We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Locating Tower In Locked Closet

snake454
snake454 asked
on
Medium Priority
416 Views
Last Modified: 2012-05-07
Hello experts!
I have a client that very concerned about physical security of his main "QuickBooks" PC.  I back up his data off site daily, but he is concerned about thieves breaking in and grabbing the tower.  Even though we could rebuild everything with minimal data loss, he doesn't want the sensitive data on the stolen tower out in the world.  I know there are many types of locking cabinets we could bolt to the floor, but what about securing the tower in a substantial locked room and making a 100' - 200' (??) run to the monitor\keybowrd\mouse on the employees desk.

Ideas...comments?

THANKS!
Mick
Comment
Watch Question

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
A simpler idea would be to use a Lenovo laptop, put it in a dock so as to work like a desktop (need a monitor, keyboard, power supply and mouse). Then put a password lock on the hard drive. Reasonably, no one can break into a hard drive with a password lock. So the theif steals the computer, and they have nothing, not even a working hard drive.

Big plus: The client can use the machine elsewhere. It should also be cheaper than what you are imagining about physical security. ... Thinkpads_User

Commented:
Using the usual KVM extender with a CAT5 network cable, you can have your server few hundred meters away from the Keyboard/Mouse/Monitor.  You should be able to find them quite easily from any place that sells computer accessories.

If longer distance is required, there are some KVM products can wrap the KVM signals into VPN type of tunnel, giving you access everywhere as long as your can access the Internet.

Google it with some key words like: kvm extender and you will find a lot.
You could go a bit more extreme and house the data offsite accessing via some remoting protocol (RDP, ICA, etc).

Commented:
Hi,

i agree with Thinkpads_user, if your client has Vista Ultimate, install Bit Locker, that way it password protects the HD, which essentially does the same as the HD Lock,

even more, check the BIOS to see if it has an HD password, my Toshiba does

a QBW file can easily be broken if stolen, even if it is password protected

an encrypted drive, much harder

even with crazy cable runs, it does not seem viable,
Retired
CERTIFIED EXPERT
Most Valuable Expert 2013
Top Expert 2009
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
To what everyone else has said, I would add Make sure this "substantial locked room" has adequate and reliable ventilation.  The computer will generate heat.  If the room gets too warm, you could run into hardware reliability problems.  As a rule I'd say the room temp should not exceed 80F and ideally should be lower than that.
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Data encryption and (previously mentioned) external hard drive is the way to go.

Check out this Maxtor solution-"Maxtor BlackArmor":
http://www.maxtor.com/en/hard-drive-backup/external-drives/maxtor-blackarmor.html

There should be similar products from other brands too.

Commented:
Well,

as you can see, you have plenty  of options, just make sure your client can agree with any new procedure

Jfer

Author

Commented:
WOW!

I've posted many questions on EE but never had this many great responses!  Thanks to all who took the time to post suggestions. I think that data encryption or tower enclosure is the way to go.

1) Client has is using a Dell 320, (3.0 Ghz), running XPP.  Buying a new PC\Laptop is out of the question and unnecessary.
2) Running cables from a "substantial" locked room to the users desk is too much work.  Plus, I question what the performance would be like.
3) As stated in 1), the OS is XPP.  No way I'm going Vista with Win 7 about to be released.

So...that leaves me with one more question.  I did some research on external encrypted drives, and a frequent complaint is that performance sucks with USB 2.0.  Is there such a thing as an encrypted internal drive I could use on XPP?  Or must I go with Win7?

A locking enclosure for the tower, (bolted to the floor), is looking better and better.

THANKS!
Mick
Gary CaseRetired
CERTIFIED EXPERT
Most Valuable Expert 2013
Top Expert 2009

Commented:
"... I question what the performance would be like. " ==>  There's no performance impact ... the Cat-5 KVM's easily keep up with any supported video resolution.     I agree, however, that encryption is a better approach.

You can encrypt the internal drive, a specified partition on the drive, or multiple drives with TrueCrypt under XP with no problem.

Bolting the tower to the floor works ... and/or use a removeable disk tray such as willcomp suggested to physically remove the drive and store it in a safe overnight.     Although there IS one disadvantage to that approach -- a malicious employee (or anyone with physical access) could simply remove the drive during the day.    [There are keys to prevent that ... but my experience is that very few folks actually lock the drive in place ... and it's not a substantial lock.]

Commented:
All the removable drive adapters that I've used require locking the disk to power drive. One could leave the key inserted though. The keys definitely are not substantial and adapters from the same manufacturer usually have similar or identical keys. They resemble the old keyboard locks of many years ago. Removable drives can also be encrypted. They're just another internal hard disk to XP.

Author

Commented:
garycase & willcomp...

You guys ROCK!  I'll present all 3 solutions to the client and let him pick one or all: locked floor enclosure, removable drive, & some kind of encryption setup for the removable drive.  The removable option might have to go, as he wants me to keep a database available overnight for some remote\VPN Palm syncs.  Or keep the Palm app data on the primary drive that stays in the locked tower overnight.  Put the OuickBook data on the removable\encrypted drive.

OK to split points 50\50?

THANKS!

Commented:
Points split is your call. There were some other contributors as well. Points aren't real important to me so long as I get an assist and a few points.

Author

Commented:
Thanks!!
Gary CaseRetired
CERTIFIED EXPERT
Most Valuable Expert 2013
Top Expert 2009

Commented:
You're most welcome.   Just for grins, let us know what your client decides to do :-)

Author

Commented:
>>You're most welcome.   Just for grins, let us know what your client decides to do :-)

Will do.  Thanks SO MUCH!!

Mick
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.