- What did you expect?
  Create an account
:: Home  ::  Downloads  ::  Your Account  ::  Forums  ::
Google Adsense
  • Home
  • Downloads
  • ExpectationReviews
  • Forums
  • Group29 FAQ
  • MovieReviews
  • OtherReviews
  • Stories Archive
  • Submit News
  • Top 10
  • Topics
  • Web Links
  • New at Group29
    ·Movie Review: Buzz Lightyear Movie [10]
    ·Movie Review: The Marvels [7]
    ·UCLA vs. USC 2022 preview
    ·Expectation Review: Black Adam [22]
    ·Tuna Is Not The Favorite Pizza Topping in Minnesota
    ·Expectation Review: Captain Marvel [25]
    ·Forum Topic: Update your Facebook property
    ·Web Link: WEP Key Converter
    ·Forum Topic: Why does my IPA file get saved as a zip file in IE?
    ·Web Link: BeyondCompare

    ·Rebelscum Breast Cancer Awareness Charity Patch
    ·BBC Interviews J.J. Abrams About Trek And Wars
    ·CEII: Jabba's Palace Reunion - Massive Guest Announcements
    ·Fathead's May the Fourth Be With You!
    ·Star Wars Night With The Tampa Bay Storm Reminder
    ·Stephen Hayford Star Wars Weekends Exclusive Art
    ·ForceCast #251: To Spoil or Not to Spoil
    ·New Timothy Zahn Audio Books Coming
    ·SDCC: Exclusive Black Series Boba Fett With Han In Carbonite Set
    ·Star Wars Art Exposition May 4th

    Hot trends

    Group29 Discussion Board :: View topic - Security and the stolen laptop
    Log in Register Forum FAQ Memberlist Search
    Ratings, Links, Free Speech and more

    Group29 Discussion Board Forum Index -> Group29 Tech Tips -> Security and the stolen laptop
    Post new topic  Reply to topic View previous topic :: View next topic 
    Security and the stolen laptop
    PostPosted: Mon Jun 05, 2006 12:51 pm Reply with quote
    Joined: Jun 23, 2004
    Posts: 340


    OK, so your company is putting themselves in a tough position by carrying sensitive information in the laptops to begin with. And users are bringing those laptops around the country and to the workout club. Your company data is at risk.

    You might want to look at the solution from a couple of different angles.

    1.) Do you have to replicate the information onto the laptop? Do the users work in areas where there is no internet access? If you could always guarantee internet access for the auditors, you could tunnel through the internet with a VPN (Virtual Private Network) which is extremely secure.

    2.) If the information positively absolutely has to be stored on a laptop, then, you are counting on the individual user to be accountable for the security.

    a.) The secure information could be stored on a separate USB hard drive that remains on a user's keychain or some such.
    b.) Encryption software could be purchased that makes a virtual hard disk drive on the laptop to which data could be stored. Truecrypt is a freeware alternative.
    c.) A combination of a and b where an encrypted partition is stored on a USB drive.
    d.) A combination of a and b where an encrypted partition is stored on the laptop, but a USB key/dongle is required for access.
    e.) IBM and Toshiba sell latptops that use fingerprint reader driven encryption.

    This article from MIT Information Service & Technology pretty much boils down what security is all about.

    Volume 20
    No. 2 November/December 2004
    Security Principles: Identity, Authentication, AuthorizationChristopher Logan

    Most of us use some form of authentication daily – for example, when we get money from an ATM machine, log into email, or access the gym with a photo ID. In a world full of passwords and “prox? cards, it’s useful to get a handle on the key principles on which security is based. Identity, authentication, and authorization are closely linked.

    Identity distinguishes who someone is or what something is. Identity can refer to a person, program, computer, or data. Identification is the process of establishing who someone or something claims to be.

    Authentication is the process of confirming a claimed identity. For exam- ple, motorists identify themselves to police by presenting a driver’s license. Police compare the photo and description on the driver’s license with the motorist to authenticate identity. All forms of authentication are based on something you know, something you have, or something you are.

    • Something you know is some form of information that you can recognize and keep to yourself. This could be a personal identification number (PIN) for your bank account or a password. Within the information technology realm, a password is the most common form of authentication.

    • Something you have is a physical item you possess. This could be an item like a photo ID or a security token. A security token is a small hardware device such as a proximity or magnetic strip card you carry to authorize access to a service or building.

    • Something you are is a human characteristic considered to be unique, like fingerprints, voice tones, and retinal patterns. These are also referred to as biometrics.

    Once identity has been confirmed, authorization may come into play. Authorization is the act of granting permission for someone or something to conduct an act. Even when identity and authentication have indicated who someone is, authorization may be needed to establish what he or she is allowed to do.

    Check out the beginner's tutorial user-guide on the (freeware open source) TrueCrypt site. It walks you through setting up an encrypted drive letter, which can be either a drive or a file stored on an existing drive. Hopefully the data that you are storing is something that is always replicated from a primary source. Because if someone forgets their password, that encrypted partition is locked forever. You would create your application to read from the encrypted partition drive letter. Obviously you are introducing an additional step to have the user log in to the encryption software to enable access to the partition.

    If a CIA type with a farm of NSA computers applied themselves diligently to the task of breaking the encryption, knowing it was a truecrypt partition, they could attempt a program to guess the password. However, it could be weeks/months to break the key. I would guess that the information stored (SSN/Financial Data) could actually be obtained somewhere else more cheaply. The TrueCrypt software is actually useful for carrying low level national secrets.

    The most common security breaches are internal. So if you are going to attempt to secure data, and you are not running background checks on your employees, you are wasting your time. Your employees may be making a few bucks selling internal information on the side.
    View user's profile Visit poster's website
    Security and the stolen laptop
      Group29 Discussion Board Forum Index -> Group29 Tech Tips
    You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot vote in polls in this forum
    All times are GMT - 6 Hours  
    Page 1 of 1  

     Post new topic  Reply to topic  

    Powered by phpBB © 2001-2003 phpBB Group
    Theme created by Vjacheslav Trushkin
    Forums ©
    Group29 Productions

    All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest (c) 2006 by Group29 Productions.

    You can syndicate Group29 Productions news with an RSS Feeder using the file backend.php

    PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
    Page Generation: 0.32 Seconds

    :: HeliusGray phpbb2 style by CyberAlien :: PHP-Nuke theme by ::