lynx picture  

CancerLynx - we prowl the net
March 25, 2002

Laptop Security
Garry McGonigal

Perhaps a bit off the beaten path, but since many of us use laptops for work and especially while on the road and at conferences, this posting looks at a topic few discuss or are aware of - Laptop Security. If you take a position that it will never happen to you, it will probably then happen. Additionally to these various tips, here are a few more (not stories, but been there).

When you are traveling, which means just walking from one meeting to another, heading to a restaurant, that laptop carrying bag has a flashing sign on it -- Take Me. The trunk of any car can be broken into in a matter of a few seconds. So, out of sight is not out of mind. If you are away at a conference, especially in the more tropical climates, out of principal your car trunk will be opened most nights. Generally, there are only so many car rentals at these locations and duplicate keys have long been made up. Security guards are often part of the theft teams.

If you figure you are safe while waiting in line at train, bus or airport gates, you are not. In the mid-90's, a group of Canadians waiting at the departure gate of a major South American airport, put their brief cases down on the floor, in front of them, between their feet, to get out their plane tickets. When they reached down to get their brief cases, gone. With all the criticism of how easy Canadian documentation is to obtain, one of the hardest embassies to get new Canadian passports, etc., just to get home, is Canada. These unfortunate folks took three days to get out of that country. Of course the people who worked at that airport departure gate never saw a thing. They never do!

At border crossing for some of the major European countries, especially where it involves trains, the guards and other workers see nothing as you are just robbed while standing in line. Those waist pouches are so easy to cut and be gone, including as you are looking down at them. All loose items you put down on the ground can be swiped in a flash. When you go to the washroom, one of the tricks is for someone to come into the washroom carrying a baby, hand it or toss it to you (life size doll), and while you are catching it, they or their team grab everything, including your waste pouch, the wallet out of your suit coat. They also reach under the stall and grab your brief case and laptop. Remember, while you are washing your hands in a washroom, chances are your brief case/laptop is probably on the floor. If you stay in a hotel, anywhere, always use the chain lock on the door. There are some survivor guides for the business/tourist traveler. It is a good idea to read a good one.

In many office environments, the number one theft problem is laptops. In downtown Toronto, even major accounting/consulting firms cable their laptops, radios and other commodities to appropriate fixtures -- theft from fellow staff. It only takes a couple of seconds for someone to walk by, grab and into their briefcase. Ground floor, older office types with windows that can be open are classic targets. Recalling one senior manager, he had three laptops stolen from his desk in 6 months. The last one was while he got up from his desk to go stand in an adjoining door to his VP's office, turned around to go get a report and his laptop was gone, again. Yes, he had the laptop security cable, but it was not in use at the moment because he was back and forth between offices with his laptop. The thief came through the window. As for the thief, we had a good description and he was caught within a few days prowling about on other floors. Police let him go because they had no evidence he was doing anything wrong (other than it being a Saturday night, 10pm, but the hallway where he was caught was considered a public area even if he was caught looking in through office door windows, after hours, and his place of residence was a low-end motel room).

Putting your laptop in a locked desk drawer or steel filing cabinet is not guarantee it wont' be taken. They can so easily be pried open. The laptop security cable, in use, and attached to something that is not so easily lifted or moved, is perhaps the better approach. Looping one end of the cable under your desk leg is not good enough, for obvious reasons. Some folks go and buy these loop hooks that can be attached to the desk, and just as easily be torn out. Do you think the thief cares about damaging your desk? Just because you have it connected to a printer and a network, does not mean the cables will keep it from being stolen. Thieves cut the wires and run -- we actually had a thief cut the power connector to aid in the theft. We quickly checked hospital ER's and walk in clinics and yes, the thief did show up for electrical burn treatment.

It can not be emphasized enough, that when you are at conferences and workshops, keep your hand (not your eyes) on your laptops, purses and other valuable materials. These conferences are targets and the thieves do wear appropriate dress attire to fit in. They also know that often times, most folks become tired out at such events and thus become more vulnerable to theft. So it is wise to work out ahead of time your process for keeping control of your personal and business items.

Electrically, although cumbersome, it is important to consider carrying in your laptop case a good power bar with good filtering capability. Most power bars are shames. Advertising does not mean they do the job -- my best one is an old Canadian Tire unit that I added too (some varristors and a few other goodies). Of course you are not expected to do this and even now I probably could not replicate the same. But, the point here is that while you are plugged in while on the train, in the hotel room, and elsewhere (conference halls included), the electrical supply is a serious problem and you can easily damage not only the battery, but the motherboard of your laptop. A power bar with a certified surge arrestor will help. Please use one that also has a phone/modem filter connector with it. Also, be aware that some of those modem drops you find in hotels are digital and most laptop modems are analog. The digital phone jacks do put out more current than analog and can destroy your laptop's modem unit. There are adaptors (small connector units), that can buffer your modem and the wall outlet. Asking at the front desk of many hotels as to what kind of data hookup they have usually will solicit a variety of interesting looks and even more interesting comments -- they generally do not know.

Laptop firewalls -- if you are ever planning on hooking up to the Internet or a network while on the road, remember that unless you have your anti-virus software with up-to-date data sets, and a good software firewall in place and enabled, you are surely asking for trouble. If you are plugging into someone else's network, your software firewall may need to have some setting adjusted to include their network specifics (i.e., their DNS and gateway IP address). Become familiar with your firewall software, including having your own technical people show you how to modify settings, in order that you can adjust. If you are at someone's else's site and you are unsure how to hook up, call back to your office, probably the IT Help Desk, and ask. Someone at that visit site will need to provide you with the appropriate IP address information (call ahead helps and minimizes down time while waiting to find that location's settings). If will be making a presentation at another site and plan on using your laptop (i.e., hooked up to a projector system), a floppy and/or cd copy of the same is a wise backup. Their project system may be hard linked to a pc with no allowance for laptops.

Before you leave the office there are a few actions that you may need help with (first time around) to get your laptop ready for being on the road. If your laptop has always been plugged into a network, and never used unplugged from the network, depending on your operating system you may need someone from IT to log into the laptop's internal administrator id to set up a profile for you to use when not on the network. They will then need for you to test it. Always make sure you have an understanding of the steps to do this, and don't be shy about writing down the steps (not the passwords please).

Passwords -- if there are no formally established policies on passwords in your organization, here are a few guidelines to consider. There are a variety of software programs and utilities that can crack password protected files and logins very easily, including administrator passwords. But, with an appropriate structure, instead of seconds it could take days or months to crack the hardest.

- The longer the length of the password, the harder and longer it takes to break. Three letter passwords often can be cracked in a few seconds.

- Mix upper and lower cases for your password. Add in numbers and other characters, and the cracking effort could take days. For example, a password structure such as G3r$}Ms99**, although difficult to remember could take several days of nonstop computing effort to break. Like it or not, women are more predictable in what names they choose to use for passwords, than for men. And it is those password patterns that make it easy for fellow workers to find their way into your laptop (please don't use names of spouse, children, pets).

- Unless you are using some fairly sophisticated encryption programs that encrypt the hard disk, folders and contents, your hard disk can simply be removed, attached to another computer device, thief logs into his/her pc, and your entire disk is now wide open for extraction -- it just becomes an attached hard disk. How quickly? As fast as it takes to remove the disk form your machine, connect it to the other, reboot, extract whatever they need, and then put it back into your pc/laptop. Fast!
Garry McGonigal

You are welcome to share this © article with friends, but do not forget to include the author name and web address. Permission needed to use articles on commercial and non commercial websites. Thank you.

one one pawprintWhat do you think? one pawprint

lynx kitten picture