The following question and answer thread appeared on our ITKnowledge Exchange discussion forums: Laptop Security


Member "blackmagic" writes: I am the head of my department and by the nature of the job I hold some confidential information on my laptop.

How do I ensure that:

  1. Nobody can access any files on my laptop from the LAN or the internet (not even sys admins)
  2. If somebody tries to access, can I find out /trace who it is or which computer is trying to access my stuff?




Member ShalomC writes:

You can minimize your risks by doing the following:

  1. Get disk encryption tools like SafeGuard. Encrypted disks cannot be read by removing the physical disk.
  2. Install a personal firewall on your laptop that is fully managed by you - ZoneAlarm is a good candidate.
  3. Block all shared folders, shared printers and remote management tools.
  4. Create encrypted volumes where you store your sensitive material. Windows has EFS which may be good enough, but commercial solutions also exist, like pgp disk.

Member LuisHernandez writes:

From my point of view, to avoid that someone else can access your laptop that is connected to internet (or network) requires software but mainly that you follow certain rules and protocols. The best software that fixes your needs and the guidelines, rules or protocol to be implemented, should be determined by the administrator. If you don't trust this person, as has been mentioned previously, the solution requires more thought. In such a case perhaps you need to ask yourself the question: "What do I have to do to trust my administrator?" Maybe you would ask for some help from your security suppliers.

For more information

Security tips for dealing with a rogue user:
Also taken from a live thread on SearchWindowsSecurity.com's ITKnowledge Exchange forum, the following is part one of a two-part peer discussion about technical tips and legal advice for dealing with untrustworthy users in the network.

Learning center: End-user lockdown:
Make sure your security model gives end users only the rights and privileges they need to do their jobs. Roberta Bragg's checklists and expert advice will help you lockdown.
Getting to the bottom of the topic, I believe the most appropriate question is "What do I have to do if someone else accesses my laptop to prevent him/her from seeing my critical information?" To use encryption software would be the answer. Use this software because even when using the best security software, the possibility always exists that someone is able to break the firewall (it would be necessary to also consider what happens if someone managed to steal your laptop).

The encryption software usually has a mechanism to get a logging of who, when and that data was visualized.

But remember that the security software and the encryption software even have limitations and it depends on how you follow basic guides/rules to minimize the risk:

  • If you don't activate your laptop for 5 minutes the system has to ask a password.
  • Your password must be at least 8 characters length as a combination of lower-cases, capitals and numbers.
  • Connect your laptop to internet outside your office using VPN.

Member "Maclanachu" writes:

If u r concerned about the LAN admins:

  1. Remove your computer from the domain so it is its own local workgroup.
  2. Double check the local admins group and remove anyone, barring yourself, from the local admin account.
  3. Change the local admin account to something only you know. If you do forget passwords, you can always use a bootable cd with a password cracking tool to reset the local admin account.
  4. Your local admins may now be a bit miffed at you and you are now on your own in terms of backups. If that laptop gets stolen or the HD is broken, how do you plan to recover? Make regular backups to dvdcd and don't leave the backups in the laptop bag or your car.
  5. Set up auditing on your sensitive folders so you can keep a track of any attempted access: from XP help:

To apply or modify auditing policy settings for a local file or folder

  1. Open Windows Explorer.
  2. Right-click the file or folder that you want to audit, click Properties, and then click the Security tab.
  3. Click Advanced, and then click the Auditing tab.

Then do one of the following:

  • To set up auditing for a new user or group, click Add. In Enter the object name to select, type the name of the user or group that you want, and then click OK.
  • To remove auditing for an existing group or user, click the group or user name, click Remove, click OK, and then skip the rest of this procedure.
  • To view or change auditing for an existing group or user, click its name, and then click Edit.
  • In the Apply onto box, click the location where you want auditing to take place.
  • In the Access box, indicate what actions you want to audit by selecting the appropriate check boxes:
  • To audit successful events, select the Successful check box.
  • To stop auditing successful events, clear the Successful check box.
  • To audit unsuccessful events, select the Failed check box.
  • To stop auditing unsuccessful events, clear the Failed check box.
  • To stop auditing all events, click Clear All.
  • If you want to prevent subsequent files and subfolders of the original object from inheriting these audit entries, select the Apply these auditing entries to objects and/or containers within this container only check box.

Important: Before setting up auditing for files and folders, you must enable object access auditing by defining auditing policy settings for the object access event category. If you do not enable object access auditing, you will receive an error message when you set up auditing for files and folders, and no files or folders will be audited. For more information about how to enable object access auditing, see "Define or modify auditing policy settings for an event category" in Related Topics.

You must be logged on as a member of the Administrators group or you must have been granted the Manage auditing and security log right in Group Policy to perform this procedure.

To open Windows Explorer, click Start, point to All Programs, point to Accessories, and then click Windows Explorer. For information about how to audit local registry keys, see "Audit activity on a registry key" in Related Topics. After object access auditing is enabled, view the security log in Event Viewer to review the results of your changes. You can set up file and folder auditing only on NTFS drives.

If you see the following:

  • In the Auditing Entry for File or Folder dialog box, in the Access box, the check boxes are unavailable
  • In the Advanced Security Settings for File or Folder dialog box, the Remove button is unavailable

This means that auditing has been inherited from the parent folder.

Because the security log is limited in size, select the files and folders to be audited carefully. Also, consider the amount of disk space that you want to devote to the security log. The maximum size for the security log is defined in Event Viewer.

Finally, if you can get the budget hang tough for Vista. It has some super duper encryption and stuff that supposedly will make it impossible to get data even if they have physical access. Allegedly.

To read this entire thread and get access to other threads within our ITKnowledge Exchange, click here.

This was first published in July 2006

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top