perfect security or security overkill?

i havent done this but i want to.

first off obviously i have a cable lock mounting the laptop to my desk which will stop it from being stolen quickly while it is in my house but this is useless while im traveling.

first level: bios password 8 digit alphanumeric which is changed daily. i want to set up my bios so that after 3 attempts the laptop cannot be powered on for 24 hours to stop any brute force attacks but for now i have to stick with having to turn it off and back on after 3 failures which will slow down a pure force attack.

second level: a USB 256meg Keyfob must be inserted before attempting to power on or when you do power on you are taken to a fake bios password screen which does nothing but print wrong password no matter what you put in. (which goes along with the 3 atempts in 24 hours)

third level: if the proper keys are not held down after boot a fake Lilo boot loader will come up and take you too a fake log in screen again here it will print wrong password no matter what you put in.

fourth level: all files are encrypted with 512bit PGP at least 5 times

fifth level: this goes back to the second and third level, while the fake screens are up the computer will run a small program that does nothing but run shell as su root, cd then rm -rf * and write garbage over everything a few dozen times.

is this too much or is it perfect?

Hi, neither :D

have a look at my tutorial on Windows Pc Data Security.

You have forgotten the bit of software that phones home if your PC is stolen :)

Cheers

Id say it depends on a a few things. What is your overall goal? Are you trying to prevent your laptop from ever being stolen or are you trying to protect the data from ever being compromised?


If I cut your cable lock, wipe your drive and bios I have my own new laptop.

But you do seem to have overkill on being able to login. One thing Id recommend is maybe not to change the bios password everyday and just change it at random times that do not follow a pattern.

The phone home thing that Nihil said sounds like a good idea. If youve gone this far Id say add some kind of GPS device so that you can track your laptop if it is stolen. And I would not recommend the fifth step, why wipe the drive if every file is encrypted 5 fold.

Hmm...

Whether that is 'perfect' (or really good at least) - or 'overkill'... I think that would be easiest determined if we knew what you intended use of the laptop is.

For example - if its a 'gaming' system, I'd say thats a bit of overkill to use to protect your saved game files...

RRP

i dont give a damn if they steal the thing i just want my data to be secure.

i got a lot of **** on here that if anyone was to get ahold of i could be royally screwed.

hell im running XP now and i do a weekly delete and reinstall just because im paranoid.

With Windows you could simply put the computer in a domain and don't cache user accounts or profiles. This alone would make the system more secure than what you've got with FAR less trouble.

For linux, you can just store all documents of any value on an NFS and make sure to to dump the swap on power down and of course don't store NFS authenitaction data on the laptop.

catch

Do you dual boot?

or are you just palnning to switch over to *nix?

Id also say a weekly reinstall insn the smartest idea unless youve got all patches on a disk and you install with not network connectivity

Pirogoeth,

If your only concern is security of your data, you might do well to have a look at my tutorial on Windows PC Data Security that I posted today. Some of it might be relevant?

If you have a need for very secure data you should not be storing it on a laptop. A DVD re-writer might do the trick as you can get 4.7 Gb on a single disk. Just make sure that it is strongly encrypted with strong passwords?

Cheers

Edit:
overkill....way too much overkill. If you have stuff that is that sensitive you shouldn't have it on a laptop. (encrypted 5 times with 512...come on).

It's really close to the border of overkill and retarded. Use a external HDD (usb pen thing if it's big enough) and keep it secured. Physical security is number 1

seabass

i personally think some of it is overkill from what your objectives are.

Changing the bios password daily might be a problem cos you might forget which one it is since you changed it so often. Also it wastes too much time changing it that often. this might result in you using simple passwords so you can remember them easier which means that they become easier to guess. Better to change maybe weekly, 2weeks once or monthly or like one of them suggested randomly.

fake boot screens not really much use cos if I already got past the bios password and realise that i cannot get thru the boot screen then I'll just remove the hard drive and put in another system as secondary

The encryption would be good as this would prevent me from doing what i said above too easily. But depending on your sensitivity of the data then your need o decide on how many bits to use in encrypting. dont go too overboard.

finally, if your data is really that important dont store it on a laptop unless you absolutely have to. laptops are not as physically secure as a desktop.