Solved

Locating Tower In Locked Closet

Posted on 2009-06-28
17
375 Views
Last Modified: 2012-05-07
Hello experts!
I have a client that very concerned about physical security of his main "QuickBooks" PC.  I back up his data off site daily, but he is concerned about thieves breaking in and grabbing the tower.  Even though we could rebuild everything with minimal data loss, he doesn't want the sensitive data on the stolen tower out in the world.  I know there are many types of locking cabinets we could bolt to the floor, but what about securing the tower in a substantial locked room and making a 100' - 200' (??) run to the monitor\keybowrd\mouse on the employees desk.

Ideas...comments?

THANKS!
Mick
0
Comment
Question by:snake454
  • 4
  • 3
  • 3
  • +6
17 Comments
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
A simpler idea would be to use a Lenovo laptop, put it in a dock so as to work like a desktop (need a monitor, keyboard, power supply and mouse). Then put a password lock on the hard drive. Reasonably, no one can break into a hard drive with a password lock. So the theif steals the computer, and they have nothing, not even a working hard drive.

Big plus: The client can use the machine elsewhere. It should also be cheaper than what you are imagining about physical security. ... Thinkpads_User
0
 
LVL 5

Expert Comment

by:JohnmenZ
Comment Utility
Using the usual KVM extender with a CAT5 network cable, you can have your server few hundred meters away from the Keyboard/Mouse/Monitor.  You should be able to find them quite easily from any place that sells computer accessories.

If longer distance is required, there are some KVM products can wrap the KVM signals into VPN type of tunnel, giving you access everywhere as long as your can access the Internet.

Google it with some key words like: kvm extender and you will find a lot.
0
 
LVL 14

Expert Comment

by:amichaell
Comment Utility
You could go a bit more extreme and house the data offsite accessing via some remoting protocol (RDP, ICA, etc).
0
 
LVL 9

Expert Comment

by:jfer0x01
Comment Utility
Hi,

i agree with Thinkpads_user, if your client has Vista Ultimate, install Bit Locker, that way it password protects the HD, which essentially does the same as the HD Lock,

even more, check the BIOS to see if it has an HD password, my Toshiba does

a QBW file can easily be broken if stolen, even if it is password protected

an encrypted drive, much harder

even with crazy cable runs, it does not seem viable,
0
 
LVL 70

Accepted Solution

by:
garycase earned 250 total points
Comment Utility
As already noted, there's no reason to remote the PC ==> simply encrypt the drive (or at least the quickbook files).     Vista's Bitlocker works fine;  as does TrueCrypt, SecureDisk, or any of several other disk encryption technologies.    Just be sure your client understands that he must NOT lose his encryption key  (be sure he creates a recovery file on external media -- and that he keeps THAT in a safe place).     If he forgets or loses the encryption key, then even he won't be able to access the data!!


Since your question was specifically about remoting the PC, however, I'll add a couple thoughts about that ...

==>   Yes, you could remotely locate the PC and use a KVM-over-Cat5 to put the monitor, keyboard, and mouse a significant distance away.   For example, this has a range of 230 feet:  http://www.cablestogo.com/product.asp?cat_id=503&sku=39970

==>   Alternatively, your client could simply run his Quickbooks via remote access from any web browser using a VPN tunnel or any good remote access utility.    LogMeIn, for example, makes this extremely simple -- and his "real" Quickbooks machine could be located ANYWHERE he wanted.     There would be NO data on the machine he was using ... it would all be on the system he was remoting to.     And of course it could also be encrypted on that system --- just to add yet-another layer of total security!!
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
Comment Utility
To what everyone else has said, I would add Make sure this "substantial locked room" has adequate and reliable ventilation.  The computer will generate heat.  If the room gets too warm, you could run into hardware reliability problems.  As a rule I'd say the room temp should not exceed 80F and ideally should be lower than that.
0
 
LVL 32

Assisted Solution

by:willcomp
willcomp earned 250 total points
Comment Utility
There's one more way that's simple and inexpensive. Use a removable hard disk for QB data. Then disk can be removed and locked in a safe. Removable drive adapters and caddies for 3.5" hard disks are inexpensive and easy to install.

An example: http://www.newegg.com/Product/Product.aspx?Item=N82E16817122109
0
 
LVL 2

Expert Comment

by:ilnyc
Comment Utility
Data encryption and (previously mentioned) external hard drive is the way to go.

Check out this Maxtor solution-"Maxtor BlackArmor":
http://www.maxtor.com/en/hard-drive-backup/external-drives/maxtor-blackarmor.html

There should be similar products from other brands too.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 9

Expert Comment

by:jfer0x01
Comment Utility
Well,

as you can see, you have plenty  of options, just make sure your client can agree with any new procedure

Jfer
0
 

Author Comment

by:snake454
Comment Utility
WOW!

I've posted many questions on EE but never had this many great responses!  Thanks to all who took the time to post suggestions. I think that data encryption or tower enclosure is the way to go.

1) Client has is using a Dell 320, (3.0 Ghz), running XPP.  Buying a new PC\Laptop is out of the question and unnecessary.
2) Running cables from a "substantial" locked room to the users desk is too much work.  Plus, I question what the performance would be like.
3) As stated in 1), the OS is XPP.  No way I'm going Vista with Win 7 about to be released.

So...that leaves me with one more question.  I did some research on external encrypted drives, and a frequent complaint is that performance sucks with USB 2.0.  Is there such a thing as an encrypted internal drive I could use on XPP?  Or must I go with Win7?

A locking enclosure for the tower, (bolted to the floor), is looking better and better.

THANKS!
Mick
0
 
LVL 70

Expert Comment

by:garycase
Comment Utility
"... I question what the performance would be like. " ==>  There's no performance impact ... the Cat-5 KVM's easily keep up with any supported video resolution.     I agree, however, that encryption is a better approach.

You can encrypt the internal drive, a specified partition on the drive, or multiple drives with TrueCrypt under XP with no problem.

Bolting the tower to the floor works ... and/or use a removeable disk tray such as willcomp suggested to physically remove the drive and store it in a safe overnight.     Although there IS one disadvantage to that approach -- a malicious employee (or anyone with physical access) could simply remove the drive during the day.    [There are keys to prevent that ... but my experience is that very few folks actually lock the drive in place ... and it's not a substantial lock.]

0
 
LVL 32

Expert Comment

by:willcomp
Comment Utility
All the removable drive adapters that I've used require locking the disk to power drive. One could leave the key inserted though. The keys definitely are not substantial and adapters from the same manufacturer usually have similar or identical keys. They resemble the old keyboard locks of many years ago. Removable drives can also be encrypted. They're just another internal hard disk to XP.
0
 

Author Comment

by:snake454
Comment Utility
garycase & willcomp...

You guys ROCK!  I'll present all 3 solutions to the client and let him pick one or all: locked floor enclosure, removable drive, & some kind of encryption setup for the removable drive.  The removable option might have to go, as he wants me to keep a database available overnight for some remote\VPN Palm syncs.  Or keep the Palm app data on the primary drive that stays in the locked tower overnight.  Put the OuickBook data on the removable\encrypted drive.

OK to split points 50\50?

THANKS!
0
 
LVL 32

Expert Comment

by:willcomp
Comment Utility
Points split is your call. There were some other contributors as well. Points aren't real important to me so long as I get an assist and a few points.
0
 

Author Closing Comment

by:snake454
Comment Utility
Thanks!!
0
 
LVL 70

Expert Comment

by:garycase
Comment Utility
You're most welcome.   Just for grins, let us know what your client decides to do :-)
0
 

Author Comment

by:snake454
Comment Utility
>>You're most welcome.   Just for grins, let us know what your client decides to do :-)

Will do.  Thanks SO MUCH!!

Mick
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now