Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Locating Tower In Locked Closet

Posted on 2009-06-28
17
Medium Priority
?
389 Views
Last Modified: 2012-05-07
Hello experts!
I have a client that very concerned about physical security of his main "QuickBooks" PC.  I back up his data off site daily, but he is concerned about thieves breaking in and grabbing the tower.  Even though we could rebuild everything with minimal data loss, he doesn't want the sensitive data on the stolen tower out in the world.  I know there are many types of locking cabinets we could bolt to the floor, but what about securing the tower in a substantial locked room and making a 100' - 200' (??) run to the monitor\keybowrd\mouse on the employees desk.

Ideas...comments?

THANKS!
Mick
0
Comment
Question by:snake454
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +6
17 Comments
 
LVL 98

Expert Comment

by:John Hurst
ID: 24733265
A simpler idea would be to use a Lenovo laptop, put it in a dock so as to work like a desktop (need a monitor, keyboard, power supply and mouse). Then put a password lock on the hard drive. Reasonably, no one can break into a hard drive with a password lock. So the theif steals the computer, and they have nothing, not even a working hard drive.

Big plus: The client can use the machine elsewhere. It should also be cheaper than what you are imagining about physical security. ... Thinkpads_User
0
 
LVL 5

Expert Comment

by:JohnmenZ
ID: 24733299
Using the usual KVM extender with a CAT5 network cable, you can have your server few hundred meters away from the Keyboard/Mouse/Monitor.  You should be able to find them quite easily from any place that sells computer accessories.

If longer distance is required, there are some KVM products can wrap the KVM signals into VPN type of tunnel, giving you access everywhere as long as your can access the Internet.

Google it with some key words like: kvm extender and you will find a lot.
0
 
LVL 14

Expert Comment

by:amichaell
ID: 24733305
You could go a bit more extreme and house the data offsite accessing via some remoting protocol (RDP, ICA, etc).
0
Protect Your Retail Business and Reputation

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for an informative webinar to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

 
LVL 9

Expert Comment

by:jfer0x01
ID: 24733327
Hi,

i agree with Thinkpads_user, if your client has Vista Ultimate, install Bit Locker, that way it password protects the HD, which essentially does the same as the HD Lock,

even more, check the BIOS to see if it has an HD password, my Toshiba does

a QBW file can easily be broken if stolen, even if it is password protected

an encrypted drive, much harder

even with crazy cable runs, it does not seem viable,
0
 
LVL 70

Accepted Solution

by:
garycase earned 1000 total points
ID: 24733408
As already noted, there's no reason to remote the PC ==> simply encrypt the drive (or at least the quickbook files).     Vista's Bitlocker works fine;  as does TrueCrypt, SecureDisk, or any of several other disk encryption technologies.    Just be sure your client understands that he must NOT lose his encryption key  (be sure he creates a recovery file on external media -- and that he keeps THAT in a safe place).     If he forgets or loses the encryption key, then even he won't be able to access the data!!


Since your question was specifically about remoting the PC, however, I'll add a couple thoughts about that ...

==>   Yes, you could remotely locate the PC and use a KVM-over-Cat5 to put the monitor, keyboard, and mouse a significant distance away.   For example, this has a range of 230 feet:  http://www.cablestogo.com/product.asp?cat_id=503&sku=39970

==>   Alternatively, your client could simply run his Quickbooks via remote access from any web browser using a VPN tunnel or any good remote access utility.    LogMeIn, for example, makes this extremely simple -- and his "real" Quickbooks machine could be located ANYWHERE he wanted.     There would be NO data on the machine he was using ... it would all be on the system he was remoting to.     And of course it could also be encrypted on that system --- just to add yet-another layer of total security!!
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 24733424
To what everyone else has said, I would add Make sure this "substantial locked room" has adequate and reliable ventilation.  The computer will generate heat.  If the room gets too warm, you could run into hardware reliability problems.  As a rule I'd say the room temp should not exceed 80F and ideally should be lower than that.
0
 
LVL 32

Assisted Solution

by:willcomp
willcomp earned 1000 total points
ID: 24733459
There's one more way that's simple and inexpensive. Use a removable hard disk for QB data. Then disk can be removed and locked in a safe. Removable drive adapters and caddies for 3.5" hard disks are inexpensive and easy to install.

An example: http://www.newegg.com/Product/Product.aspx?Item=N82E16817122109
0
 
LVL 2

Expert Comment

by:ilnyc
ID: 24736834
Data encryption and (previously mentioned) external hard drive is the way to go.

Check out this Maxtor solution-"Maxtor BlackArmor":
http://www.maxtor.com/en/hard-drive-backup/external-drives/maxtor-blackarmor.html

There should be similar products from other brands too.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24739406
Well,

as you can see, you have plenty  of options, just make sure your client can agree with any new procedure

Jfer
0
 

Author Comment

by:snake454
ID: 24751205
WOW!

I've posted many questions on EE but never had this many great responses!  Thanks to all who took the time to post suggestions. I think that data encryption or tower enclosure is the way to go.

1) Client has is using a Dell 320, (3.0 Ghz), running XPP.  Buying a new PC\Laptop is out of the question and unnecessary.
2) Running cables from a "substantial" locked room to the users desk is too much work.  Plus, I question what the performance would be like.
3) As stated in 1), the OS is XPP.  No way I'm going Vista with Win 7 about to be released.

So...that leaves me with one more question.  I did some research on external encrypted drives, and a frequent complaint is that performance sucks with USB 2.0.  Is there such a thing as an encrypted internal drive I could use on XPP?  Or must I go with Win7?

A locking enclosure for the tower, (bolted to the floor), is looking better and better.

THANKS!
Mick
0
 
LVL 70

Expert Comment

by:garycase
ID: 24751354
"... I question what the performance would be like. " ==>  There's no performance impact ... the Cat-5 KVM's easily keep up with any supported video resolution.     I agree, however, that encryption is a better approach.

You can encrypt the internal drive, a specified partition on the drive, or multiple drives with TrueCrypt under XP with no problem.

Bolting the tower to the floor works ... and/or use a removeable disk tray such as willcomp suggested to physically remove the drive and store it in a safe overnight.     Although there IS one disadvantage to that approach -- a malicious employee (or anyone with physical access) could simply remove the drive during the day.    [There are keys to prevent that ... but my experience is that very few folks actually lock the drive in place ... and it's not a substantial lock.]

0
 
LVL 32

Expert Comment

by:willcomp
ID: 24751374
All the removable drive adapters that I've used require locking the disk to power drive. One could leave the key inserted though. The keys definitely are not substantial and adapters from the same manufacturer usually have similar or identical keys. They resemble the old keyboard locks of many years ago. Removable drives can also be encrypted. They're just another internal hard disk to XP.
0
 

Author Comment

by:snake454
ID: 24751477
garycase & willcomp...

You guys ROCK!  I'll present all 3 solutions to the client and let him pick one or all: locked floor enclosure, removable drive, & some kind of encryption setup for the removable drive.  The removable option might have to go, as he wants me to keep a database available overnight for some remote\VPN Palm syncs.  Or keep the Palm app data on the primary drive that stays in the locked tower overnight.  Put the OuickBook data on the removable\encrypted drive.

OK to split points 50\50?

THANKS!
0
 
LVL 32

Expert Comment

by:willcomp
ID: 24751630
Points split is your call. There were some other contributors as well. Points aren't real important to me so long as I get an assist and a few points.
0
 

Author Closing Comment

by:snake454
ID: 31597773
Thanks!!
0
 
LVL 70

Expert Comment

by:garycase
ID: 24765637
You're most welcome.   Just for grins, let us know what your client decides to do :-)
0
 

Author Comment

by:snake454
ID: 24765655
>>You're most welcome.   Just for grins, let us know what your client decides to do :-)

Will do.  Thanks SO MUCH!!

Mick
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question