Nomoa.com

Paving the way for .NET in Tonga

Low No Cost Tech

Categories
Main Menu
Subscribe to Our RSS Feed Subscribe to Comments Feed Signup for MSN Alerts to Nomoa.com: Articles Signup for Yahoo Alerts to Nomoa.com :: News Articles
Google Ads
Mind Dumps Go Here + Low ~ No Cost Technology 4 Productivity + Totally Disconnected Writings
Browse in : All > Soap Box
All > Soap Box > Low No Cost Tech
All > Soap Box > Meanderings
Any of these categories - All of these categories

securing this Vista Hard Drive

Soap Box
Posted by: Samiuela LV Taufa on May 29, 2008 11:03:28 PM

I'm running Microsoft Windows Vista - Business Edition on this Tablet PC because it's the OS of choice for this thing, and because I paid the extra cash so I can get a high class Tablet. (Let's hope I don't learn to regret that one)

Now that I'm working in a security paranoid company (well it wouldn't do good to be electronically compromised if your business is providing security for other people.)

One of the key things we do at Nullcube is make sure all laptops have full encryption installed. This means that:

  1. When the machine starts, even Windows cannot start without you knowing the humoungously long password I've used.
  2. Even if you take the hard drive out of my cold dead hands, you can't get to the data (it's all gibberish without my passphrase)

Since I don't have Microsoft's sanctified OS SKU (Stock Keeping Units) that comes with Microsoft's HDD Encryption tool (bitlocker) I have to look around for some other solution. In my case it came down to looking at two Open Source projects, primarily because they were FREE and been around for a while have hopefully had someone qualified looking at their code.

I've installed both FREE OTFE (On the Fly Encryption) but chose to use TrueCrypt (http://www.truecrypt.org) Both tools are great, but TrueCrypt 5.01 supports full disk encryption of the System (boot) Disk. As per above, this feature means that you can't get into my computer unless you put pliers to my fingers and ask not so nicely.

There are however some serious gaping holes with TrueCrypt that is one of the banes of security. Security is not a product. Windows has this great feature called Sleep mode, where the laptop will go into a rest mode where you can shut the screen throw the thing into your backpack run off to your meeting and open the laptop up to see it staring at you with all those applications still running. Great feature, saves you time of waiting for the inevitable 10 minute boot cycle for Windows.

If you have sleep mode on when someone steels your laptop (and presumably the backpack may have a battery charger with it) then you've just given the thief full access to all that 'secured' data.

Presumably, in a corporate setting your Network Administrator will intrusively get into your Group Profile and set it up so the laptop cannot go into sleep and must power down (whoaa, so much for that feature.) Another intrusive but not so intrusive solution would be for laptop policies to allow sleep mode, but with requiring authentication on un-sleeping. Obviously there still is the problem that your Windows password may not be all that good, but with the newer laptops including biometric authentication mechanisms, this might be more secure?) Of course, if you steal my laptop and cut off all my fingers you can probably get in as well.

print view
Next >  
< Previous  
PermaLink

There are no comments attached to this item.

Ratings
Options :
View Article Map
Log In to Contribute
View Archives