Penny Arcade Forums Help / Advice Forum
The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

Laptop Security

powersspowerss Registered User regular
edited December 2006 in Help / Advice Forum
Hey guys.

I just realized that the laptop I have right now has a lot of sensitive client info on it. So, I'm looking for a way to secure all of my data.

Mac OS X has a thing called FileVault, and the more I think about it the more I'll probably switch back to Mac.

Anyway, is there any such encryption for XP? I have a windows password... should I set a BIOS password as well?

powerss on

Posts

  • scrivenerjonesscrivenerjones Registered User regular
    edited December 2006
    yup. BIOS passwords are not infallible, but I'd trust it a lot farther than the windows password.

    and I'm sure you've thought of this, but you should also make it hard for someone to walk away with it. which means getting a K-lock and locking it to something sturdy when it's out of your sight for any length of time.

    scrivenerjones on
  • The CatThe Cat Registered User, ClubPA regular
    edited December 2006
    What brand laptop are you using? My Acer came preloaded with a bunch of encryption stuff I never use, among other things. I was never game to use it because I'm crap at remembering passwords, but hey...

    The Cat on
    tmsig.jpg
  • powersspowerss Registered User regular
    edited December 2006
    Sony Vaio.

    powerss on
  • powersspowerss Registered User regular
    edited December 2006
    Does Vista have some sort of realtime encryption/decryption software?

    powerss on
  • japanjapan Registered User regular
    edited December 2006
    If someone steals the machine, a BIOS password or a Windows password won't protect your data at all. BIOS passwords can be easily reset by clearing the CMOS, and I have a handy bootable CD that will happily reset all the user passwords of a WinXP installation to blank. Plus, if they just want the data in the first place, they can remove the drive and hook it up to another machine.

    If you need the data to always be safe, you need to look at encryption.

    Windows XP has built in encryption software (EFS) which seamlessly encrypts and decrypts using a key tied to your logon. See the Microsoft documentation here. It apparently has problems, but nothing that appears to be unavoidable, and the blank password trick I mentioned earlier won't work, because the attacker will be able to access the system, but not the files.

    For what it's worth, Truecrypt is supposed to be very good, but I've never used it.

    Lastly, you might want to see of there are any laws in your area governing how the information you have is handled. I know that I've seen people surprised that they're breaking laws by failing to protect customer data. That would also give you a good idea of what a reasonable level of protection looks like.

    japan on
  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    edited December 2006
    What you really want is strong third-party encryption. EFS is fun and all, but very weak as encryption schemes go. Plus anyone with Admin access can force windows to assign the data recovery agent property to another user who can then decrypt anything in an EFS protected volume. This technically only works for the original host system, but anyone with a modern PC and a pet CS nerd can get by the encryption by brute force anyway; it just depends on how determined they are and/or how much the data is worth to them.

    There are various pieces of software that you can get that offer 128bit keylengths, which is military strength and nearly unbreakable. There are also hardware solutions which can be found, several of which use biometrics, but the cheaper ones use a USB key-dongle, which is basically a large number stored in a flash drive. When theses encrypt stuff, they rely on physical separation of the key (your dongle or your finger) and the lock to maintain security.

    A minor note on 128bits and military paranoia; If you encrypt data using a 128 bit key in the USA, you can't then allow that data out of the country, mostly because the CIA can't look at it to make sure you aren't plotting terrorism etc. Nor can you physically move the machine with the data on out of the country, so long as it still contains the software necessary to de/encrypt the data without a special military technology export license.
    You don't have one of those.

    Mr_Rose on
    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
  • stigweardstigweard Registered User regular
    edited December 2006
    Vista Ultimate has bitkeeper (bitlocker), which would suit your needs but I wouldn't recommend moving to Vista for a while yet, especially since ultimate isn't out yet.

    stigweard on
  • embrikembrik Registered User regular
    edited December 2006
    japan wrote:
    For what it's worth, Truecrypt is supposed to be very good, but I've never used it.

    TrueCrypt kicks ass. I'd recommend using it. You can use it to encrypt an entire drive if you wish. Also, I think (but don't quote me on it) that Vista's Bitlocker requires an on-board chip, so unless you have a very new PC/Laptop, it's not likely to be supported.

    embrik on
    "Damn you and your Daily Doubles, you brigand!"

    I don't believe it - I'm on my THIRD PS3, and my FIRST XBOX360. What the heck?
Sign In or Register to comment.
Penny Arcade Forums Help / Advice Forum