NWC | Review | Security | Gone in 6.0 Seconds |


				HOT PICKS • U.S. IT Salary Survey 2008 • Rolling Review: SOA Appliances • XKL Brings New Life To Dark Fiber

IMMERSE YOURSELF:

Storage & Servers

R E V I E W

Gone in 6.0 Seconds

September 30, 2002
By Mike DeMaria

>> continued from previous page

The Eighth Commandment

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	The Eighth Commandment
	Disk-Encryption Software
	Report Card: Disk Encryption Software
	Lockdown Devices
	Report Card: Lockdown Devices
	Recovery Services
	Report Card: Recovery Services
	Executive Summary
	File-Encryption Products

Theft has been a reality of life since the first caveman lifted a dino drumstick from his neighbor's fire. Laptops are equally tasty and easy targets. It takes only a second for someone to grab a laptop bag in a crowded terminal, and it's also easy to forget a bag in the overhead luggage bin. Hey, even an agency as anal as the IRS has mislaid 2,332 laptops in the past three years, and it can't rule out private taxpayer information being lost as well .

Clearly, losing a laptop can cost more than just the price of the hardware. How valuable is the data on the computer? If it wasn't backed up, many hours of work could be lost. Some laptops also contain private information or sensitive trade secrets worth millions if they fall into the wrong hands.

Protective products from cable locks to motion alarms are available. But no lockdown product will ensure 100 percent theft avoidance; it's merely a deterrent. Most laptops are made out of relatively weak plastic with only small slots for locking devices. We found that a screwdriver can sometimes pry open a case enough to remove the lock. A palm sized butane/propane torch can melt the plastic to weaken it. A laptop with a gaping hole in the side will fetch less than an undamaged one, but the parts can be sold individually, and a thief who's interested only in the data won't care about physical damage. We recommend choosing a laptop that offers a hardened plastic case, like Hewlett-Packard Co.'s OmniBook 6000, which has a magnesium-reinforced body, or one that has a reinforced security slot.

FYI

Where And When A poll of 231 IT pros from companies larger than 300 employees showed that, within a work environment, notebooks are most likely to be stolen from a cubicle. Outside work, cars barely edged out airports as the most likely places for theft. (Source: Kensington Data Security Survey)

Buh-Bye

Once a laptop is stolen, there's little you can do to recover it. National registries for stolen laptops aren't universally checked, especially by people buying from online auction sites or at flea markets. The exception to this is if you install theft-recovery software, such as those we evaluate in this article. However, there are limits to how effective these programs are.

And though your hardware might be history, your data could be safe--if it had been encrypted. You can encrypt individual files and folders or you can encrypt the entire disk. Microsoft Windows 2000 and XP users who want to encrypt individual files can use the built-in EFS (Encrypted File System) utility. Simply right-click a file in Windows Explorer and select encrypt. Of course, just because a file is encrypted does not mean it doesn't reside elsewhere on the disk. EFS works on individual files and directories only, not on the entire disk. It does not encrypt temp files and printer spools, nor the swap file. One Microsoft recommendation is to encrypt the temp directory also, but you still can't encrypt the swap file. Guidance Software makes a product called EnCase that is targeted to law enforcement for hard-drive forensic study. Using EnCase, we found in the Windows swap file pieces of a large text file we had encrypted using EFS.

Furthermore, deleting a file does not actually erase it; it just removes the markers defining where the file is stored. Only by overwriting a file is it really deleted. You could overwrite many previously deleted files by defragging your hard disk, and there are programs, like WipeInfo in Norton Utilities or Jetico's BCWipe, that will delete a file and then immediately overwrite every sector it occupied.

The downside of using a file- or folder-based encryption program is that it puts the decision to encrypt in the hands of users, who may forget to encrypt a document after working on it or even leave temp files all over the place. The only way to truly protect data is to use a full-disk-encryption program. The other advantage of full disk encryption is that even deleted files are encrypted, so you don't need to worry about overwriting. Not many of these systems are available, but we examined a few.