Solved

Securing a windows 7 laptop when out of the office.  It's part of an SBS 2011 domain

Posted on 2016-11-21
  • SBS
  • Windows 7
  • Security
  • Laptops/Notebooks
  • Storage Hardware
  • +1
11
68 Views
Last Modified: 2016-11-28
What are the options for the way to 'secure' the data on a laptop in case it gets stolen?

I was thinking there's the drive bootup password in the bios of the laptop (Dell Latitude).  I guess I could take the drive out to see for myself, but does that actually keep the drive locked up even if removed from the laptop and connected to another PC?

We're not talking state secrets here.  So if the answer to the hard drive password lock is that they can swap out the board on the drive and get in, that's not a concern.

We're more concerned with keeping people from getting to the data going so far as taking the drive out of the laptop and putting in another PC using a USB to SATA cable or similar.

The OS is Windows 7 Pro and the server for the domain is SBS 2011.

Any recommendations?
0
Comment
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 2

Assisted Solution

by:Pune Tech
Pune Tech earned 83 total points
Comment Utility
Right now your laptop data is unsafe any one can copy by connecting to usb but there are steps you can take to reduce the risk. Here are 10 simple things you can do to help keep your laptop secure when you are on the go

Check following article for details,

http://www.in.techradar.com/news/mobile-computing/laptops/10-steps-you-can-take-to-secure-a-laptop/articleshow/38835410.cms
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 83 total points
Comment Utility
What the bios "hard drive password" actually does depends on the model of laptop and model of drive. You can use self encrypting drives and if the bios supports it, you will really be using encryption and this (given we use a password that is not easy to brute force) is secure.
Other hard drive locking mechanisms are not that secure. To give you an idea: data recovery online services offer to unlock your drive for less than 100 US$ (but you'll have to send them the drive).

So look into the drive models and see if SED (self encrypting drives) is a feature and if the dell bios supports to use that on all models that you have.
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 251 total points
Comment Utility
the hard drive password most likely does not do encryption if the word crypt is not present somewhere in the bios. usually, you'd get both on separate lines, but there are exceptions. best way to know try it. it should work internally or as an usb external drive.

assuming the hardware does not support it, windows can work on completely encrypted drives but i would not recommend that approach : pain to setup, you'll have to reinstall or clone, and it is uselessly slow.

i'd recommend you create a separate partition. you can resize existing ones in computer management, and create new ones. i'm unsure about resizing the system partition while it is running. if you need to do that and windows won't, any bootable cd with gparted will let you do that easily.

once you're done, you can use the ms bitlocker tool ( should be under system in control panel ) to encrypt the drive

then format the partition and make sure any sensitive data is stored there. you can stick the user profile or his documents folders on the encrypted partition to make it easier. if you move the whole profile, try a dummy profile first. moving the profile is somehow better because most temp files would be stored there. ( and a few with the system but most apps that work on user data will use the profile's temp dirs )

this should be quite easy to setup without breaking the existing system, and won't encrypt the system itself which would slow down the system uselessly ( imagine the swapfile is encrypted and you swap even a little ... )

---

another way could be to use an encrypted usb key but you won't be able to set the user's profile on a removable drive afaik so your user would need to be educated. and temp files would be a problem.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
There's no bitlocker on win7 pro.
0
 
LVL 26

Accepted Solution

by:
skullnobrains earned 251 total points
Comment Utility
oops

many freeware equivalent such as this truecrypt successor https://veracrypt.codeplex.com/ or truecrypt itself

whichever you pick, you need one that prompts for passwords rather than use a self-contained password ( rather useless ) or a removable drive ( that will likely be stolen with the laptop ) and you probably should prefer something that encrypts the whole drive rather than individual files ( though there might be some out-of-the-shelf tools that can watch a directory and encrypt/decrypt files on the fly )
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 251 total points
Comment Utility
another way could also be to provide remote access through rdp, vnc, or whatever equivalent and leave the data at the office but that would require permanent internet access
0
 
LVL 25

Assisted Solution

by:RobMobility
RobMobility earned 83 total points
Comment Utility
Hi,

Dell latitudes are business grade devices and thus have a TPM (trusted Platform Module) - this can be enabled in the BIOS (usually enabled by default) and since you have Windows 7 Pro, you can encrypt the in-built disk using BitLocker.

Several options are available for how the drive is unlocked - suggest a complex password of 8 characters and AES 128 (default) or AES 256 for the encryption.

During drive encryption, you will be asked to create a BitLocker recovery key - important that you keep this safe.

Hopefully this will help:

https://technet.microsoft.com/en-us/library/dd835565(v=ws.10).aspx
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 83 total points
Comment Utility
7 pro has no bitlocker. We talked about that before, please read the other comments.
0
 
LVL 25

Expert Comment

by:RobMobility
Comment Utility
Quite correct, it was introduced in Windows 8.0 Pro.

You could upgrade to Windows 8.1 Pro, via Windows 8.0 as it's cheaper (i.e. £45.00 in the UK) or 10 Pro or 7 Ultimate to get BitLocker.

Alternatively, if you or the user needs adaptions for some form of accessibility, then it'st still possible to upgrade to Windows 10 Pro for free:

https://www.microsoft.com/en-gb/accessibility/windows10upgrade - no proof is needed that assistive technology is used so there is no paperwork.

It might be difficult to trust OpenSource encryption solutions especially since the TrueCrypt issue and many won't leverage the TPM which will protect part of the keychain used to decrypt the drive.
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
It might be difficult to trust OpenSource encryption solutions

hmm... i'd never consider using any encryption software that's not opensource.
if you can't audit your solution, it's probably not as failsafe as the vendor claims.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
Comment Utility
Re:  https://www.microsoft.com/en-gb/accessibility/windows10upgrade - no proof is needed that assistive technology is used so there is no paperwork.

I've been meaning to ask this question.  Feel free to check / comment on this page:

https://www.experts-exchange.com/questions/28985942/How-do-you-know-you-are-properly-activated-on-Windows-10-upgrades.html
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now