mailing list archives
Re: Laptop - Full Disk Encryption?
From: rohnskii () gmail com
Date: 18 Oct 2007 02:33:51 -0000
What audit has "revealed" that data security is not strong if data is not stored locally?
Laptop security guidelines
- Enable BIOS password (you already know that
- Use Windows "user" level accounts for daily work
- Windows Password protect all Accounts
- but don't rely on only windows account password protection. It is adequate to keep honest people out, but if a bad
guy has possession of a Windows PC/Laptop they can break into/reset password in less than 5 minutes!
- create password reset disks
- make sure password complexity is enforced or required (Upper & lower case letters, numbers, special char)
- make passwords longer than 8 char whenever possible
- if at all possible, separate data from PC. Preferably by keeping it on corporate servers, making sure that
connection to server is encrypted (ie SSL). If data is kept on a USB device, make sure it is encrypted. And by policy
require that users do not store the data key in the laptop bag.
- use 3rd party software to encrypt whole disk (other replies have given examples). Remember that Windoze may store
your data in many places other than the original data file, ie temp files and Windows swap file, Windows hibernation
file, deleted files in recyle bin, deleted file fragments
- you may also want to use secure file deletion utilities that overwrite deleted files multiple times using various