Sager Security

Re: Sager Security

If someone is sufficently determined that they are willing to open your laptop and reset the CMOS password they could just as easily (or easier) remove the drive and drop it in another machine. I wouldn't be concerned with that possiblity. Definately protect your laptop by securing the BIOS with a password (you may even create a BIOS spash screen with your name on it) but worrying about someone disassembing the device is going a bit overboard IMO.

You seem to be most worried about data loss... Someone wiping the hard drive, but not stealing the actual computer. The only protection against that is backing everything up. You can hypothetically secure BIOS with a super-unresetable (not possible in reality) password, and your attacker can still take a huge magnet to the disk, or get a sledgehammer and deal with the disk that way.

Your attacker could physically remove the hard drive from your laptop, connect it to his own computer, and do whatever he wants to your data there.

If you're worried about data theft (ie - if you lose the laptop, you care more about the data on the drive than the physical laptop itself) the only solution I know of is Win XP's Encrypted File System (EFS). Once you encrypt data with EFS, there is no known, freasible way, to decrypt your data within a century. Of course, this also assumes the data is actually encrypted when the laptop is stolen from you: If you want to edit an encrypted file, enter the password to decrypt it so you can edit it, and then have the laptop stolen, you're screwed.

Wouldn't a bios password be defeated by removing the cmos battery? which is right under the keyboard and not hard to get to.. remove the cmos battery and regular battery and the bios password doesnt mean much pretty quickly...

I thought the BIOS info was stored on the little ROM chip near on the motherboard. So even if you took out the battery, the password would remain. Only the time would be reset because that is a seperate process, roght? No? Yes?

D.out.

Bios is but I think the password is in cmos...bios pretty much stays the same until you flash it with a new 1 which kills the old i beleive.. and settings are in cmos.. and ROM Means Read Only Memory.. which means cant be written..

I am pretty sure that if you hold down the power button for 30 seconds or so you can clear the CMOS anyway. That might not be the exact way to do it but it is something similar.

Two things I'd like to toss in the mix:

1) There are ALWAYS backdoor passwords to ALL BIOSes, look them up on Google (if you know the mfg of the bios)

2) How do you consider "laptops are more exposed to the public than desktops" - unless you like to leave it unattended (and hence easily stolen)? Most public terminals and computer cafe/bars that I've seen use desktops...

Let's be honest: You don't want your signifigant other (or the authorities) to get at your vast collection of pr0n, right?

Seriously, just keep in mind that locks are meant for honest people and you'll do fine.

-myrkat

Disk Sector Encryption

I'm no expert, but I've been looking around at this encryption problem recently and it seems that the best encryption is disk sector encryption with pre-boot authorization.

Best examples are CE-Infosys Compusec (free) and DiskCrypt Plus Pack.
Both these companies are German as US encryption laws discourage the development of such strong cryptography.

These tools use on-the-fly disk sector cryptography that is transparent in normal use and imposes no appreciable speed loss; they also make use of an optional USB token that is required to boot.

If you use these tools and the laptop is stolen, the machine can't be booted, no other I/O can run, and the diskdrives (including OS etc, everything) are encrypted and unreadable even if you took them out and mounted them on another machine.

if somebody malicious has access to my laptop, I'll PRAY that they erase everything, lol. That is the best possible outcome, in most cases.

Do realize: we have anonymity going by our sides. How many people have heard of sager? Further more, how many people will know that the CMOS battery is underneath the keyboard? Would they know that holding the power button down 30 seconds will reset the bios?

If the laptop were a dell, most theives would know how to open the entire thing up, and reset everything. However, with our sagers, very few people would know how to dissassemble one, or reset anything at all. Keep that in mind...

If someone wants to deny you of your data and they are determined to do so, you will be denied your data, unless you live in some massive fortress with extraordinary protection at which point the issue of laptop security is pretty much meaningless. Even then, if they are really determined and the point is to simply deny you the data, there are still lots of ways to do that, most notably by eliminating you. But in the end, the real protection in this scenario is back-ups and lots of them. Maybe have several very secure data stores slaved wirelessly to the laptop.

If your concern is the data may fall into other hands and be used, that's not really a problem. The code makers are so far ahead of the code breakers at this point its laughable. Most common encryptions, if used effectively, will thwart virtually any attempt. At least any attempt that is within reasonable constraints for time, money, effort. At that point, again, laptop security is pretty much meaningless.

If your concern is the loss of the machine or its parts, well, you can always chain it to a set of bolts epoxied into your pelvis (biggest single bone), but that seems a bit on the extreme side.

The point here is if what you have is so valuable, you shouldn't be hauling it around in a laptop and if that's really necessary, you should think about a full time security detail with about 30 personnel.

As myrkat said, locks are for honest people. They merely indicate the level of security you'd like to maintain. Sort of like military rank tends to indicate the desired level of command competance.

flashing - exposed to the public

haha. You don't have to take the laptop apart, in any way, to remove the bios password (but I recommend using it anyway). All you have to do is flash the bios.

(or use any no. of apps out there that recover bios passwords as someone else pointed out).

Anyway, suppose you want to go beyond encryption and make the HDs useless to anyone (thief or any others) trying to read them or reformat them.

I know you can lock HDs somehow, but does anyone know how to do this with the 8890 w/ 2 hitachi 7200 in RAID0? Or, if you have a link to any info on this I would appreciate it.

Like we say in the networking buisness.

THERE IS NO SECURITY LIKE PHYSICAL SECURITY!!!!!!!!!.

Yeah, physical protection is the best - here's mine.

Wait till you see him in his wardriving gear. I'll post it tomorrow.


[IMG][/IMG]