Solved

Security - best way to make laptop data unrecoverable?

Posted on 2003-11-29
7
417 Views
Last Modified: 2010-04-03
I'd like to put some security on my laptop.  Specifically I want to detect an attempted login.  After N failed attempts (or even a boot into bios), I want to wipe/overwrite a few sections of the drive where the critical data is stored.  Finally, I'd like to rig some sort of physical failure as well (Ie - flash fire or similar)

In other words, if this laptop gets out of proper hands, I not only want to remove the data but I also want to doubly make sure it is unrecoverable by nuking the drive itself.

Is there anything out there like this?  I've googled and not found anything like this.

0
Comment
Question by:maxout6
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 40 total points
ID: 9842871
You'd have to get some operating system running to nuke the data, and what's to stop someone from removing the drive? Really nuking the data would take multiple passes and give a determined person time to rip the drive from it's moorings unless you're going to pack the laptop with thermite and a tamper switch... a homemade setup like that could be a problem it it goes off and you're in a window seat next to a pair of sumo wrestlers.

IBM and others have incorporated  security into the hardware http://www.pc.ibm.com/us/security/


You can also use PGP (or windoze) or other software to create an encrypted volume.

see http://www.computerworld.com/mobiletopics/mobile/handhelds/story/0,10801,81486,00.html
for how well PGP works...

In theory you could boot up to some shell operating system that would give the theif a false sense of accomplishment and be scrubbing the disk in the background, but that's not foresic computers investigators work if they know their stuff.

0
 
LVL 9

Expert Comment

by:buckeyes33
ID: 9843158
As seen in Mission Impossible:


This message will self desruct in 10, 9, ....1 boom.
0
 
LVL 1

Expert Comment

by:IrishFBall32
ID: 9843791
Actually....

By running Windows 2000 you can set any folder(s) or even entire drives as being encrypted. I don't know how strong this encryption is or how hard it is to get the key to decrypt it, but i know its there...

You can also configure it to "lock out" user accounts after X invalid password attempts, but even the passwords in windows are subject to being discovered fairly easily

There is also a way to add a password to the BIOS at a very low level before it even looks to see if you have an OS installed, however a determined person can remove that password easily, in some cases just by removing the battery from your laptop...

In short, you need to determine exactly how secure you need this data to be--- if you just need to keep honest people honest then any of these will work... for more then that use a combination of these... if you need more then that then i begin to question exactly what it is you need secured here...

Hope this helps,
~Kilika
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:maxout6
ID: 9844585
Ok - so what I've gathered is:
- Encrypt it using PGP or whatever
- Use windows standard encryption as well
- Tie in some sort of OS bad login switch to run an eraser program on the specified directories (Apparently 10x overwrite on 1GB takes about 20 seconds, or so they say)
- Thermite for physical descruction.  Yowsa.
- Tin foil hat, a must for the truely paranoid
- EMF shielding so PGP keys can't be sniffed by Tempest tech


Any other good ideas?
0
 
LVL 1

Assisted Solution

by:IrishFBall32
IrishFBall32 earned 35 total points
ID: 9845400
i suppose depending on the size of the files needing protecting you could store them on a USB keyfob style drive that you keep on your regular keychain, that way if someone does get ahold of your laptop they are much less likely to have your files as well...

mentioning that i am now reminded that there are USB "system keys" that must be inserted into a USB port on power up in order for the OS to even load... that might be a solution as well
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9845417
>Apparently 10x overwrite on 1GB takes about 20 seconds, or so they say
golly - where can I get one of those?
If you figure a sustained throughput of 10MBs... well.. u do the math
BTW: make sure you use foil labled for OVEN use... as each aluminum atom is only about 1.48 angstroms, standard grade foil may not stand up to close range particle beams.
see http://zapatopi.net/afdb.html for detailed plans

0
 

Author Comment

by:maxout6
ID: 9850623
Thanks for the good tips.  This was a fun diversion and I'll probably implement many of these - without the exploding laptop!  I like the idea of a USB drive for the most sensitive data.  Now I need to do some research and find out where/what Windows keeps its temp files.  I seem to recall Word keeping a couple of copies in odd directories that'll need to be nuked to remain secure.  

Oh - thanks for the link on the tin foil hats.  I was wondering about proper construction techniques!



0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

In this article, I provide some information on storage disks which go into calculations that will help you figure out how much Input/output Operations Per Second (IOPS) your disk subsystem can deliver. To effectively size & tune up applications l…
This article is an update and follow-up of my previous article:   Storage 101: common concepts in the IT enterprise storage This time, I expand on more frequently used storage concepts.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now