You Can't Hide from the Laptop Grim Reaper
eSecurityPlanet's new columnist George Bakos talks about laptops -- mobile mine fields of any enterprise security plan. The best of us leave them unsecure or alone in a conference room. Bakos offers a few tricks for laptop information survival.
I have this silly habit of keeping my laptop running as I move about from place to place. Home to office, office to campus, etc., maximizing ''uptime''. It's kind of like accumulating frequent flyer miles that I know I'll never use. At home, I usually leave it running all night in the kitchen keeping the dogs and coffee pots company with its pleasant whirring and blinking.
A couple of weeks ago, I was working on a research paper with the deadline looming large (I hate deadlines, they force me to betray my ADHD), and I thought I'd go over a few things at the breakfast table before heading to the lab. I flipped open the display of my ridiculously large Toshiba with a creak, and I heard it. I heard that awful buzzing sound we mobile computists all know and fear, my hard drive all too obviously on a course heading due north of Ultima Thule.
Well, since it was unresponsive anyway, I just powered it down hard and prayed that it would resurrect itself after cooling off for a bit. At the office, Yaweh smiled upon me long enough for a HOMEDIR rsync to my workstation, and one final day of work before Ol' Not-So-Faithful sputtered and died.
All told, the death and resurrection of my precious data, settings, software, etc. easily took 12 hours that I really didn't have to spare.
Boy, what a dolt.
Don't I regularly preach ''data redundancy'', ''backup, backup, backup'', and all that rot? Yeah, but this was MY laptop, for cryin' out loud. Funny how the carpenter's house needs the most work.
Well, if misery loves company, I should have been ecstatic. A quick survey around ISTS, where I work, revealed at least three other laptop hard drive failures in the past few months -- various makes and models.
It's only a matter of time before the reaper comes for your laptop, too. Don't bother to run. You can't hide.
Physical security... Yeah, right
One of the fundamental tenets of information assurance is identifying the network perimeter and implementing data controls across it. You can just about throw that idea away, folks. Portable computers give an all new meaning to ''mobile code.''
While on vacation, do you VPN in from the Jersey shore? How about from home, or the bus? Do you come in from a long weekend of net surfing and IM'ing and plug into the network, ready to charge ahead on the corporate information Autobahn?
That machine of yours is, if you get any work done at all, a trusted component of the organizational IT infrastructure. Well, so is plant physical security, right? And never shall these two concepts meet.
A buddy of mine was at a military training site in Maine when he strolled into an open building and found a beautiful Thinkpad -- property of a senior operations officer -- sitting alone on a table, the building otherwise deserted. We seem to think that notebooks are somehow different from our fixed-location servers and workstations. We put in place policies and procedures for configuration and change management, physical access restrictions, like cypher locks and pass cards, then allow a portable with the exact same network permissions -- and often cached passwords, keys, etc. -- to wander freely about the outside cyberspace.
Continue on to hear how laptops leave gaping holes in your perimeter and how to protect them... and your enterprise.
By John Desmond
April 29, 2004
The basic toolkit to secure remote access for the mobile worker should strike a balance between ease and convenience of connectivity with the resources required from an organization to support that use, according to a META Group report.