Laptop security 2

ianosborne · Jan 4, 2001

Does anyone know of a product that might be able to save my external salesforce automation project? I have been running a project with a laptop running Office and connecting to our servers with a mobile data card. Due to transmission speed and mobile phone rates in Europe most of the data was held on the laptop. Everything on the laptop was passworded that could be. Everything was going well and I was about to propose rolling out the solution to all our sales people and my trial guinea pig salesman resigned, and we think downloaded all his sales & prospect data for use in his new job with one of our competitors. Is there anything that will encrypt all data on a laptop and allow the normal communication with the outside world but with security??

ackka · Jan 4, 2001

http://www.pgp.com/downloads/default.asp

PGP is usually the way to go encrypt the data, and here is a good book on security on the internet

http://www.angelfire.com/electronic/ackka/docs/MaximumInternetSecurity/index.htm

For that type of problem specifically i would suggest using NT, not windows 9x. NT allows only certain users access to certain files, if you configure it correctely. Plus it is fairly hard to crack, not to hard, just matters what type of person you are dealing with. For example with physical access to a NT machine it took me about a week to gain admin access. On a windows 9x machine about a day... Bascially NT allows you to set certain sections of the hard drive as accesible only to certain hard drives. Plus it uses a fairly good NTFS file system to protect the data...

good luck..

ackka
ackka@mad.scientist.com

http://home.cyberarmy.com/ackka

http://www.cultdeadcow.com

chiph · Jan 4, 2001

Ian -

I'm not sure how you could protect this info -- anything on the laptop that the salesperson would need to access in the course of performing their job is likely to also be vulnerable to duplication. There are a couple of ways to give the data some security, though.

One is "Security Through Obscurity", where you disguise the data as being some innocuous (and hopefully uninteresting) file. Or bury them deep into some directory not normally accessed by a user. In either case, a knowledgable user could find the data.

The other method is to rewrite the application for NT, where all data accesses go through a second program that is running under a more priviledged account. Or... if the application uses a database of some kind, see if the vendor has used a strong password on the database.

In my case, I make do with a steel cable and lock my laptop to a heavy object. <g>

Chip H.

Alt255 · Jan 5, 2001

Chip and ackka made a number of good points, notably regarding physical security. The opportunities for accessing data become fewer and fewer when a system can't be physically accessed.

Also, as Chip noted, "Security Through Obscurity" can be a good option, especially when combined with encryption. I made use of this approach while writing a viewer/editor for my company's registered documents. The files can't be copied or edited without authorization because they are embedded in graphic images, the location of which can't be learned without disassembling the viewer. A user can't even copy and paste the document into another editor or save it to the graphic clipboard with the PrintScreen key.

The only intention here was to prevent employees from making copies of the docs, altering them and contaminating the system with unauthorized versions. A fair solution for non-proprietary, non-mission-critical data but obviously a weak solution for ianosborne's problem. As Chip pointed out, you can make a hard drive appear to contain nothing of importance but, if a determined individual is certain it contains something he wants, it's practically impossible to prevent him from finding it.

The problem becomes harder to solve when you are dealing with a salesman who turns to industrial espionage (as was suggested). Forseeing the dirty tricks of a "trusted" employee could be tough but there are many ways to protect your data:

One would consist of a "doomsday switch" (this might work in a few instances). Obtain some "file-shredder" software and find a way to activate it under certain circumstances... say, an amount of time has elapsed without administrative intervention or there have been three successive attempts to guess a password. Shred the hard drive.

Another would involve a bit of hardware. I'm not sure if you can buy this yet but logic suggests that if there is a need, the solution will be for sale somewhere. A laptop case might be rigged with a simple switch and a large capacitor. Any attempt to open the case to remove the hard drive could cause a few thousand volts to fry the IDE circuits and much of the magnetic media. The data might still be recoverable (with an electon microscope) but the recovery would be much more difficult.

Ahhh... you did say we were talking about Mission Impossible here, didn't you?

Alt255@Vorpalcom.Intranets.com

"What this country needs is more free speech worth listening to."[tt]
Hansell B. Duckett[/tt]

Alt255 · Jan 5, 2001

After all that talk I guess I didn't respond to the original question. I don't know if there is a single solution to fit your needs.

Snoop around at a few of these links. It's a lot easier to pick and choose if you know what's available. Most of these packages are free, share or trialware.

Desktop Security:

http://www.eskimo.com/~joelm/pi.html

http://benjaminsoftware.hypermart.net/

http://www.nerc.com/~aharvey/fakedos.html

http://www.techniclabs.com/software.htm

http://www.pc-magic.com/

http://www.quickysoftware.com

http://www.tidave99.cjb.net

http://www.mcafee.com

(Search for PGP_Desktop_Security_6[1].5.3_Eval.zip)

http://www.compelson.com

http://zucchinisoft.cjb.net

http://www.webroot.com

Encryption:

http://www.pepsoft.com

http://www.counterpane.com

http://www.cuteftp.com/products/cutezip/

http://pc-magic.com/

http://www.gnupg.org

http://inv.co.nz

http://www.pc-encrypt.com

http://www.pgpi.org

http://www.mcafee.com

(Search for PGP_Personal_Privacy_6[1].5.3_Eval.zip)

http://www.scramdisk.clara.net/

http://www.counterpane.com/twofish.html

http://www.counterpane.com

http://www.counterpane.com/twofish.html

File Shredders:

http://alstonlabs.pair.com/aslfw.htm

http://www.alienseed.com

http://www.jetico.com

http://www.cyberscrub.com

http://www.tolvanen.com

http://www.evidence-eliminator.com

http://www.gale-force.com/shredder

http://www.arccom.bc.ca

http://www.bsoft.ic24.net

Intrusion Detection:

http://www.carbosoft.com

http://www.l0pht.com/antisniff

http://www.keir.net/

http://www.networkice.com/

http://www.agnitum.com

http://www.mcafee.com

(McAfee Personal Firewall Mf0210ad.exe)

http://members.tripod.com/circlet

(netmon.exe)

http://www.dynamsol.com/puppet/

http://www.plasmateksoftware.com/

http://www.brd.ie/

http://www.keir.net/

http://www.zonelabs.com/

Spy-Ware blockers:

http://www.lavasoft.de

http://www.radiate.com/privacy/remover.html

http://www.flowprotector.com/usa

http://grc.com/optout.htm

http://radsoft.net/bloatbusters/

Anti-Trojans:

http://www.cbsoftsolutions.com/

http://www.moosoft.com

http://www.agnitum.com

http://surf.to/netbuster

http://www.mlin.net/StartupMonitor.shtml

http://www.sub-seven.com

http://subseven.slak.org

http://www.agnitum.com/products/tauscan

http://www.diamondcs.com.au

http://www.coderz.net/Snakebyte

Alt255@Vorpalcom.Intranets.com

"What this country needs is more free speech worth listening to."[tt]
Hansell B. Duckett[/tt]

ackka · Jan 5, 2001

alt255, thanks for the links, i have been actually looking for free version of this stuff as well..

oh and i like your quote LOL

ackka
ackka@mad.scientist.com

http://home.cyberarmy.com/ackka

http://www.cultdeadcow.com

chiph · Jan 5, 2001

Alt -

Can you add your post'o links as a FAQ to this forum? Call it "Software Security Industry Links" or something. That info is too good to lose!

Also --
Just thought of something. IBM sells a smart-card that can secure your system. It's got two parts to it -- one is a pcmcia card that you leave in your laptop. The other is a credit-card sized smart-card that you insert into the pcmcia card when you want to access your data.

Ian could make return of the smartcard a condition of employment, or perhaps glue it to the back of their employee badge, so that when they turn their badge in, they also automatically remove their access to the data on the laptop.

Chip H.

Alt255 · Jan 8, 2001

Good idea, Chip. I hate it when I have to hunt for information. You can find the links in the FAQ area, along with a list of miscellaneous links I posted last year.

If anybody knows of any additional links please send them along so I can incorporate them. We might end up with a nice little security database.

Alt255@Vorpalcom.Intranets.com

"What this country needs is more free speech worth listening to."[tt]
Hansell B. Duckett[/tt]

click · Feb 1, 2001

You all make a very god point, and the links are good also, but the truth is NO ONE leaves a company at the spur of the moment, I'm sure this guy had planed to leave, and made copies of everything before hand. NOTHING can be done about that. He might return the badge, the laptop and such but the data is long gone.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Laptop security 2

ianosborne

IS-IT--Management

ackka

Programmer

chiph

Programmer

Alt255

Programmer

Alt255

Programmer

ackka

Programmer

chiph

Programmer

Alt255

Programmer

click

MIS

Similar threads

Part and Inventory Search

Sponsor