Security - best way to make laptop data unrecoverable?

I'd like to put some security on my laptop.  Specifically I want to detect an attempted login.  After N failed attempts (or even a boot into bios), I want to wipe/overwrite a few sections of the drive where the critical data is stored.  Finally, I'd like to rig some sort of physical failure as well (Ie - flash fire or similar)

In other words, if this laptop gets out of proper hands, I not only want to remove the data but I also want to doubly make sure it is unrecoverable by nuking the drive itself.

Is there anything out there like this?  I've googled and not found anything like this.

maxout6Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chicagoanCommented:
You'd have to get some operating system running to nuke the data, and what's to stop someone from removing the drive? Really nuking the data would take multiple passes and give a determined person time to rip the drive from it's moorings unless you're going to pack the laptop with thermite and a tamper switch... a homemade setup like that could be a problem it it goes off and you're in a window seat next to a pair of sumo wrestlers.

IBM and others have incorporated  security into the hardware http://www.pc.ibm.com/us/security/


You can also use PGP (or windoze) or other software to create an encrypted volume.

see http://www.computerworld.com/mobiletopics/mobile/handhelds/story/0,10801,81486,00.html
for how well PGP works...

In theory you could boot up to some shell operating system that would give the theif a false sense of accomplishment and be scrubbing the disk in the background, but that's not foresic computers investigators work if they know their stuff.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
buckeyes33Commented:
As seen in Mission Impossible:


This message will self desruct in 10, 9, ....1 boom.
IrishFBall32Commented:
Actually....

By running Windows 2000 you can set any folder(s) or even entire drives as being encrypted. I don't know how strong this encryption is or how hard it is to get the key to decrypt it, but i know its there...

You can also configure it to "lock out" user accounts after X invalid password attempts, but even the passwords in windows are subject to being discovered fairly easily

There is also a way to add a password to the BIOS at a very low level before it even looks to see if you have an OS installed, however a determined person can remove that password easily, in some cases just by removing the battery from your laptop...

In short, you need to determine exactly how secure you need this data to be--- if you just need to keep honest people honest then any of these will work... for more then that use a combination of these... if you need more then that then i begin to question exactly what it is you need secured here...

Hope this helps,
~Kilika
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

maxout6Author Commented:
Ok - so what I've gathered is:
- Encrypt it using PGP or whatever
- Use windows standard encryption as well
- Tie in some sort of OS bad login switch to run an eraser program on the specified directories (Apparently 10x overwrite on 1GB takes about 20 seconds, or so they say)
- Thermite for physical descruction.  Yowsa.
- Tin foil hat, a must for the truely paranoid
- EMF shielding so PGP keys can't be sniffed by Tempest tech


Any other good ideas?
IrishFBall32Commented:
i suppose depending on the size of the files needing protecting you could store them on a USB keyfob style drive that you keep on your regular keychain, that way if someone does get ahold of your laptop they are much less likely to have your files as well...

mentioning that i am now reminded that there are USB "system keys" that must be inserted into a USB port on power up in order for the OS to even load... that might be a solution as well
chicagoanCommented:
>Apparently 10x overwrite on 1GB takes about 20 seconds, or so they say
golly - where can I get one of those?
If you figure a sustained throughput of 10MBs... well.. u do the math
BTW: make sure you use foil labled for OVEN use... as each aluminum atom is only about 1.48 angstroms, standard grade foil may not stand up to close range particle beams.
see http://zapatopi.net/afdb.html for detailed plans

maxout6Author Commented:
Thanks for the good tips.  This was a fun diversion and I'll probably implement many of these - without the exploding laptop!  I like the idea of a USB drive for the most sensitive data.  Now I need to do some research and find out where/what Windows keeps its temp files.  I seem to recall Word keeping a couple of copies in odd directories that'll need to be nuked to remain secure.  

Oh - thanks for the link on the tin foil hats.  I was wondering about proper construction techniques!



It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage

From novice to tech pro — start learning today.