How to Destroy stolen laptop

Hi Experts
Sales Manager laptop was stolen
Can i Remotely destroy all the data from that laptop
laptop Details ( Windows 7 - Join Domain - Symantec Endpoint Antivirus - Radmin - Outlook 2007 Yahoo mail )
If not how can i protect our laptop data after something like that (Stolen)
can i setup any  App can destroy the data by mail or some how
Thanks
MASWORLDAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

noxchoGlobal Support CoordinatorCommented:
The answer is no. If the person who has stolen this laptop turns it on and keeps on for a long enough so that you can connect it and erase it (which I doubt you can do) - then it is possible. But the chances to do this are 0.00001%.

So you cannot destroy it. The only protection against such cases is to encrypt the drive. BitLocker or TrueCrypt - complete drive encryption. And if the laptop is stolen - the stealer will not get the data out of it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
In addition to encryption, some devices (in combination with software) allow remote-wiping (google for lojack wiping). This is not needed, if the laptop is encrypted, I think it is more for the marketing side, for people who feel better if they know they still have the power over the stolen device.
MASWORLDAuthor Commented:
So if the stealer Hacked the Windows password he will not able to view any desktop or document data etc
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

Maidine FouadEngineerCommented:
You can also add a bios password, that prompts in each boot , For sensitive laptops

You said that the computer had Radmin , cant you just use it to connect remotely ?
McKnifeCommented:
Full disk encryption is the recommended  method to protect against thieves snooping data. Thieves will not be able to break it, while they might break BIOS/hard drive passwords.
MASWORLDAuthor Commented:
@McKnife
i just read your answer in other question about TPM
Can i use this option for more encryption
Maidine FouadEngineerCommented:
Hard driveEncryption can be broken @McKnife

Rsa Security researchers have successfully broken one of the most secure encryption algorithms 4096 Long time ago , so nothing is safe

Disk Decryptor Tools are avaible in the hacker black market too

the Optimal solution is to use at least 2 factors (or more ) , Encryption and hard drive password ... thus making it a pain to crack
rindiCommented:
There may be some modern laptops which you can nuke remotely, but you'd have had to set that up beforehand, and the laptop would have to have that builtin. For example, as far as I know many Apple laptops have such options.

The BIOS passwords and the BIOS HD passwords are the best way to protect against this in the future. Laptops that have the BIOS passwords set, can't be booted without knowing it, and you can't remove those passwords without knowing them or without contacting the manufacturer, and then you need proof of ownership, which crooks don't usually have. Lower end laptops may not have that degree of security, they might have common known backdoor passwords, but laptops for business use don't have such options. Also disk passwords can't be cracked without knowing it.

So in future just make sure you have set those passwords, and that you use business grade laptops.
noxchoGlobal Support CoordinatorCommented:
If the drive is encrypted and the stealer hacks Windows password - it will not help him to get to the data. Windows password is just for login to Windows interface. The data can be copied out via boot CD.
But, if the drive is encrypted then the stealer will not be able to get the data. To use the drive he has to wipe it. Doing your work for you.
Note, there is no 100% secure way. At least the stealer can hold a gun at your head and you will give him all passwords.
So the HDD encryption must be enough.
McKnifeCommented:
"i just read your answer in other question about TPM. Can i use this option for more encryption" - what should "more" mean? Stronger? By using a TPM, you can say that the encryption key is strong, yes. Choosing a long encryption password (length 15+, characters, numbers, symbols) it will be strong enough, too.
MASWORLDAuthor Commented:
This is our Manager laptop model

http://store.sony.com/vaio-pro-13-touch-ultrabook-zid27-SVP1321ACX//cat-27-catid-All-Ultrabook-Pro

in Feature i found this option
Security : Intel® Identity Protection Technology, Intel® Anti-Theft Technology
McKnifeCommented:
That technology is maybe no longer in service, " Intel Anti-Theft Service will be terminated by the end of January 2015" taken from http://www.intel.com/content/www/us/en/architecture-and-technology/anti-theft/anti-theft-general-technology.html?_ga=1.6291315.1778418450.1437392153 (maybe intel offers a substitution).
But really, what's it good for when it comes to data protection? Encrypt and you are good to go.
noxchoGlobal Support CoordinatorCommented:
Were these features activated on the laptop?
MASWORLDAuthor Commented:
@noxcho if you mean Intel® Anti-Theft Technology

actually i don't know this is the first time i Take my attention about this
MASWORLDAuthor Commented:
Ok @All
Thanks I benefited from all your comments
this is my plan
1- set password on BIOS
2- Enable and configure TPM
3- Enable Bitlocker
Thinking about lojack wiping.
noxchoGlobal Support CoordinatorCommented:
Take care with extensive protective measures. You can make your life and life of your manager a nightmare :)
You must take regular backups for the cases when the drive is gone bad or the passwords are lost etc. Trying to protect against the thieves you can set yourself behind the wall you are building.
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you're not going to take security seriously, you're going to leave yourself/company open to data theft.  It often takes an incident to make people think about this/get the information they need.  Then it's up to the company to decide it's important.

TPM is a great way to protect things - BUT, most consumer grade laptops do not have TPMs. Business class laptops usually do.  What do I mean - Look over the Dell Inspiron's and MOST do not have TPMs - they're meant for home users, students, etc.  Latitude laptops are more expensive, but should be built better and THEY come with TPMs as they are intended to be used by businesses.

Then, just because it has a TPM doesn't mean you're using the correct version of Windows!  If you are using Windows 7, bitlocker is ONLY AVAILABLE on volume licensed Enterprise editions OR on consumer level Ultimate editions.  For Windows 8, you can get it with Pro, but not home.

You should ask yourself/employees how likely is it someone stole the laptop for the data vs. they just wanted a laptop?  I don't know your business... but if it's not super competitive to the point where a competitor would follow your salesman to steal the laptop, then they are probably not after the data.  MIGHT they try to access/exploit it?  Sure... but odds are they are going to sell it on ebay or at a pawn shop to get cash.  This doesn't mean you shouldn't try to protect the data... but if you understand why the laptop was likely stolen (or would likely be stolen) and what the data you store on it is, you can better decide what security measures to take.

One last option - never allow users to store data on laptops.  Require the sales people to connect to an RDS server so all the data never leaves your office.  Someone steals the laptop, they get no data because there is no data on it!
MASWORLDAuthor Commented:
@all Thanks

@Lee W, MVP
Thank you for this article it's really help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.