Concerned about notebook security

Ok, I just ordered a new AlienWare laptop. I have heard the AlienSense security feature is subpar, so I will not be using that.

I want a software solution that can lock my entire hard drive that can only be accessed with a password or a password/usb key combination.

Does anyone have any suggestions?

A USB Key that is required for the laptop to boot up would be neat as well.

Thanks for any help guys.

 

You can use truecrypt. That will encrypt your entire hard drive, and you will need to enter a password on boot. It's free and open source as well .

I used to use it, but now I don't bother and just use a bios boot password instead.

http://www.truecrypt.org/

 

awesome, thanks for the help man. what bios do you use?

 

Any more suggestions?

 

Normally, I don't even bother at all. I have backups. Even if it's not the latest, I can access the laptop remotely if its connected to the laptop and transfer the data from the laptop to my other computers.

If anyone ever stole my laptop and connects to the internet, I can remotely excute my custom script on my laptop which corrupts all my important data and I can screw with the computer as well. Like, invert the mouse axis or remap the keyboard so keys on the keyboard correspond to something else on the computer. I can also cause seisures to them if they have seisure problems. All to make them suffer and feeling guilty until they return the laptop back to me.

I can also remotely use my webcam and take a picture of whoever's using the laptop and report them.

There's no reason for me to use passwords, or any form of protection at all.

 

Everyone hates backups, ignores security, and brags about their custom, remote boobytraps.

Until their machine gets lifted, that is.

 

As sliso said:

Truecrypt is a good solution for this. It is a low-level volume encryption, which means that it will encrypt the whole drive. Well, almost the whole drive... I think you will be interested in a post I wrote some time ago which also talks about this topic. Just read this post and the following five ones in the thread: http://forum.notebookreview.com/showthread.php?p=4823624#post4823624 ( especially the pretty long one four posts below that).

In case you are using Windows Vista Ultimate, you can also use the Windows-own "Bitlocker", which is also a low-level volume encryption solution. Bitlocker can use USB sticks for boot authentication as well as passwords. However, Truecrypt is Opensource, whereas Bitlocker isn't. Noone knows if Bitlocker may contain backdoors, but with Truecrypt there's at least the chance that some people had a look at the source code.


Be aware that security isn't a solution, it's always a concept. There's no such thing as a software which you use and then you're perfectly safe. It's much more complicated. For instance, someone could take the harddisc out of your computer and tamper with the unencrypted part of the low-level encrypted disc which is needed to fire up the encrypted part, so that he can copy your startup USB stick and capture your startup password the next time you use it. There's more information about this at the link I provided.


I have to apologize that I made you pick the relevant information out of that post yourself, so if you have any specific questions about this, feel free to ask. I hope you understand this, thank you.
------------------------------------------------------------------------

What if he made backups of your data prior to connecting to the internet? If the attacker really was interested in your data, he would surely have done so! This will only help against people who are just interested in stealing your hardware.

Yeah, I can remember reading about some cases where this has happened. Pretty funny...

If you don't want to do so, well, no one will force you. Stating that there's no reason to do so, however, is wrong.

 

And how on earth can I do that exactly?

 

Good on the backups.

If my profession were stealing laptops, I'd pop in a live CD, copy your user data to my computer, then delete the partitions, zero the drive, install a new OS, and sell it. Then I'd sell any valuable information that I could find from my copy -- the point is that scripts in OS Land just aren't reliable because no laptop thief that knows what he's doing will allow stolen hardware to acquire a network connection (before it is sold, anyway).

 

I am not a big fan of those "external" solutions. There is always the possibility of losing them. Than you will be left clueless...

--

 

Thanks for the advice guys. And taking a picture of the thief, that would be pretty funny haha.

 

WOW! You must be one hell of a hacker!

But what if whoever stole your notebook just wiped out everything on the hard drive or put in a new one?
I mean, would you still be able to do all that?

 

This is possible by using specialized software solutions for exactly this, which are offered by various companies. The "user" (which I guess refers to the thief here) wouldn't have to "help", as the laptop would already have been set up to allow remote access. If the thief doesn't know this, it will work.

As this kind of software can also be used to perform illegal activities, I guess this is not the place to discuss such solutions.

If the thief wipes out the harddrive, puts in a new one or simply doesn't connect to the internet without backing up all data on the laptop first, this doesn't work. You would have to have this implemented in the BIOS with a forced built-in internet connection via WWAN (built-in mobile phone connection) in that cases, and it still wouldn't be secure enough to rely on it solely. Some business mobile phones for example have the ability to do such kind of remote-wiping.

----------------------------------------------------------------------
Remote-wiping is not something you should rely on solely whenever possible. It always has to be used in combination with secure encryption of your data. And you better make sure that its implementation and authentication are secure, because otherwise you might find yourself in the situation that a thief is using it to steal your data without your knowledge.

What Relativity wrote is absolutely right, have you read it? You should do so:

 

To access a comptuer anywhere around the world, all you need is the IP address and a internet connection. There are many tools and protocals you can use to access your computer on the internet. The on I like to use is remote desktop protocal. It's fast and "secure". There are many ways to get the ip address of a computer.

Anyways.. this "hacking" thing is off limits in this forum because of the forum rules.

As for ways to delete or corrupt your data, there are many ways as well...
1. totally mess up the firmware on the hdd by messing up its AAM
2. use a file "deleter" which overwrites a specific file on the hdd
There are many other ways as well.

Anyways.. I don't store very important information on my netbook which I carry around.

If I had your computer and I want to steal your data, almost no form of protection is enough.

E.g. I can crack your windows password (even if its 50 digits with speical symbols or whatever) in 2 minutes. It's also possible to crack your bios password and hdd password. Unless you encrypt your hdd with something like truecrpt with hard to crack methods, a theif can easily steal your data, i mean litterally in 5 minutes.

Again, how to steal and crack passwords are off limit in this forum. If you're interested, just search google.

 

I am thinking bout using this tool.

Here is a question:

Can truecrypt protect info even if the HD has been in use for a while?
Or is this more for new HD install?

 

If you are using the low-level encryption feature of Truecrypt ("Encrypt system drive"), nearly all content on the hard disk will be encrypted afterwards. The only content that will not be encrypted is an area on the disc where the Truecrypt bootloader which asks you for your authentication (your password) before booting is stored, as it can not be encrypted that easy.

Yes, this is secure for harddisks that have been in use for a while. Right after you tell Truecrypt to encrypt the whole drive, it will do so while your operating system is running. After it's finished, your data is fully encrypted. This includes all files which have previously been stored on the volume but aren't completely deleted yet.

 

Only if you're dealing with someone who's less skilled than you; try games with someone who's skill are greater than yours, and you may find yourself on the wrong end of the script.

 

Jackluo, are you prepared for the case that the guy is using a router?

As you stated to like it, you seem to use RDP regularly, for normal activities. If so, you should not use it without establishing a secure tunnel whenever you're concerned about security, there have been at least four incidents of information disclosure or man in the middle vulnerabilities in the past.

True, what I said. It's secure whenever the effort needed to get inside is not worth the data someone could expect to get by getting inside.
Most times, the expectations are high though, and human beings are by nature curious.

So true, for everyone. You can't really underestimate the knowledge of other people. It all depends on the amount of effort an attacker is willing to spend.

 

Aaah, then you're probably the little PITA who keeps trying to knock on my server's door every day or so at port 3389!

 

Which is why practical security is not about being 100% safe, but about knowing who you're most likely to be attacked by, and what level of roadblocks you need to put in the way so that it's more trouble for the most skilled of your likely attackers to hack your network/system than it is to simply go and try one of your neighbors' networks/systems (e.g., I doubt if any really good hackers bother trying to hack into all the tiny little home networks that get "exposed" one way or the other on the internet, except as a practical joke, or if they are really, really, really, really bored, and a little nostalgic for the past when they were just budding script-kiddies).

It's like that old joke about two businessmen who are the only survivors of a plane that crashed in the jungle. As they walk along, they hear a roar and see a tiger crashing through the underbrush toward them. One pops open his carryon bag (which he salvaged from the plane), pulls out his running shoes and begins lacing them on.

The other turns, incredulous, and says "you're wasting time, no pair of shoes will let you outrun a tiger. To which the first responds: "I don't have to run faster than the tiger, I just have to run faster than you."

Practical security is making sure that you can run faster than the other folks in your risk-level.

 

I doubt my $400 netbook will land on the hands of extremely skilled hackers.

You won't believe how dumb the average thieves in my school is. LOL

 

Jack i figured id give my input on someone comment to your earlier. As far as someone actually after your data in particular, unlikely unless theres something we dont know about you lol.

First step anyone actually after your data would be todo is to attach a write blocking device to the drive, usually a pretty simple device. Then make a manual image of the drive. To go further, say overwritten data actual recordings of the magnetic values would be made as well, as the actual value can be subtracted from the expected value and then be multiplied to get the previous value.

Personally TrueCrypt is good stuff, I am always nervous about encrypting my entire drive though. Had a situation where I couldnt get my data off because the method i used involved keyed hardware that i was no longer in possesion of.