Spotlight AO Member Tutorial - Laptop Security Basics
Results 1 to 5 of 5

Thread: Spotlight AO Member Tutorial - Laptop Security Basics

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    Exclamation Spotlight AO Member Tutorial - Laptop Security Basics

    Congratulations to keezel, author of this month's spotlight member tutorial!

    How To: Laptop Security Basics
    by keezel

    It is appalling how easily security measures are circumvented on most laptops. In the following paragraphs you will learn various methods of securing your laptop against theft and unwanted users tampering with your files. You will also learn how to circumvent most of those security measures should the need arise.

    How secure is your laptop?

    First, let look at some the terms we’ll be discussing in this tutorial and what they mean.

    BIOS - Intended to detect/verify hardware (via POST) and select a boot loader prior to entering the Operating System. This is the very first thing a computer does when powered on.

    BIOS Password - A password stored on the motherboard that requires you to authenticate prior to booting into any Operating System.

    Operating System - Abbreviated as OS and referring to Windows XP/Vista, Mac OS X, Linux Distributions (Such as Ubuntu, SUSE).

    CMOS - The chip on the motherboard where a variety of information (including the BIOS password) is saved.

    CMOS Battery - A small battery on the motherboard dedicated to powering the CMOS chip.

    MoBo - Motherboard.

    Operating System Passwords

    I will begin with OS passwords. This is the only security precaution I say is an absolute necessity. If you keep your laptop behind locked doors (i.e. at home) 24/7 and you'd rather not deal with more inconvenient security precautions, at least take the time to set up this password.

    Step 1 - Set a password for all administrator accounts, including the hidden Administrator account in Windows XP and Vista. You can access the Admin account in Windows by booting into safe mode. This is accomplished by mashing F8 frenetically as the computer first powers on.

    Step 2 - Once this is done, train yourself to lock the computer (Windows key + L in Windows) every time you are away. This will prevent Joe Blow in an adjacent office/dorm room or anyone that happens upon your laptop from sitting down and potentially doing nasty things. Or possibly simply annoying things...like relatives that find if funny to deposit naughty gifts on your desktop.

    Step 3 - Secure yourself against telling everyone your password.

    Step 4 - Change all administrator passwords from time to time. Realistically this only happens once every six months at best unless you are paranoid.

    Unfortunately these passwords are the least secure of all in terms of physical security. Windows XP and Vista passwords are easily wiped out using a variety of applications on boot CD's. I've used four different applications, and I imagine there are many more out there.

    The same theory applies to Mac and Linux operating systems as well, although password resetting programs for these OS's are far more obscure. Mac passwords are slightly more secure purely because fewer people know how to reset them (security by obscurity). It took me over an hour one day to figure it out and that was with Google on hand to aid with research.

    BIOS Passwords

    The next step in securing your computer is to create a BIOS password.

    Step 1 - Access the BIOS generally by reading the small text on the top or bottom of your computer immediately after the computer first powers on. Generally you can press F2, Delete, or Escape to enter the BIOS setup. Some computers, including IBM models, do not display instructions or have a usual key to press to access the BIOS. For these, look up how to access the BIOS for that particular model using your preferred search engine.

    Step 2 - Navigate to the menu that presents you with an option to set an administrator password. Once there, click on the option and type in your password twice to verify. This is a fairly straightforward process.

    These passwords are significantly more difficult to remove, which inherently increases their ability to prevent unauthorized use of a laptop. Removal of these passwords requires someone to physically disassemble the laptop and locate the CMOS battery, remove it (as well as the regular battery), drain all remaining power from the MoBo (usually accomplished by pressing the power key, which will sap the remaining power...also a handy trick before you install memory), and then reassemble the laptop. This is further complicated because not all laptops have the CMOS battery in the same place. I even encountered one that I swear does not have a CMOS battery... I was unable to reset that one.

    Physical Security Measures

    This step is the least technical.

    There are a variety of physical locking devices that can be purchased in most stores that have a technology section. All recently manufactured laptops have a notch on the side, commonly referred to as a Kensington security slot.

    Placement may vary. On HP models, for example, it is generally at the bottom of the LCD; Toshiba tends to place theirs on the side of the laptop nearer where you'd look to find a USB port. Options you may consider include locking cable tethers (http://www.targus.com/US/product_details.asp?sku=PA410U), (http://www.targus.com/US/product_det...sp?sku=ASP29US) or for the or for the ultimate in security, full-blown safe-like enclosures (http://www.securitykit.com/laptop_safes.htm).

    Theft Recovery Software

    If the worst happens and your laptop is stolen, this is your last line of defense.

    There are several programs designed to track your laptop in the event that it is stolen. The most popular of the options out there is LoJack for Laptops (http://www.lojackforlaptops.com/). $39 buys you a program that can reinstall itself on a newly reformatted computer (thanks to an agent embedded in the BIOS of newer computers) and track itself, ultimately leading to the recovery of your laptop.

    Once you've followed these steps, you've vastly increased your resistance to both data loss and theft!

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    HDD encryption, and HDD passwords are also a good way to prevent others from accessing your data, which in some cases could be more valuable than the system itself. Some models of the thinkpad line actually have tamper resistant system boards that will lock the system down if it detects someone trying to reset the password. [or at least that is what I was told when I did tech support for them.]
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Location
    Atlanta
    Posts
    1,024
    Ya know, I actually thought about that after I submitted everything. I was hanging out with a former roommate and he mentioned that he did not have his HDD encrypted over the course of conversation, and I was like "Hey....I totally missed that in my tutorial...awesome."

  4. #4
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    Quote Originally Posted by keezel
    Ya know, I actually thought about that after I submitted everything. I was hanging out with a former roommate and he mentioned that he did not have his HDD encrypted over the course of conversation, and I was like "Hey....I totally missed that in my tutorial...awesome."
    Looks like a topic for another tutorial...

  5. #5
    Junior Member
    Join Date
    Oct 2008
    Posts
    11
    The best thing to do, is to minimize the time spent without your laptop in public. Always carry it with you.
    Learn about Rubik's Cubes HERE

Similar Threads

  1. Tutorials Forum - Index
    By Negative in forum Other Tutorials Forum
    Replies: 99
    Last Post: April 23rd, 2010, 04:33 AM
  2. Autopsy of a successful intrusion
    By gore in forum Miscellaneous Security Discussions
    Replies: 11
    Last Post: June 13th, 2006, 04:06 AM
  3. Basic Unix security tutorial
    By \/IP3R in forum AntiOnline's General Chit Chat
    Replies: 16
    Last Post: March 7th, 2005, 09:25 PM
  4. is it possible to build your own laptop
    By etruscan in forum Hardware
    Replies: 9
    Last Post: October 17th, 2003, 11:13 PM
  5. NEWS: This weeks Security News 10/30/02
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: October 31st, 2002, 12:59 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides