This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Webmaster forum > November 2007 > Do you encrypt your laptop(s)?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Do you encrypt your laptop(s)?
|
|
|
|
Hi
I was just wondering if you guys use laptops and if you do... do you
encrypt them?
(I'm sorry if this seems slightly off-topic... but you guys always
seem to give such
sensible answers!)
The big concern of course is the rise in laptop theft (see this
article).
http://software.silicon.com/securit...39167107,00.htm
The article seems to conclude:
"It's really simple. Encrypt, encrypt, encrypt. Encryption is the
solution."
But I am wondering how much encryption slows down a laptop in
practice.
I mean if you encrypt the ENTIRE hard disk, this has surely got to
slow
down the speed of the machine quite significantly. No?
Any thoughts?
Ship
Shiperton Henethe
| |
|
|
"ship" <shiphen@XXXXXXXXXX> wrote in message
news:a19a2400-0c80-43d3-b142-3ab95bb22e66@a28g2000hsc.googlegroups.com...
>
> Hi
>
> I was just wondering if you guys use laptops and if you do... do you
> encrypt them?
>
> (I'm sorry if this seems slightly off-topic... but you guys always
> seem to give such
> sensible answers!)
>
> The big concern of course is the rise in laptop theft (see this
> article).
>
> http://software.silicon.com/securit...39167107,00.htm
> The article seems to conclude:
> "It's really simple. Encrypt, encrypt, encrypt. Encryption is the
> solution."
>
> But I am wondering how much encryption slows down a laptop in
> practice.
> I mean if you encrypt the ENTIRE hard disk, this has surely got to
> slow
> down the speed of the machine quite significantly. No?
>
> Any thoughts?
>
I encrypt & hide my htdocs folder on my laptop. Nothing else has critical or
password information. One of my contractors said he lost his laptop on
Friday, but managed to get it back. Slightly concerning as I bet he doesn't
go to such lengths. Might have to suggest it, but he probably won't listen.
| |
| SpaceGirl 2007-11-19, 6:19 pm |
| On Nov 19, 1:41 pm, "elyob" <newsprof...@XXXXXXXXXX> wrote:
> "ship" <ship...@XXXXXXXXXX> wrote in message
>
> news:a19a2400-0c80-43d3-b142-3ab95bb22e66@a28g2000hsc.googlegroups.com...
>
>
>
>
>
>
>
>
>
>
>
>
> I encrypt & hide my htdocs folder on my laptop. Nothing else has critical or
> password information. One of my contractors said he lost his laptop on
> Friday, but managed to get it back. Slightly concerning as I bet he doesn't
> go to such lengths. Might have to suggest it, but he probably won't listen.
I dont encrypt my laptop, but you cant view any of my files without
logging into it - Mac OS X is more secure than Windows, so, it's a lot
harder to casually view any files in my user account without having my
account password.
I also don't keep anything critical in my laptop. I copy just the
files I need to it and remove them when done. I have copies of all my
work files on my dedicated server which I can access from the
Internet, if I need to, and that box *is* encrypted.
| |
|
|
"ship" <shiphen@XXXXXXXXXX> wrote in message
news:a19a2400-0c80-43d3-b142-3ab95bb22e66@a28g2000hsc.googlegroups.com...
> The big concern of course is the rise in laptop theft
I don't ever leave any of my laptops in a place where they *can* be stolen.
Just like my cell phone, my car keys and my wallet.
--
Richard.
| |
| Toby A Inkster 2007-11-19, 6:19 pm |
| SpaceGirl wrote:
> I dont encrypt my laptop, but you cant view any of my files without
> logging into it - Mac OS X is more secure than Windows, so, it's a lot
> harder to casually view any files in my user account without having my
> account password.
Ummm... reboot the machine in single user mode. No passwords, no fuss.
Instant access to the whole hard disk -- and the ability to reset any
user's password if desired.
For that matter, remove the HDD, put it into one of those USB shell cases,
plug it into a Linux box. As long as the attacker is logged into the Linux
box (i.e. their *own* Linux box) as root, they can read the whole disk.
OS security is nice, but as soon as the attacker has physical access to
the machine, it becomes worthless, because the attacker can choose not to
run the OS!
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 12 days, 22:34.]
USD/EUR Exchange Rate Graph
http://tobyinkster.co.uk/blog/2007/11/18/usd-eur/
| |
| SpaceGirl 2007-11-19, 6:19 pm |
| On Nov 19, 3:48 pm, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
> SpaceGirl wrote:
>
> Ummm... reboot the machine in single user mode. No passwords, no fuss.
> Instant access to the whole hard disk -- and the ability to reset any
> user's password if desired.
How do you do that? I don't know how to restart OS X without a
password or boot the machine without one.
> For that matter, remove the HDD, put it into one of those USB shell cases,
> plug it into a Linux box. As long as the attacker is logged into the Linux
> box (i.e. their *own* Linux box) as root, they can read the whole disk.
I suppose. The reason why I dont carry anything too critical around
with me.
One of the volumes (archive volume) uses OS X's encrypted mountable
file system. I think that's very secure. It just looks like a file,
and to open it you need to mount it, and to mount it you need a
password (which is not the same as root or the user accounts). I've
not noticed and performance hits when writing to that volume, but then
that is on our Mac Pro workstation.
> OS security is nice, but as soon as the attacker has physical access to
> the machine, it becomes worthless, because the attacker can choose not to
> run the OS!
You can do some things to mitigate risks; the chances are if your
laptop IS stolen, it'll be by an opportunist and sold cheep somewhere.
Then the subsequent chances of someone then figuring out how to get
into your files if you make it a little hard for them must drop
considerably. They're more likely to just format the thing I think.
I suppose if you do keep important things on a laptop (that you cannot
afford for prying eyes to see), PGP just those files (and / or create
an encrypted volume) and DO NOT save the passwords to your keychain. I
don't think you need to encrypt the whole machine; the performance hit
would hurt on a laptop.
| |
| Toby A Inkster 2007-11-19, 6:19 pm |
| SpaceGirl wrote:
> On Nov 19, 3:48 pm, Toby A Inkster <usenet200...@tobyinkster.co.uk>
> wrote:
>
>
> How do you do that? I don't know how to restart OS X without a
> password or boot the machine without one.
Apple Key + S, while the machine is booting. (Press it as soon as the
machine is powered on, and hold it in until you see white text on a black
background.)
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 13 days, 18 min.]
USD/EUR Exchange Rate Graph
http://tobyinkster.co.uk/blog/2007/11/18/usd-eur/
| |
| SpaceGirl 2007-11-19, 6:19 pm |
| Toby A Inkster wrote:
> SpaceGirl wrote:
>
> Apple Key + S, while the machine is booting. (Press it as soon as the
> machine is powered on, and hold it in until you see white text on a black
> background.)
>
And that gives you unlimited root access? That's kinda crappy :(
--
x theSpaceGirl (miranda)
http://www.northleithmill.com
-.-
Kammy has a new home: http://www.bitesizedjapan.com
| |
| Mark Goodge 2007-11-19, 6:19 pm |
| On Mon, 19 Nov 2007 14:43:22 GMT, rf put finger to keyboard and typed:
>
>"ship" <shiphen@XXXXXXXXXX> wrote in message
>news:a19a2400-0c80-43d3-b142-3ab95bb22e66@a28g2000hsc.googlegroups.com...
>
>
>I don't ever leave any of my laptops in a place where they *can* be stolen.
>Just like my cell phone, my car keys and my wallet.
That's certainly a good start. But it doesn't protect you against
scenarios over which you have no control. Unless you keep your laptop
with you at all timnes, and never sleep, you're still relying on the
physical security of the building that contains it - and that can be
breached. Even if you do keep it with you at all times, you can't
guarantee that you'll always be able to maintain control of it. You
could, for example, be a victim of a violent crime where you have no
ability to resist. If you're ever involved in a vehicle accident and
are seriously injured, you'll probably find yourself taken off to
hospital with many of your posessions left behind - the medics,
rightly, won't care about anything other than keeping you alive.
Looting at accident sites is, unfortunately, far more common than you
might think.
Mark
--
http://www.BritishSurnames.co.uk - What does your surname say about you?
"I scare myself to death, that's why I keep on running"
| |
| SpaceGirl 2007-11-19, 6:19 pm |
| Mark Goodge wrote:
> On Mon, 19 Nov 2007 14:43:22 GMT, rf put finger to keyboard and typed:
>
>
> That's certainly a good start. But it doesn't protect you against
> scenarios over which you have no control. Unless you keep your laptop
> with you at all timnes, and never sleep, you're still relying on the
> physical security of the building that contains it - and that can be
> breached. Even if you do keep it with you at all times, you can't
> guarantee that you'll always be able to maintain control of it. You
> could, for example, be a victim of a violent crime where you have no
> ability to resist. If you're ever involved in a vehicle accident and
> are seriously injured, you'll probably find yourself taken off to
> hospital with many of your posessions left behind - the medics,
> rightly, won't care about anything other than keeping you alive.
> Looting at accident sites is, unfortunately, far more common than you
> might think.
>
> Mark
*raised eyebrow* do you hang out around crash sites? :)
--
x theSpaceGirl (miranda)
http://www.northleithmill.com
-.-
Kammy has a new home: http://www.bitesizedjapan.com
| |
| Toby A Inkster 2007-11-20, 6:19 am |
| SpaceGirl wrote:
> Toby A Inkster wrote:
>
>
> And that gives you unlimited root access?
Uh-huh.
Basically, when Unix operating systems first start up, they are in
single-user (root) mode. Then a bunch of programs are launched -- network
services, and other daemons including the login screen. Using the login
screen drops you in as a less privileged user.
Single user mode drops you in at the stage before all those daemons are
launched.
> That's kinda crappy :(
What you've got to remember is that Unix was really designed for
mainframe/server machines -- unprivileged users would be using the
machine over a network and have no physical access to the computer.
So having a single-user mode for system recovery purposes was seen
as a good compromise between security and system integrity.
This is not an isolated vulnerability though. Unless you use
encrypted storage, with the key kept on removable media (which you
actually remove when not in use!), all OS security measures are
vulnerable to physical access, because the attacker can simply
access your hard disk with *his* OS, not yours. This applies to
Macs, Windows, Linux, BSD -- take your pick.
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 13 days, 17:07.]
USD/EUR Exchange Rate Graph
http://tobyinkster.co.uk/blog/2007/11/18/usd-eur/
| |
| SpaceGirl 2007-11-20, 6:18 pm |
| On Nov 20, 10:22 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
> This is not an isolated vulnerability though. Unless you use
> encrypted storage, with the key kept on removable media (which you
> actually remove when not in use!), all OS security measures are
> vulnerable to physical access, because the attacker can simply
> access your hard disk with *his* OS, not yours. This applies to
> Macs, Windows, Linux, BSD -- take your pick.
Well I learned something :) Thanks for the information. I hate
computers just a little more today!
| |
| Chaddy2222 2007-11-20, 6:18 pm |
| On Nov 20, 11:56 pm, SpaceGirl <nothespacegirls...@subhuman.net>
wrote:
> On Nov 20, 10:22 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
> wrote:
>
>
> Well I learned something :) Thanks for the information. I hate
> computers just a little more today!
What you've never know about "safe mode" in Windows? Presuming it's
the same thing?
--
Regards Chad. http://freewebdesignonline.org
| |
| Toby A Inkster 2007-11-20, 6:18 pm |
| Chaddy2222 wrote:
> What you've never know about "safe mode" in Windows? Presuming it's
> the same thing?
It's conceptually similar. Nowhere near as bare-bones though.
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 14 days, 39 min.]
USD/EUR Exchange Rate Graph
http://tobyinkster.co.uk/blog/2007/11/18/usd-eur/
| |
| dk_sz 2007-11-20, 10:16 pm |
| > down the speed of the machine quite significantly. No?
>
> Any thoughts?
Have Windows on one parition + system files
Have data on another... Have data partion 100%
encrypted using e.g. TrueCrypt. Performance
is quite acceptable. I have all my data encrypted.
--
best regards
Thomas Schulz
:: A1 Sitemap Generator ::
http://www.micro-sys.dk/products/sitemap-generator/
| |
| SpaceGirl 2007-11-21, 6:17 pm |
| On Nov 20, 1:46 pm, Chaddy2222 <spamlovermailbox-
sicur...@yahoo.com.au> wrote:
> On Nov 20, 11:56 pm, SpaceGirl <nothespacegirls...@subhuman.net>
> wrote:
>
> What you've never know about "safe mode" in Windows? Presuming it's
> the same thing?
Yes I know about safe mode. I know Windows inside out, and I know how
to get into any locked Windows box and see any files I want. But I've
only been using Macs (in earnest) for a year so didn't know about
single user mode.
| |
| Chaddy2222 2007-11-21, 6:17 pm |
| On Nov 22, 1:24 am, SpaceGirl <nothespacegirls...@subhuman.net> wrote:
> On Nov 20, 1:46 pm, Chaddy2222 <spamlovermailbox-
>
> sicur...@yahoo.com.au> wrote:
>
>
> Yes I know about safe mode. I know Windows inside out, and I know how
> to get into any locked Windows box and see any files I want. But I've
> only been using Macs (in earnest) for a year so didn't know about
> single user mode.
Oh yes, I do remember you telling us that umm about a year or so back
when you got your Mac that you had just got it. That makes little
sence *what just wrote, oh well.
| |
|
| On Nov 21, 2:40 pm, Chaddy2222 <spamlovermailbox-
sicur...@yahoo.com.au> wrote:
> On Nov 22, 1:24 am, SpaceGirl <nothespacegirls...@subhuman.net> wrote:
>
>
>
>
>
> Oh yes, I do remember you telling us that umm about a year or so back
> when you got your Mac that you had just got it. That makes little
> sence *what just wrote, oh well.
What would be the best way of going about encryption of a WindowXP
laptop?
Can one encrypt one entire directories (incl. subdirectories)?
And if so, does it slow down the machine noticeably?
Ship
FWIW, my laptop has logmein.com running on it, and if stolen by a low-
tech
criminal I'd have at least a sporting chance of logging in remotely
and trashing
all the data - if it looked like it was lying idle for a while i guess
I could re-format
the entire disk! Just at thought.
| |
| Toby A Inkster 2007-11-23, 6:19 pm |
| ship wrote:
> FWIW, my laptop has logmein.com running on it, and if stolen by a low-
> tech criminal I'd have at least a sporting chance of logging in remotely
> and trashing all the data
Or you could leave little "todo" lists on the desktop. Things like "return
laptop to rightful owner"; "hand myself in to police"...
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 20:50.]
It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
| |
| SpaceGirl 2007-11-23, 6:19 pm |
| Chaddy2222 wrote:
> On Nov 22, 1:24 am, SpaceGirl <nothespacegirls...@subhuman.net> wrote:
>
> Oh yes, I do remember you telling us that umm about a year or so back
> when you got your Mac that you had just got it. That makes little
> sence *what just wrote, oh well.
Well I've had a PowerBook for 3 years, but Macs being Macs, never needed
to poke around under the desktop even once. I bought a Mac Pro last
Christmas, and I bought my partner a MBP in September. So I'm nowhere
near as intimate (ew) with the workings of a Mac as I am Windows. With
Windows you kind of need to be because it breaks so often. I've only
ever had to resort to the command line (terminal) once on my Mac because
it refused to eject a "bad" CD from the desktop. That's once, between
the 3 macs we own, in 3 years :)
--
x theSpaceGirl (miranda)
http://www.northleithmill.com
-.-
Kammy has a new home: http://www.bitesizedjapan.com
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|