top 4 security tips for laptop

Hello.

I have a laptop that I would like to make secure (=against data steel, eg cookies) so I decided to post this post. Here is a list of suggestions what to do to secure a laptop and its data.

(eg lets have this discussion for ordinary laptop with Windows XP home)

1. FDE

2. XP Proff. offer some kind of encryption as well

3. BIOS password, not only for access to BIOS, but also for access to computer

4. disamble in BIOS booting from any other device than from harddisc, disable in BIOS use of USB

any other ones?

(set everywhere INTELLIGENT passwords)

 

Even before encrypting the data on your laptop, I would suggest minimizing the data that's on your laptop; in other words, only carry around what is necessary. We've all heard the stories of lost or stolen laptops containing databases with millions of now-potentially-leaked personal records (e.g., medical, financial, et cetera). In many of these cases, which could have very well been prevented, I seriously question the necessity of transporting this type of data, in such mass volume, in this manner. Keep in mind: Data that doesn't exist will always be more secure than data that does. As obvious as this seems, history says otherwise.

 

FDE + In-OS Encryption is overkill, UNLESS you plan on having multiple users using this laptop at the same time, OR plan on defeating your FDE by closing the lid when the system is not in use.

Don't forget a anti-theft alarm that will lock into the laptop lock port (Provided your laptop has one which it should.) This way you can physically lock your laptop to something (bench, table, safe, etc).

BIOS Passwords can often be bypassed with a jumper (taking time, but if they have the device time is irrelevant.) Not to mention can be bypassed entirely if you simply remove the drive from the device. (Which also makes the above mentioned lock a moot point.)

Justin's advise is wise as well.

 

The main thing about security is to take time and think about what you are trying to protect. "Protect agents data theft" is too general. You can't protect your data from all threats so you you need to narrow things down.
You mentioned cookies for example. This implies you are worried about malware from online surfing. Encryption won't stop that, you need to be careful how you surf and use a good antivirus program.
If you are mostly worried about someone steeling your laptop then FDE is the only security that totally protects agents that.
If you are worried about a sophisticated and determined hacker then even FDE might not be enough (google "Evil maid attack" for examples)

Encryption provides good security in many cases, just remember you need to come up with a backup plan because it is much harder to recover encrypted data when things go wrong.

 

Wikipedia, which I don't use as sourcing too often, actually has a very good introduction to threat models. This is the first thing that must be determined before you can design a defense.
http://en.wikipedia.org/wiki/Threat_model