1 / 26

Laptop Security SIRT IT Security Roundtable

Laptop Security SIRT IT Security Roundtable. Harvard Townsend IT Security Officer harv@ksu.edu May 2, 2008. Laptops are risky business…. Agenda. Physical security Protection while traveling Information security Recording identification information Tracking and Recovery software

ziarre
Télécharger la présentation

Laptop Security SIRT IT Security Roundtable

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Laptop SecuritySIRT IT Security Roundtable Harvard Townsend IT Security Officer harv@ksu.edu May 2, 2008

  2. Laptops are risky business…

  3. Agenda • Physical security • Protection while traveling • Information security • Recording identification information • Tracking and Recovery software • Wireless security • Public WiFi hotspots • Home wireless • VPN service • Useful freeware tools demo’d throughout • USB thumb drive security

  4. Physical Security – Theft Prevention • Never leave unsecured laptop unattended • Lock your doors (reshall room, apt., office) • Lock it in a cabinet • Use a locking security cable • Room/office • Hotel room • Public locations • Conferences, training sessions • Cost $15-$50, combination or key lock • Use strong password on all accounts

  5. Traveling • Don’t let it out of your sight when you travel • Be particularly watchful at airport security checkpoints • Always take it in your carry-on luggage • Never put it in checked luggage • Use a nondescript carrying case • Be careful when you take a nap in the airport • Don’t leave it in view in your vehicle • Don’t trust the trunk - remember the quick release lever inside the vehicle?

  6. Information Security • DON’T store confidential data on mobile devices • If you must, encrypt it • Whole-disk encryption best • File or folder encryption reasonable • Demo TrueCrypt (open source, Win/Linux/Mac – http://www.truecrypt.org ) • Beware of managing encryption keys • Work with temporary copies on the laptop – keep original file(s) on secure server • Backup data regularly • Imaging is a lovely tool • Diligently manage the security of the device (patches, antivirus software, firewalls, etc.)

  7. Finding Confidential Data • Don’t assume you don’t have any confidential data on your laptop • “Spider” from Cornell useful for finding confidential datahttp://www.cit.cornell.edu/security/tools • Searches files for SSNs and credit card numbers • Lots of false-positives but still very useful

  8. Preventing Recovery of Deleted Files • Deleted files easily recovered • Even after you empty the Recycle Bin • “Eraser” freeware tool to securely delete files (http://www.heidi.ie/eraser/) • “Erase” Recycle Bin • “Erase” a file instead of delete it • “Erase” free space on hard drive • “Erase” a USB flash drive • “Media Sanitization” when disposing media

  9. Record Identification Information • Record make, model, serial number • Take pictures of it • Label it with ownership and contact info • Engrave cover • Tamper-proof asset tag • Write on it with permanent marker • Distinctive symbols, art • Record network “MAC addresses”

  10. How To Find Your MAC AddressIn Microsoft Windows XP/Vista • Get a Command Prompt window • Select Start, then Run, then type cmd.exe • In the command prompt window, typeipconfig /all • Look for the “Physical Address”, which is the MAC address • For other operating systems, seehttp://www-dcn.fnal.gov/DCG-Docs/mac/index.html

  11. MAC address

  12. Tracking & Recovery Software • If stolen, the computer contacts the company who traces it and contacts law enforcement to recover it • Computrace LoJack for Laptops from Absolute Software (www.absolute.com) is an example • Pre-installed in BIOS on many laptops • Dell • HP • Have to buy the license to activate • Costs about $30-$50 per year

  13. Wireless Safety • K-State, home, hotels, public “hot spots” • Rule of thumb – FEAR WIRELESS! • K-State information:http://www.k-state.edu/infotech/networks/wireless/ • General wireless security:http://www.onguardonline.gov/wireless.html • Wireless terminology:http://www.onguardonline.gov/wireless.html#glossary

  14. Wireless Safety • Use encryption • WEP (weak) • WPA (strong - coming to campus soon) • VPN • Don’t work with sensitive data in public hot spot

  15. Wireless Safety • Securing wireless at homehttp://www.k-state.edu/infotech/news/tuesday/archive/2006/10-24.html#sectip • Use strongest encryption possible – WPA2 • Restrict access to specific computers by MAC address • Change default settings • Admin password for configuration interface • SSID • Do not broadcast SSID

  16. Default SSID No Encryption

  17. Default SSID Strong Encryption Weak Encryption (WEP) Default SSID

  18. Virtual Private Network (VPN) • Encrypts all network traffic between your computer and the K-State border • Makes your computer appear to be on campus to get access to restricted resources • Does NOT necessarily encrypt everything that goes to the Internet (“split tunneling”) • Also does not encrypt traffic on campus

  19. Virtual Private Network (VPN) • Must install “VPN Client” software • Information and software available at:http://www.k-state.edu/infotech/networks/vpn/ • Cannot use it on campus yet (to secure your wireless, for example); will be able to soon. • If can get to Internet but not K-State, modify the “Transport” configuration: • Enable Transparent Tunneling • IPSec over TCP

  20. Connected Disconnected

  21. USB Flash Drive Security • No confidential data! • Too easy to lose, easy target of theft • Don’t use it as a backup device • “Erase” files so they aren’t recoverable • Encrypt files on it with TrueCrypt or - • Encrypted USB flash drives • Ironkey very popular - https://www.ironkey.com/ • View demo?

  22. More Information… • K-State’s “Mobile Device Security Guidelines: http://www.k-state.edu/infotech/security/mobile.html

  23. What’s on your mind?

More Related