Securing Data on a Notebook

[allanc]

One of my clients has some very sensitive data on his notebook which
is running XP PRO sp2.
He has used a strong Administrator's password and has disabled the
Guest account.
He does not plan to access the Internet or use Email.
Basically, the notebook is for Word and Excel.

Can files be copied in DOS or SAFE mode?
Can Spyware programs be installed?

TIA.

 

[David H. Lipman]

From: "allanc" <[email protected]>

| One of my clients has some very sensitive data on his notebook which
| is running XP PRO sp2.
| He has used a strong Administrator's password and has disabled the
| Guest account.
| He does not plan to access the Internet or use Email.
| Basically, the notebook is for Word and Excel.
|
| Can files be copied in DOS or SAFE mode?
| Can Spyware programs be installed?
|
| TIA.

It is a notebook. That denotes portability therefore physical security is an important
aspect such as the possibility of theft.

If the client uses it in such a portable mode then data encryption of all sensitive files
may be in order. If a person with nefarious intent obtains the notebook, the files are at
risk.

You also stated "He does not plan to access the Internet or use Email." That could change
and again the data will be placed at risk.

 

[allanc]

Thank you for your input.
He is also concerned about someone else installing keylogger software.
Do you have any suggestions in this regard?

 

[David H. Lipman]

From: "allanc" <[email protected]>

| Thank you for your input.
| He is also concerned about someone else installing keylogger software.
| Do you have any suggestions in this regard?
|

Again, this is physical security as well as access to the internet.

One can get a kelogging trojan by surfing a malicious or hacked web site. One can also get
a kelogging trojan by someone with physical access. However, in this case we are not
talking about file access such as data theft. A kelogging trojan has to get installed
through the OS so not only would a person with nefarious intent need physical access but be
able to logon to the notebook.

Suggestions:

Don't allow others access to be able to logon.
Keep data files encrypted.
Keep the notebook by the side of the user and never left unattended.

If the notebook accesses the Internet, the user must...
Keep the notebook updated with all updates and patches for not only the OS but *all*
installed software and utilities.
Must practice Safe Hex.
Install anti virus and anti spyware software and keep it updated.
Make backups of all critical/sensitive data and keep the backup data stored separately from
the notebook in a secured place such as in a safe.

 

[David H. Lipman]

From: "allanc" <[email protected]>

| Thank you for your input.
| He is also concerned about someone else installing keylogger software.
| Do you have any suggestions in this regard?
|


Again, this is physical security as well as access to the internet.

One can get a kelogging trojan by surfing a malicious or hacked web site. One can also get
a kelogging trojan by someone with physical access. However, in this case we are not
talking about file access such as data theft. A kelogging trojan has to get installed
through the OS so not only would a person with nefarious intent need physical access but be
able to logon to the notebook.

Suggestions:

Don't allow others access to be able to logon.
Keep data files encrypted.
Keep the notebook by the side of the user and never left unattended.

If the notebook accesses the Internet, the user must...
Keep the notebook updated with all updates and patches for not only the OS but *all*
installed software and utilities.
Must practice Safe Hex.
Install anti virus and anti spyware software and keep it updated.
Make backups of all critical/sensitive data and keep the backup data stored separately from
the notebook in a secured place such as in a safe.

 

[Doug Knox - [MS-MVP]]

Tell him to never leave the laptop "unlocked" when he's away from it. The
built-in Administrator account should not be used for day to day purposes.
He should create another Limited user account and use that for his daily
stuff, reserving the Administrator account for software installations and
emergencies. As long as he has a strong password on both accounts, and only
uses the limited user account, this limits what malicious software can do to
the system. It won't stop everything, but its a start. He should also run
a good, reputable anti-virus/malware package and keep it up to date.

--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart
Display\Security
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

Thank you for your input.
He is also concerned about someone else installing keylogger software.
Do you have any suggestions in this regard?

 

[C.Joseph S. Drayton]

One of my clients has some very sensitive data on his notebook which
is running XP PRO sp2.
He has used a strong Administrator's password and has disabled the
Guest account.
He does not plan to access the Internet or use Email.
Basically, the notebook is for Word and Excel.

Can files be copied in DOS or SAFE mode?
Can Spyware programs be installed?

TIA.

First of all, your friend would need to disable the ability to boot
from floppy (assuming it has one) or CD. If he doesn't, then a person
could put in a boot disk that will reset the WindowsNT (including
WindowsXP) administrator password. Note the boot disk is freeware and
the ISO for it can be downloaded from the Internet.

Second, he would need to run a lock program from within Windows that
locks out access to the floppy and CD. The one I use requires a
password before either type of drive can be used.

Next he needs to use a good encryption system TrueCrypt is my current
favorite. with it you can create encrypted containers that allow for
file access in real-time rather than decrypt/use/encrypt.

Lastly, if he uses things like a pagefile, temp files (note that quite
a few document prrocessing programs automatically use temp files), or
caches or clipboard enhancer. they should be pointed at a separate
encrypted container. He should be extremely careful about the pagefile
when were with confidential data . . . you be surprised at what can be
extracted from a pagefile these days.

--

Sincerely,
C.Joseph Drayton, Ph.D. AS&T

CSD Computer Services
Web site: http://csdcs.tlerma.com/
E-mail: (e-mail address removed)

 

[allanc]

Which program do you recommend to lock out usage of the CD and
diskette?
But couldn't someone still boot from the CD as it has its own O/S on
it?
TIA.

 

[allanc]

I thought I have seen sofware that states 'Administrator Priv. not
required to install'.
How is that possible?
TIA

 

[HeyBub]

One of my clients has some very sensitive data on his notebook which
is running XP PRO sp2.
He has used a strong Administrator's password and has disabled the
Guest account.
He does not plan to access the Internet or use Email.
Basically, the notebook is for Word and Excel.

Can files be copied in DOS or SAFE mode?
Can Spyware programs be installed?

Don't forget: You can seed the data with fictious information that will
alert you when someone uses it.

For example, you can include your mother-in-law as a customer and tell her
if she ever gets mail, to let you know.

 

[allanc]

The primary concern is really keyloggers.

Don't forget: You can seed the data with fictious information that will
alert you when someone uses it.

For example, you can include your mother-in-law as a customer and tell her
if she ever gets mail, to let you know.

 

[C.Joseph S. Drayton]

Which program do you recommend to lock out usage of the CD and
diskette?
But couldn't someone still boot from the CD as it has its own O/S on
it?
TIA.

Hi Allan,

I use the freeware programs USBlocker & CDLocker by Stephen Morgan. I
have compressed and encrypted the 2 executables using KaKa EXELock so
that a password must be entered before the executable will run.

As to using a bootable CD, if booting from the CD is disable in the
BIOS, then as far as the system is concerned when it tries to boot it
ignores whatever is in the CD drive. That is why I mentioned disabling
both CD and floppy at the BIOS level. On my machine, I have it disable
and set the first boot device as the primary hard disk. If I were to
pull the hard disk, it still wouldn't try to boot from the CD.

--

Sincerely,
C.Joseph Drayton, Ph.D. AS&T

CSD Computer Services
Web site: http://csdcs.tlerma.com/
E-mail: (e-mail address removed)

 

[allanc]

Interesting. Thank you.

Is it not possible to 'reset' the BIOS so that the password is
deleted?

 

[C.Joseph S. Drayton]

Interesting. Thank you.

Is it not possible to 'reset' the BIOS so that the password is
deleted?




On a laptop for the most part no. There are a few older laptops that
you could build a serial port dongle for that would clear the BIOS. In
newer laptops thats not possible.

As to pulling the CMOS battery, the BIOS setting are stored on FlashRAM
so are not effected by pulling the CMOS battery. Some of the newer
business desktops have begun using FlashRAM for the BIOS settings for
just that reason.

--

Sincerely,
C.Joseph Drayton, Ph.D. AS&T

CSD Computer Services
Web site: http://csdcs.tlerma.com/
E-mail: (e-mail address removed)

 

[allanc]

I can find either USBlocker or CDLocker.
Can you please provide links?
TIA.