Solved

Locating Tower In Locked Closet

Posted on 2009-06-28
17
382 Views
Last Modified: 2012-05-07
Hello experts!
I have a client that very concerned about physical security of his main "QuickBooks" PC.  I back up his data off site daily, but he is concerned about thieves breaking in and grabbing the tower.  Even though we could rebuild everything with minimal data loss, he doesn't want the sensitive data on the stolen tower out in the world.  I know there are many types of locking cabinets we could bolt to the floor, but what about securing the tower in a substantial locked room and making a 100' - 200' (??) run to the monitor\keybowrd\mouse on the employees desk.

Ideas...comments?

THANKS!
Mick
0
Comment
Question by:snake454
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +6
17 Comments
 
LVL 95

Expert Comment

by:John Hurst
ID: 24733265
A simpler idea would be to use a Lenovo laptop, put it in a dock so as to work like a desktop (need a monitor, keyboard, power supply and mouse). Then put a password lock on the hard drive. Reasonably, no one can break into a hard drive with a password lock. So the theif steals the computer, and they have nothing, not even a working hard drive.

Big plus: The client can use the machine elsewhere. It should also be cheaper than what you are imagining about physical security. ... Thinkpads_User
0
 
LVL 5

Expert Comment

by:JohnmenZ
ID: 24733299
Using the usual KVM extender with a CAT5 network cable, you can have your server few hundred meters away from the Keyboard/Mouse/Monitor.  You should be able to find them quite easily from any place that sells computer accessories.

If longer distance is required, there are some KVM products can wrap the KVM signals into VPN type of tunnel, giving you access everywhere as long as your can access the Internet.

Google it with some key words like: kvm extender and you will find a lot.
0
 
LVL 14

Expert Comment

by:amichaell
ID: 24733305
You could go a bit more extreme and house the data offsite accessing via some remoting protocol (RDP, ICA, etc).
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 9

Expert Comment

by:jfer0x01
ID: 24733327
Hi,

i agree with Thinkpads_user, if your client has Vista Ultimate, install Bit Locker, that way it password protects the HD, which essentially does the same as the HD Lock,

even more, check the BIOS to see if it has an HD password, my Toshiba does

a QBW file can easily be broken if stolen, even if it is password protected

an encrypted drive, much harder

even with crazy cable runs, it does not seem viable,
0
 
LVL 70

Accepted Solution

by:
garycase earned 250 total points
ID: 24733408
As already noted, there's no reason to remote the PC ==> simply encrypt the drive (or at least the quickbook files).     Vista's Bitlocker works fine;  as does TrueCrypt, SecureDisk, or any of several other disk encryption technologies.    Just be sure your client understands that he must NOT lose his encryption key  (be sure he creates a recovery file on external media -- and that he keeps THAT in a safe place).     If he forgets or loses the encryption key, then even he won't be able to access the data!!


Since your question was specifically about remoting the PC, however, I'll add a couple thoughts about that ...

==>   Yes, you could remotely locate the PC and use a KVM-over-Cat5 to put the monitor, keyboard, and mouse a significant distance away.   For example, this has a range of 230 feet:  http://www.cablestogo.com/product.asp?cat_id=503&sku=39970

==>   Alternatively, your client could simply run his Quickbooks via remote access from any web browser using a VPN tunnel or any good remote access utility.    LogMeIn, for example, makes this extremely simple -- and his "real" Quickbooks machine could be located ANYWHERE he wanted.     There would be NO data on the machine he was using ... it would all be on the system he was remoting to.     And of course it could also be encrypted on that system --- just to add yet-another layer of total security!!
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 24733424
To what everyone else has said, I would add Make sure this "substantial locked room" has adequate and reliable ventilation.  The computer will generate heat.  If the room gets too warm, you could run into hardware reliability problems.  As a rule I'd say the room temp should not exceed 80F and ideally should be lower than that.
0
 
LVL 32

Assisted Solution

by:willcomp
willcomp earned 250 total points
ID: 24733459
There's one more way that's simple and inexpensive. Use a removable hard disk for QB data. Then disk can be removed and locked in a safe. Removable drive adapters and caddies for 3.5" hard disks are inexpensive and easy to install.

An example: http://www.newegg.com/Product/Product.aspx?Item=N82E16817122109
0
 
LVL 2

Expert Comment

by:ilnyc
ID: 24736834
Data encryption and (previously mentioned) external hard drive is the way to go.

Check out this Maxtor solution-"Maxtor BlackArmor":
http://www.maxtor.com/en/hard-drive-backup/external-drives/maxtor-blackarmor.html

There should be similar products from other brands too.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24739406
Well,

as you can see, you have plenty  of options, just make sure your client can agree with any new procedure

Jfer
0
 

Author Comment

by:snake454
ID: 24751205
WOW!

I've posted many questions on EE but never had this many great responses!  Thanks to all who took the time to post suggestions. I think that data encryption or tower enclosure is the way to go.

1) Client has is using a Dell 320, (3.0 Ghz), running XPP.  Buying a new PC\Laptop is out of the question and unnecessary.
2) Running cables from a "substantial" locked room to the users desk is too much work.  Plus, I question what the performance would be like.
3) As stated in 1), the OS is XPP.  No way I'm going Vista with Win 7 about to be released.

So...that leaves me with one more question.  I did some research on external encrypted drives, and a frequent complaint is that performance sucks with USB 2.0.  Is there such a thing as an encrypted internal drive I could use on XPP?  Or must I go with Win7?

A locking enclosure for the tower, (bolted to the floor), is looking better and better.

THANKS!
Mick
0
 
LVL 70

Expert Comment

by:garycase
ID: 24751354
"... I question what the performance would be like. " ==>  There's no performance impact ... the Cat-5 KVM's easily keep up with any supported video resolution.     I agree, however, that encryption is a better approach.

You can encrypt the internal drive, a specified partition on the drive, or multiple drives with TrueCrypt under XP with no problem.

Bolting the tower to the floor works ... and/or use a removeable disk tray such as willcomp suggested to physically remove the drive and store it in a safe overnight.     Although there IS one disadvantage to that approach -- a malicious employee (or anyone with physical access) could simply remove the drive during the day.    [There are keys to prevent that ... but my experience is that very few folks actually lock the drive in place ... and it's not a substantial lock.]

0
 
LVL 32

Expert Comment

by:willcomp
ID: 24751374
All the removable drive adapters that I've used require locking the disk to power drive. One could leave the key inserted though. The keys definitely are not substantial and adapters from the same manufacturer usually have similar or identical keys. They resemble the old keyboard locks of many years ago. Removable drives can also be encrypted. They're just another internal hard disk to XP.
0
 

Author Comment

by:snake454
ID: 24751477
garycase & willcomp...

You guys ROCK!  I'll present all 3 solutions to the client and let him pick one or all: locked floor enclosure, removable drive, & some kind of encryption setup for the removable drive.  The removable option might have to go, as he wants me to keep a database available overnight for some remote\VPN Palm syncs.  Or keep the Palm app data on the primary drive that stays in the locked tower overnight.  Put the OuickBook data on the removable\encrypted drive.

OK to split points 50\50?

THANKS!
0
 
LVL 32

Expert Comment

by:willcomp
ID: 24751630
Points split is your call. There were some other contributors as well. Points aren't real important to me so long as I get an assist and a few points.
0
 

Author Closing Comment

by:snake454
ID: 31597773
Thanks!!
0
 
LVL 70

Expert Comment

by:garycase
ID: 24765637
You're most welcome.   Just for grins, let us know what your client decides to do :-)
0
 

Author Comment

by:snake454
ID: 24765655
>>You're most welcome.   Just for grins, let us know what your client decides to do :-)

Will do.  Thanks SO MUCH!!

Mick
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question