PanicByte

Laptop Security Tips?

17 posts in this topic

I'm wondering what everyone recommends for keeping your laptop and it's data safe.

I've got a Thinkpad w/ the Client Security Solution w/ the biometric fingerprint scanner.

What i've done so far

# Set BIOS Password

# Set Power-On BIOS password

# Set Hard Drive password (don't know how secure it is, seen a site that says it can recover the password) plus it's not encrypted, the hard drive is just locked)

# Long secure windows password

# set nolmhash = 1

# syskey 2

# use TrueCrypt to encrypt important files

# use Windows EFS to encrypt Application data that may compromise security, (temp folder, etc.) (i know EFS is pretty crappy, but it is transparent and i haven't found a difforent method to encrypt such files)

# use laptop lock

# use a laptop backpack that doesn't look like a laptop bag

# laptop professionaly engraved with name

# apply windows updates (duhh)

# set screen saver password

# antivirus

# software firewall (zone alarm pro) i like it because when you connect to a public wireless access point it asks you if you if it's a trusted network or not

# clear page file on shutdown

# updated my wifi driver because of that weird security flaw in intel wireless cards

what else should i do to improve windows security on a laptop? (besides switch to linux)

0

Share this post


Link to post
Share on other sites

Did you enable the syskey boot password?

0

Share this post


Link to post
Share on other sites

I'm wondering what everyone recommends for keeping your laptop and it's data safe.

I've got a Thinkpad w/ the Client Security Solution w/ the biometric fingerprint scanner.

What i've done so far

# Set BIOS Password

# Set Power-On BIOS password

# Set Hard Drive password (don't know how secure it is, seen a site that says it can recover the password) plus it's not encrypted, the hard drive is just locked)

# Long secure windows password

# set nolmhash = 1

# syskey 2

# use TrueCrypt to encrypt important files

# use Windows EFS to encrypt Application data that may compromise security, (temp folder, etc.) (i know EFS is pretty crappy, but it is transparent and i haven't found a difforent method to encrypt such files)

# use laptop lock

# use a laptop backpack that doesn't look like a laptop bag

# laptop professionaly engraved with name

# apply windows updates (duhh)

# set screen saver password

# antivirus

# software firewall (zone alarm pro) i like it because when you connect to a public wireless access point it asks you if you if it's a trusted network or not

# clear page file on shutdown

# updated my wifi driver because of that weird security flaw in intel wireless cards

what else should i do to improve windows security on a laptop? (besides switch to linux)

Remember to always have a boot-and-nuke floppy/CD. (dban.sf.net)

0

Share this post


Link to post
Share on other sites

I think one of the most important ones that you did not have is, do not let it out of your sight. Doubly so when your traveling.

0

Share this post


Link to post
Share on other sites

Wow thats some pretty tight security... Holding on to a glock might make it safer. Also a self destruct option would be nice.....

Just playing :P

I dont know what else you could do to make this thing safer.... How bout setting it up to you need a certain floppy in the drive so that windows boots up. Otherwise they just get some error screen. And make this folppy unique so it cant be easily duplicated.

0

Share this post


Link to post
Share on other sites

I've thought about writing an app that looks like the my computer icon or something that will re-write the startup so that it fdisks the hard drive after startup or something else that will render the data on the hd useless.

0

Share this post


Link to post
Share on other sites

While in military school, I had Windows 98 on my laptop. I wrote a QuickBASIC file that would prompt for a password three times, and tell you it was wrong every time. The only true indication of a right or wrong entry was the activation of a pixel in each of the remaining corners of the screen (the prompt was in the top-left) for each correct attempt. If you got 2/3, or 3/3, the system booted normally. 1/3 or 0/3 caused a batch file to run which started silently deleting things I wasn't supposed to have on my computer. I compiled it to an EXE, so the password couldn't be read just by opening up the .BAS file. The idea was to give the school's computer nazis the wrong password when they attempted to make you log in to bust you for something. Never had to use it, thankfully, but I did a few test runs to make sure it worked.

0

Share this post


Link to post
Share on other sites

Could I possibly get a copy of the source for that program :blush:

EDIT: If you still have it that is.

Edited by Snippet
0

Share this post


Link to post
Share on other sites

Hm, duno if I do or not! I know I still have a copy of QuickBASIC though, so I'll see if I can't rewrite it. I'll give the sourcecode too, since it could probably be used to create a quick Visual Basic program that'd be more suitable for a modern environment.

0

Share this post


Link to post
Share on other sites

After a thought, you could write a program that would set off explosives hidden in the laptop, but then you would not be able to fly anywhere. :P

0

Share this post


Link to post
Share on other sites

The problem with security is that it's a trade off for that and usability.

My take on laptop security is this: "Never put stuff on a mobile device that you wouldn't want shared with your mom, the feds, and/or your signifigant other"

It's dead simple to steal a laptop. Nuff said.

Also, there ARE free-as-in-beer alternatives to EFS. Sadly, I'm not at my computer, and I'm drawing a blank, so I can't tel you what they are. Whoops :X

0

Share this post


Link to post
Share on other sites

Take a look at DriveCrypt, it's a commercial app for windows that will encrypt the entire HD (including windows itself). You can specify the authentication method (username+password(s), passphrase(s), usb-key...). You can even make the authentication screen look like a HD failure.

0

Share this post


Link to post
Share on other sites

I found this, just thought I'd share it on this topic.

0

Share this post


Link to post
Share on other sites

Also a self destruct option would be nice.....

Dell laptops include that feature :lol:

0

Share this post


Link to post
Share on other sites

I want to get one of these Briefcase's to carry my laptop around :)

enigma6.jpg

enigma7.jpg

enigma4.jpgenigma2.jpg

enigmacase.jpg

Edited by carwash
0

Share this post


Link to post
Share on other sites

Dang you're pretty secure, why not carry a gun around and have cameras and if you really see anyone on your street just slowly walk by to see what they are doing. You might want to get a CCW first. I second truecrypt I love that thing, I'm a newb and I know the basics of it = O . Yea, thanks to irongeek that is, thank you irongeek :D

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now