple OS boot support - you can register -->here<-- if you would like access to a free 30 day trial of both DriveCrypt and DriveCrypt Plus Pack... Or you could just visit SecurStars own website in which case you will still have to register

 

By bit for bit backup, do you mean a backup image with no compression?
A compressed backup image of the encrypted partition/drive (a drive image) would be corrupt?

Great, then could you answer this question please:
With DCPP, do I have to decrypt the partition BEFORE I install an OS service pack?

 

A lot of backup software, Ghost for example when used in the normal way reads out just the file data, skipping anything it thinks is not allocated. If it were run inside the decryption mechanism then no problem - just so long as you have access to a seperate bootable decryption tool for emergencies where the original FDE boot unlocker is not accessible (which DCPP has). It's actually far far more secure than it may initially sound. Although the backup made will in this case be of the unencrypted data.
Bit for bit is ordinarily encryption/installation/OS insensative. Generally quite compressibly except in the case of FDE
Anyway as I said I'll get to testing some of this at some point. Really doesn't impact on me, but I understand it's a question for others. Really goes without saying, but Always prove your intended backup/restore methodology before you need to rely on it

Simple answer? no normal reason to, but if you like i'll rollback an install to pre FDE and pre SP2 over the weekend and do a personal run through just for you and personally confirm it

In fact I'm sure I've done it in the past already but it's no trouble for to do again. I'll start on it now begining with an original XP Pro and add SP1 then SP2 and post the result