Laptop Security
Since there have been a string of high-profile laptop thefts in the news lately, I thought it would be worth sending out a few quick ideas on protecting your laptop in case it gets pinched.
1. Use a Hard Drive password
Most of the modern Dell laptops support this. It is turned on through the BIOS configuration screen, but is different than a BIOS password as it actually sets the password within the hard drive’s controller firmware. This will disable read and write access to the drive until a correct password is given. Simply moving the hard drive to a different machine will not make it go away. Basically, the disk is unusable until either a) the correct password is given, b) the physical controller on the disk is replaced, or c) someone solders a debug port onto the right hard drive controller pins and reverse-engineers the back-end diagnostic protocol.
When the hard drive password is set, you will have to enter it every time you turn the machine on or resume from standby. Since you are (hopefully) already doing this anyway when Windows or Linux boots/resumes, simply turn off the OS password protection and you will still only have to enter one password to boot/resume.
2. Use an encrypted volume to store any work
I personally like TrueCrypt because it works on both Windows and Linux, is really easy to use, and is free/open-source. Basically, it will create what looks like another hard drive on your machine where you can save all your data. Simply create a shortcut on your desktop to that drive and you are good to go. Yes, you will have to enter a password the first time you want to mount the drive, but it will then stay mounted until you reboot. Just don’t forget your password (and make it long enough not to be brute-forced)!
3. Securely delete files and encrypt your swap file
I use a program called BCWipe on Windows which is also free and does three things really well. First, it installs some Explorer hooks to allow you to easily delete files in a secure way (multiple overwrite passes, etc). Second, it can go through all your deleted/slack space and scrub any leftover bits. Finally, it has the ability to encrypt your swap file on the fly…very cool.
4. Use a screensaver password
Dumb i know, but when combined with the other options it makes getting on the box pretty difficult.
5. Write or download a script that phones home
In case all the above falls through, write a script that periodically goes and checks your personal webpage or something. I set it up as a cron job under Linux or a scheduled task under Windows. This way, you’ll at least be able to track the IP address of your stolen laptop when the thief goes online.
6. Finally, use a personal firewall to protect you from Network-based attacks
This is not so much concerned with a thief stealing your laptop as it is concerned with data theft through the network. I really like ZoneAlarm for its ease of use and simplicity. Just be sure not to accept any ‘incoming connections’ unless you are know that it is safe.