Solved

Securing a windows 7 laptop when out of the office.  It's part of an SBS 2011 domain

Posted on 2016-11-21
  • SBS
  • Windows 7
  • Security
  • Laptops Notebooks
  • Storage Hardware
  • +1
11
164 Views
Last Modified: 2016-11-28
What are the options for the way to 'secure' the data on a laptop in case it gets stolen?

I was thinking there's the drive bootup password in the bios of the laptop (Dell Latitude).  I guess I could take the drive out to see for myself, but does that actually keep the drive locked up even if removed from the laptop and connected to another PC?

We're not talking state secrets here.  So if the answer to the hard drive password lock is that they can swap out the board on the drive and get in, that's not a concern.

We're more concerned with keeping people from getting to the data going so far as taking the drive out of the laptop and putting in another PC using a USB to SATA cable or similar.

The OS is Windows 7 Pro and the server for the domain is SBS 2011.

Any recommendations?
0
Comment
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 3

Assisted Solution

by:Pune Tech
Pune Tech earned 83 total points
ID: 41895997
Right now your laptop data is unsafe any one can copy by connecting to usb but there are steps you can take to reduce the risk. Here are 10 simple things you can do to help keep your laptop secure when you are on the go

Check following article for details,

http://www.in.techradar.com/news/mobile-computing/laptops/10-steps-you-can-take-to-secure-a-laptop/articleshow/38835410.cms
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 83 total points
ID: 41895999
What the bios "hard drive password" actually does depends on the model of laptop and model of drive. You can use self encrypting drives and if the bios supports it, you will really be using encryption and this (given we use a password that is not easy to brute force) is secure.
Other hard drive locking mechanisms are not that secure. To give you an idea: data recovery online services offer to unlock your drive for less than 100 US$ (but you'll have to send them the drive).

So look into the drive models and see if SED (self encrypting drives) is a feature and if the dell bios supports to use that on all models that you have.
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 251 total points
ID: 41898920
the hard drive password most likely does not do encryption if the word crypt is not present somewhere in the bios. usually, you'd get both on separate lines, but there are exceptions. best way to know try it. it should work internally or as an usb external drive.

assuming the hardware does not support it, windows can work on completely encrypted drives but i would not recommend that approach : pain to setup, you'll have to reinstall or clone, and it is uselessly slow.

i'd recommend you create a separate partition. you can resize existing ones in computer management, and create new ones. i'm unsure about resizing the system partition while it is running. if you need to do that and windows won't, any bootable cd with gparted will let you do that easily.

once you're done, you can use the ms bitlocker tool ( should be under system in control panel ) to encrypt the drive

then format the partition and make sure any sensitive data is stored there. you can stick the user profile or his documents folders on the encrypted partition to make it easier. if you move the whole profile, try a dummy profile first. moving the profile is somehow better because most temp files would be stored there. ( and a few with the system but most apps that work on user data will use the profile's temp dirs )

this should be quite easy to setup without breaking the existing system, and won't encrypt the system itself which would slow down the system uselessly ( imagine the swapfile is encrypted and you swap even a little ... )

---

another way could be to use an encrypted usb key but you won't be able to set the user's profile on a removable drive afaik so your user would need to be educated. and temp files would be a problem.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 54

Expert Comment

by:McKnife
ID: 41898925
There's no bitlocker on win7 pro.
0
 
LVL 27

Accepted Solution

by:
skullnobrains earned 251 total points
ID: 41898963
oops

many freeware equivalent such as this truecrypt successor https://veracrypt.codeplex.com/ or truecrypt itself

whichever you pick, you need one that prompts for passwords rather than use a self-contained password ( rather useless ) or a removable drive ( that will likely be stolen with the laptop ) and you probably should prefer something that encrypts the whole drive rather than individual files ( though there might be some out-of-the-shelf tools that can watch a directory and encrypt/decrypt files on the fly )
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 251 total points
ID: 41898965
another way could also be to provide remote access through rdp, vnc, or whatever equivalent and leave the data at the office but that would require permanent internet access
0
 
LVL 25

Assisted Solution

by:RobMobility
RobMobility earned 83 total points
ID: 41904124
Hi,

Dell latitudes are business grade devices and thus have a TPM (trusted Platform Module) - this can be enabled in the BIOS (usually enabled by default) and since you have Windows 7 Pro, you can encrypt the in-built disk using BitLocker.

Several options are available for how the drive is unlocked - suggest a complex password of 8 characters and AES 128 (default) or AES 256 for the encryption.

During drive encryption, you will be asked to create a BitLocker recovery key - important that you keep this safe.

Hopefully this will help:

https://technet.microsoft.com/en-us/library/dd835565(v=ws.10).aspx
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 83 total points
ID: 41904129
7 pro has no bitlocker. We talked about that before, please read the other comments.
0
 
LVL 25

Expert Comment

by:RobMobility
ID: 41904155
Quite correct, it was introduced in Windows 8.0 Pro.

You could upgrade to Windows 8.1 Pro, via Windows 8.0 as it's cheaper (i.e. £45.00 in the UK) or 10 Pro or 7 Ultimate to get BitLocker.

Alternatively, if you or the user needs adaptions for some form of accessibility, then it'st still possible to upgrade to Windows 10 Pro for free:

https://www.microsoft.com/en-gb/accessibility/windows10upgrade - no proof is needed that assistive technology is used so there is no paperwork.

It might be difficult to trust OpenSource encryption solutions especially since the TrueCrypt issue and many won't leverage the TPM which will protect part of the keychain used to decrypt the drive.
0
 
LVL 27

Expert Comment

by:skullnobrains
ID: 41904649
It might be difficult to trust OpenSource encryption solutions

hmm... i'd never consider using any encryption software that's not opensource.
if you can't audit your solution, it's probably not as failsafe as the vendor claims.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 41904887
Re:  https://www.microsoft.com/en-gb/accessibility/windows10upgrade - no proof is needed that assistive technology is used so there is no paperwork.

I've been meaning to ask this question.  Feel free to check / comment on this page:

https://www.experts-exchange.com/questions/28985942/How-do-you-know-you-are-properly-activated-on-Windows-10-upgrades.html
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows mapped drive communications - Secure? 5 45
Android Touch & Google API 7 24
Cannot install image with GHOST 4 25
Network adapter disconnected 4 19
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question