Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cyber Security Awareness Tip #15: Protecting Laptops - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Tip #15: Protecting Laptops

Laptops have made our life much easier. We can now work when we want to, and where we want to – and do a better job. However, INFOSEC practitioners also suffer a bit due to that same advantage. Laptops are much more likely to leave company premises, and are relatively expensive and as such an interesting object for thieves. While the cost of a laptop fleet is significant to organizations, what we are most worried about is the data contained on them.

There are several issues related to laptop security:

  • Physical protection of the device;
  • Maintaining control over the networks it connects to;
  • Preventing malicious code from being introduced in other settings than the “protected office”;
  • Preventing leakage of data despite the higher risk of theft.

The risk posed to a laptop can also differ significantly based on location. For example, suppose you use full disk encryption. When you are logged in, such encryption is of little value. In the average American/European environment, we use full disk encryption as a means to gard the data on our device when it is ‘out of sight’. While we are watching the laptop, all data is relatively safe. Is this also valid for our oil executive travelling to Nigeria ?

I’m looking forward to all your ideas, suggestions and comments, and will update the diary continuously when they arrive! Write to us here.

Boris wrote in how he avoids having any data at all on the endpoint. They are inherently prone to theft, and by enabling a connection to the home base and uploading work data there, one can maximally reduce risk of data theft on the endpoint. While this is not possible in all locations (try getting your oil exec a stable connection in Port Harcourt, for example), the increasing availability of internet is making this more of a reality for many companies.

Maarten

158 Posts

Sign Up for Free or Log In to start participating in the conversation!