Laptops All-in-One Desk Reference For Dummies- P69 docx

Hardware-based disk encryption Most laptops include in their setup BIOS a means to set a password before you can access an installed hard drive; however, a number of hacker tools allow s

Encrypting the Disk 654

discs, and external drives See Figure 1-3 The LE version creates multi-ple 25MB encrypted containers on your hard disk that you can load and unload as needed You can view, modify, and hide all types of files with

a single password The product works with all current versions of Windows (including 95 and 98 as well as XP and Vista) Consult www cypherix.com/cryptainerle for more information about the free version

Hardware-based disk encryption

Most laptops include in their setup BIOS a means to set a password before you can access an installed hard drive; however, a number of hacker tools allow someone to determine this password and once someone has bypassed

it, she can read everything on the drive

Full disk encryption Seagate’s Full Disk Encryption (FDE) system (introduced to consumers with its Momentus line of hard disks) and similar concepts are different in that

the encryption key (the code that decrypts the data) isn’t stored on the drive

or in the BIOS No amount of physical attack on the machine by a hacker is going to locate a decryption key because it isn’t on the laptop

Figure 1-3:

The Cryptainer control window allows creation of hidden volumes with complex passwords

Book IX Chapter 1

Encrypting the Disk 655

Under FDE, you’ve no need to initialize a new disk or to encrypt the full con-tents of a large drive when the software is added to an existing disk All data

is encrypted as it records, and according to Seagate the process occurs at full interface speed In other words, no overhead is involved

Under software encryption schemes, if the key to the encryption software is compromised, you must change it This usually involves completely decrypt-ing and re-encryptdecrypt-ing the entire drive Since the key to an FDE drive is locked into the hardware, it can’t be corrupted

Removable flash memory key Another option is to use a removable flash memory key that holds the decoding key for an encrypted disk One such product is the PCKey from Kensington The system combines an access key that plugs into the laptop’s USB port and holds the complex decoding key; you must enter a password into an onscreen form Both are required before any user is permitted to use the machine and any network to which it connects

All data on the hard drive is encrypted by the PCKey system; when an appli-cation requests it, the encoded data passes through the PCKey filter and is decrypted for storage in the computer’s system memory for the applica-tion’s use It’s re-encrypted when written back to the hard drive

The encryption algorithm for PCKey is quite strong and difficult to break; the loophole with this system appears if the laptop is up and running with the key in place and the password entered In that situation, a thief could access all the data on the machine until turning it off The solution: Remove the key and take it with you any time you walk away from your laptop

If you forget your password or lose the key, contact Kensington and answer a set of questions to obtain a replacement code

Adding the Sys Key utility

You can add yet another layer of Microsoft-brand protection to your pass-words by adding the Sys Key utility to your Windows XP or Windows Vista laptop Sys Key encrypts copies of user passwords stored on your hard drive and adds a more complex encryption scheme to basic passwords See Figure 1-4

Encrypting the Disk 656

To Configure Windows System Key Protection, do the following:

1.Click Start ➪ Run

Run is a way to issue a command directly from a program that exists out-side the operating system

2.Type syskey in the Run text box.

3.Press Enter.

4.Select the Encryption Enabled check box.

The check box is in the Securing the Windows Account Database sec-tion Enabling this option encrypts the password database and is the recommended setting

5.Click Update.

6.Click Password Startup

This requires that a strong password start Windows

7.Enter a complex password

The password should include a combination of upper- and lowercase let-ters, numbers, and symbols; the code should be at least 12 characters long, with a maximum of 128 characters

Figure 1-4:

The Sys Key utility of Windows XP

or Windows Vista adds extra layers

of security

to encrypted files and settings

Book IX Chapter 1

Keeping Panic in Check(list) 657

Keeping Panic in Check(list)

What to do if, despite all your best efforts, your laptop really goes missing

or your software becomes corrupted? Don’t spend too much time cursing, screaming, or crying; as good as it might feel, that won’t help, and time is a-wasting

Follow these steps:

✦ Call the boss If the machine or software is owned by or related to a

business, government agency, or any other organization, immediately notify your employer or legal department They should have a plan to deal with the loss of confidential or other important information

✦ List your data Make notes about any data files you know are on your

machine’s hard disk Don’t forget:

• Files you may have deleted but are still in the recycle bin

• Backup copies of earlier editions of your documents (Many applica-tions, such as word processors, make these copies)

• The contents of your e-mail folder

✦ Get the cops Contact the local police or other law enforcement agency

where the laptop was stolen or lost File a complete report as soon as possible Include a description of the brand and model as well as its serial number and other information

✦ Jog your memory Get your most recent set of backup files for the

machine (You’ve been making backups on a regular basis, right?) Use a borrowed or rented machine — if you’re sure that machine is secure — and refresh your memory about any confidential data that may have been on your laptop’s hard drive

✦ Call all accounts Contact your bank, credit card companies, and any

other institution with which you have financial or personal accounts

They may put a notation on your account to be on the watch for fraud;

they may close existing accounts; or they may disable your current user

ID and password and ask that you create new ones

✦ Write to your dear diary Maintain a journal with model numbers, serial

numbers, and an inventory of components and add-ons that you travel with I have one copy of this list in my wallet and another copy with important papers in my office Don’t bother to keep the list in the laptop’s carrying case; that probably won’t help at all

✦ Admit to the admin If you use your laptop with any networks that use

password protection, notify the administrator; you may have to change user IDs and passwords If you run your own wireless network in your home or office, make the changes yourself

Keeping Panic in Check(list) 658

✦ Be fickle Again Change any user ID and passwords for e-mail and other

applications that are automatically filled in by Windows or a built-in util-ity on your laptop; if you manually enter user IDs and passwords you can decide for yourself whether or not to make changes

✦ Stake your claim Notify your insurance company (or the administrator

of your company or organization’s insurance) to file a claim for the loss

of the laptop Some policies include coverage for software application loss; most policies, though, don’t cover data loss

Have you taken out the recycling?

One way to slightly reduce the risk of damage caused by a lost laptop: Get in the habit of clearing out the Recycle Bin each time you shut down the machine That setting is available in the operating system You can also use an IMAP mail server instead of a POP3 mail server

so your e-mails aren’t stored locally on your

laptop (but are instead kept on a central server) And you can also have applications like word processors not automatically create backups of files in progress Each of these poli-cies has disadvantages, but they’re the safest way to treat data stored in a moveable (and los-able) laptop

Chapter 2: Guarding Against Intruders

In This Chapter

Locking the doors against electronic burglars

Setting up and using a firewall

Going with antivirus, antispam, and antispyware

Getting a security suite

Cleaning up after yourself

Here at the Department of Laptop Security, we’re very concerned that all road warriors understand and follow all our rules, regulations, sug-gestions, pleas, wishes, and hopes regarding one very important little detail: keeping the front and back doors closed and locked

That’s really what it comes down to Although it seems so silly to some people, the fact is that an entire subspecies of humans devotes its every waking hour to (electronically) turning the door knobs and rattling the screen doors of laptop and desktop computers all over the world Some do

it for the sport, the computer equivalent of graffiti artists who get their jol-lies by defacing other people’s property Some of them are in it for the money, looking to steal your bank account information and whatever other personal data you may have stored within your machine

In the previous chapter I discuss ways to hold onto your machine and pro-tect the contents of your hard drive in case the laptop is stolen or lost at sea (or from a car, or a plane, or a train, or otherwise misplaced) In this chapter, you explore ways to keep people from breaking into your machine from afar

Breaking and Entry, Laptop-Style

Let me get one thing out of the way right at the start: If you bought a new laptop from a major manufacturer and ran it, unaltered, right out of the box, without ever connecting to the Internet, you’d have a very good — but not perfect — chance of never having to worry about computer viruses And you’d have no reason to fear spam, malware, adware, spyware, or phishing (I define each of these terms in a moment.)

Breaking and Entry, Laptop-Style 660

In theory, a brand-new laptop from the factory comes equipped with Windows or another operating system and a basic set of applications that have been verified, scanned, checked, and otherwise given a close look-see

by the manufacturer It’s highly unlikely that the machine will arrive infected

As long as you use your machine in its unaltered state and completely avoid connecting to another computer, the Internet, or e-mail, your laptop is like the boy in the bubble: safe from infection but also unable to fully experi-ence life

Table 2-1 reveals the ways a virgin machine can become sullied by disease and distress I ranked threats in relative order of likelihood from very rare to very common I awarded one star to the least likely culprits and as many as five to the biggest threats

Table 2-1 Threats to a New Machine

on a CD, DVD, or other media As noted (see sidebar), this is rather unlikely; software makers are under orders from their lawyers and marketing departments to double- and triple-check for rogue code

installed in a floppy disk drive or other device Relatively few current laptops have a floppy disk drive, and your system BIOS has to be set to boot from the drive to load the nasty code

Whoops

Back in the early days of personal computing and the early days of computer viruses I received a new version of a personal finance program from a major software vendor, sent to

me for review in PC Magazine, where I was executive editor I installed the program on a machine and all of a sudden the machine began behaving strangely I assumed it was a flaw with the new program itself until I

rebooted the machine and an early antivirus program flashed a warning on my screen: My

PC was infected To make a long, sad story short: The financial software company had hired a service bureau to duplicate its product onto floppy disks (the medium of the time) and unbeknownst to all, their computers were infected Today that’s pretty unlikely to reoccur but not impossible

Book IX Chapter 2

Being Neighborly with a Firewall 661

utility given you on a floppy disk, flash memory key,

CD, or DVD

macros (like those available in word processors and spreadsheets) that include malware

connection and downloading drivers, utilities, icons, and programs from sources you don’t know and trust

animated icons, music, and more) through an instant messenger (IM) program

that offers a free program or utility that you didn’t request

didn’t request or that comes from an unknown source

network or on a public network (like you might find at

an Internet café)

using the one built into current versions of Windows) and going online or onto a network

set of stars for anyone who operates a laptop without

a capable and fully updated antivirus program in place

If you had a proper antivirus in place, chances are very good that it would prevent all the preceding infections

*One star is the least likely to happen; five stars means it’s one of the biggest threats.

Being Neighborly with a Firewall

Good fences, as Robert Frost observed, make good neighbors In the case of computers, good fences help you distinguish between good neighbors and nasty intruders

The Internet is a fast-moving stream of billions of snippets of information

called packets The situation is made better (or much worse, depending on

how you look at it) by bringing high-speed broadband connections to homes and offices on cable, DSL, and fiber-optic systems In addition to the danger posed by the huge volume of data that moves on a broadband circuit, there’s also the fact that these connections are always on: Your machine is hooked

Being Neighborly with a Firewall 662

up to the Internet all the time A connected PC sticks an electronic toe into the stream looking for packets addressed to your address And when you click an Internet link or send an e-mail, your machine is creating a packet with your return address

Hackers create viruses and other malware that fly around on the Internet, jig-gling the doors of tens of millions of PCs until they find one they can open The odds of breaking in are low, but even a tiny percentage of success can make these miserable louts very happy

One of your laptop’s most important security program components is the

enabling and use of a good firewall.

The original term comes out of construction and automobile manufacturing:

a solid physical barrier intended to stop the spread of a fire In the world of computing, a firewall is a piece of hardware or software that stands guard between your laptop and the outside world Its role is to inspect all network traffic that passes through it and decide whether to

✦ Block the data

✦ Allow it through based on a set of rules

✦ Halt data and display a message asking you to decide whether to proceed

A firewall erects a defensive ring for your computer It stands physically or logically at the point where data comes into an individual machine or an entire network; its primary purpose is to prevent unauthorized access to

your machine It can’t, however, protect against an assault that doesn’t go

through the firewall For example, if you load software from a CD or DVD, you’re inside the hardware fence

Several kinds of firewalls exist:

✦ Application gateway firewall (also known as a proxy), are the most

common type of device You can have the firewall check packets against

a particular list of addresses or limit the actions of particular applica-tions For example, the proxy could block downloads or prevent a packet from initiating a file deletion or change

✦ Packet filters allow entrance only to packets from specified addresses

✦ Circuit-level firewalls only permit communication with specific

comput-ers and Internet service providcomput-ers

✦ Stateful inspection firewalls are the newest and most advanced design.

These devices actually read the contents of packets and block those that are determined to be harmful or an unauthorized threat to privacy

Book IX Chapter 2

Being Neighborly with a Firewall 663

Why do you need both a firewall and an antivirus program? If you want to think in law enforcement terms, the firewall keeps any potential evildoers away from a place where they might try to commit a crime An antivirus system stops a criminal act by someone who’s gotten past the wall with a weapon

Hardware firewalls

Hardware firewalls are very effective because they literally are separated from the computer or network they protect The incoming signals from a broadband modem connected to the Internet or from a local area network have to be approved by the firewall “appliance” before they get to a com-puter You find hardware firewalls in many large companies and organiza-tions that can afford the cost of the device (from several hundred to several thousand dollars for a basic unit, rising from there based on the amount of traffic and number of machines protected) as well as the cost in payroll for a trained professional to manage the network

One intermediate step is to use a wired router that includes a basic firewall

These systems, though not quite as full-featured as a dedicated hardware firewall, add another fence where a network of computers link to each other and to a broadband modem

Router firewalls only provide protection from computers on the Internet, not from computers on the other side of the router: your local network If a

machine on the network becomes infected, it can easily spread a worm (a

self-replicating piece of unwanted code that sends copies of itself to as many places as it can before it’s squashed) to other machines on the network For that reason, you should also enable a software firewall on each machine

Software firewalls

As a laptop user, a hardware firewall may protect you when you connect your portable computer (either by wire to an office network or wirelessly to a WiFi system) But most of the time you won’t have the hardware between you and the wild, wild Internet; instead you’ll use a piece of software intended to stand between your computer’s essential files and the outside world

Software firewalls (also called personal firewalls) can

✦ Be written as utilities within the operating system

✦ Be a package that sits in front of or behind the operating system to pro-tect the data on the machine

✦ Block incoming traffic based on a set of rules and exceptions you establish