Solved

Security - best way to make laptop data unrecoverable?

Posted on 2003-11-29
7
426 Views
Last Modified: 2010-04-03
I'd like to put some security on my laptop.  Specifically I want to detect an attempted login.  After N failed attempts (or even a boot into bios), I want to wipe/overwrite a few sections of the drive where the critical data is stored.  Finally, I'd like to rig some sort of physical failure as well (Ie - flash fire or similar)

In other words, if this laptop gets out of proper hands, I not only want to remove the data but I also want to doubly make sure it is unrecoverable by nuking the drive itself.

Is there anything out there like this?  I've googled and not found anything like this.

0
Comment
Question by:maxout6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 40 total points
ID: 9842871
You'd have to get some operating system running to nuke the data, and what's to stop someone from removing the drive? Really nuking the data would take multiple passes and give a determined person time to rip the drive from it's moorings unless you're going to pack the laptop with thermite and a tamper switch... a homemade setup like that could be a problem it it goes off and you're in a window seat next to a pair of sumo wrestlers.

IBM and others have incorporated  security into the hardware http://www.pc.ibm.com/us/security/


You can also use PGP (or windoze) or other software to create an encrypted volume.

see http://www.computerworld.com/mobiletopics/mobile/handhelds/story/0,10801,81486,00.html
for how well PGP works...

In theory you could boot up to some shell operating system that would give the theif a false sense of accomplishment and be scrubbing the disk in the background, but that's not foresic computers investigators work if they know their stuff.

0
 
LVL 9

Expert Comment

by:buckeyes33
ID: 9843158
As seen in Mission Impossible:


This message will self desruct in 10, 9, ....1 boom.
0
 
LVL 1

Expert Comment

by:IrishFBall32
ID: 9843791
Actually....

By running Windows 2000 you can set any folder(s) or even entire drives as being encrypted. I don't know how strong this encryption is or how hard it is to get the key to decrypt it, but i know its there...

You can also configure it to "lock out" user accounts after X invalid password attempts, but even the passwords in windows are subject to being discovered fairly easily

There is also a way to add a password to the BIOS at a very low level before it even looks to see if you have an OS installed, however a determined person can remove that password easily, in some cases just by removing the battery from your laptop...

In short, you need to determine exactly how secure you need this data to be--- if you just need to keep honest people honest then any of these will work... for more then that use a combination of these... if you need more then that then i begin to question exactly what it is you need secured here...

Hope this helps,
~Kilika
0
Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

 

Author Comment

by:maxout6
ID: 9844585
Ok - so what I've gathered is:
- Encrypt it using PGP or whatever
- Use windows standard encryption as well
- Tie in some sort of OS bad login switch to run an eraser program on the specified directories (Apparently 10x overwrite on 1GB takes about 20 seconds, or so they say)
- Thermite for physical descruction.  Yowsa.
- Tin foil hat, a must for the truely paranoid
- EMF shielding so PGP keys can't be sniffed by Tempest tech


Any other good ideas?
0
 
LVL 1

Assisted Solution

by:IrishFBall32
IrishFBall32 earned 35 total points
ID: 9845400
i suppose depending on the size of the files needing protecting you could store them on a USB keyfob style drive that you keep on your regular keychain, that way if someone does get ahold of your laptop they are much less likely to have your files as well...

mentioning that i am now reminded that there are USB "system keys" that must be inserted into a USB port on power up in order for the OS to even load... that might be a solution as well
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9845417
>Apparently 10x overwrite on 1GB takes about 20 seconds, or so they say
golly - where can I get one of those?
If you figure a sustained throughput of 10MBs... well.. u do the math
BTW: make sure you use foil labled for OVEN use... as each aluminum atom is only about 1.48 angstroms, standard grade foil may not stand up to close range particle beams.
see http://zapatopi.net/afdb.html for detailed plans

0
 

Author Comment

by:maxout6
ID: 9850623
Thanks for the good tips.  This was a fun diversion and I'll probably implement many of these - without the exploding laptop!  I like the idea of a USB drive for the most sensitive data.  Now I need to do some research and find out where/what Windows keeps its temp files.  I seem to recall Word keeping a couple of copies in odd directories that'll need to be nuked to remain secure.  

Oh - thanks for the link on the tin foil hats.  I was wondering about proper construction techniques!



0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

AWS Glacier is Amazons cheapest storage option and is their answer to a ‘Cold’ storage service.  Customers primarily use this service for archival purposes and storage of infrastructure backups.  Its unlimited storage potential and low storage cost …
How to update Firmware and Bios in Dell Equalogic PS6000 Arrays and Hard Disks firmware update.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question