1 / 11

Keeping Laptops Secure

Keeping Laptops Secure. Defense Team:. Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil. Agenda. Four cornerstones of secure computing as they relate to laptop security Confidentiality Authenticity Integrity Availability. Confidentiality Problems.

hans
Télécharger la présentation

Keeping Laptops Secure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Keeping Laptops Secure Defense Team: Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil

  2. Agenda • Four cornerstones of secure computing as they relate to laptop security • Confidentiality • Authenticity • Integrity • Availability

  3. Confidentiality Problems Over 600,000 laptop thefts occurred in 2004, totaling an estimated $720 million in hardware losses and $5.4 billion in theft of proprietary information. -- Safeware Insurance, 2004

  4. Confidentiality Problems • Intellectual Property – data is easily accessible to competitors • Brand/Company Impact – damaging information can be found on laptops that can tarnish the brand or company • Public Policy – fines from regulatory agencies or government; FERPA, HIPAA, California Senate Bill 1386, Sarbanes-Oxley & Title One

  5. Confidentiality Problems Cont. • High Costs – direct costs from above as well as peripheral expenses due to legal fees, free credit monitoring for customers and loss of customer/investor trust • Portable Memory – e.g. reliance on USB memory sticks to transfer data; devices are easy to lose due to size • 60% of data breaches are due to loss of mobile devices1

  6. Authenticity Problems • Cracking Security: • Strong password requirements are often not mandated. In these cases, brute force entry does not take a tremendous effort. • Well known accounts often remain enabled, providing an easy target. • Circumventing Security: • Booting an Operating System off of USB devices or optical media is another way to circumvent security. • Unknowingly or mistakenly connecting to a network run by a hacker can provide access to data.

  7. Integrity Problems • Many laptop users have Administrator privileges • Able to install unauthorized programs, both intentionally and unintentionally • Viruses, spyware, and other malware can install automatically using the user’s elevated privileges • Unauthorized installed applications can lead to system instability or conflicts with approved application • May accidentally uninstall necessary programs or delete important system files • Causes more administrative overhead for IT staff

  8. Integrity Problems Cont. • Expired Antivirus Definitions • Exposes laptop to newer viruses • Wide range of damage depending on virus • Insecure Networks • Laptop user may connect to insecure networks (wired or wireless) • Snooping or intercepting of data can occur • Company IP can be lost • Laptop more exposed to hacker threats

  9. Availability Problems • Availability - The ability to use the information or resource desired • For laptops, a loss of available information is loss of data • Hardware damage • Software corruption • Loss of data for laptops * • 44% - Hardware Malfunction • 32% - User Error • 14% - Software Corruption • 7% - Computer Viruses • 3% - Natural Disasters * Data provided by “Disc Data Recovery”, http://www.diskdatarecovery.net

  10. Availability Problems 44% - Hardware Malfunction • Availability - The ability to use the information or resource desired • For laptops, a loss of available information is loss of data • Hardware damage • Software corruption • Loss of data for laptops * • 44% - Hardware Malfunction • 32% - User Error • 14% - Software Corruption • 7% - Computer Viruses • 3% - Natural Disasters * Data provided by “Disc Data Recovery”, http://www.diskdatarecovery.net • “head crash” • Read-write head touches the rotating platter • Platters spin 5,000 to 15,000 RPMs / second • A touching head is the equivalent of a 72 mph crash • “The click of death” • Clicking sound in disk storage systems that signals the device has failed, often catastrophically • IBM’s 75GXP harddrives were known for this ($2B loss) • Harddrive manufactures claim a 1% failure rate • Carnegie-Mellon research suggests 2-4% • Under some conditions: 13% 44% - Hardware Malfunction

  11. Questions?

More Related