Communications Security | Scott Muellers Upgrading and Repairing Laptops, Second Edition

For laptops, users must be sure to secure not only the data that goes in and out of the system, but also the laptop itself. Because of its portable nature, a laptop is much more likely to be stolen than a desktop.

Antitheft Measures

There is a growing concern for security and safety with portables because their small size and weight make them easy targets for thieves. A prime target is the traveler at the airport. In that environment, you should always be sure you keep tight control over your computer; otherwise, it can easily be stolen.

A common scam involves two people at the X-ray scanner. They both stand in front of you in line; one goes through and the other waits until you put your system on the conveyer belt before holding up the line, fumbling with change and other items in his pocket. This serves to detain you while the companion grabs your notebook and runs. By the time you get through, your system is gone. Moral of the story: Don't set your computer on the conveyer belt until there is nobody between you and the metal detector portal. You can buy various alarms that can shriek if your system is stolen, but they are a fairly extreme solution.

System manufacturers offer protection for their systems in several ways. One is to offer a latch on the system to which a security lock cable can be bolted. This solution is ideal if you are working with your system on a desk and want to lock it to the desk. Companies such as Kensington Microware sell steel cables with a key lock that goes through the latch in the system case and can then be wrapped around a secure object. The latch in the case is made as a part of the frame and not the flimsy plastic exterior casing.

Hardware-Level Passwords

A second method for protection involves hardware-level passwords. These passwordsnot to be confused with those of the operating systemare designed to secure the actual hardware of the laptop. Most notebook systems offer several levels of password protection, but the most secure are the administrator password and the hard disk password. Both of those, if lost, can't be reset or deleted, so losing them renders the motherboard or hard disk useless. Be careful if you set these passwordsdon't forget them! Of course, the idea is that if thieves steal your portable, they won't be able to access any of the data on it, even if they move the hard disk to another machine.

Operating System Passwords

Another way to secure your laptop is to use the password feature of Windows. Set up secure passwords on all user and administrator accounts. With Windows XP Professional, you can provide extra security for individual folders.

Note that a hidden backdoor exists for both the Home and Professional versions of Windows XP. This backdoor is in the form of a hidden administrator account that is used to gain access to your system if you've forgotten the password to your own administrator account.

Here's how to deactivate this account:

1.	While logged on in an administrator account, open the Control Panel.
2.	Double-click Users.
3.	Double-click your administrator account.
4.	Click the option on the left titled Prevent a Forgotten Password.
5.	Have a blank floppy disk handy and follow the instructions.

This procedure creates a disk that enables you to log on if you forget your password. Keep this disk secure. This procedure also deactivates the hidden administrator account.

Antivirus Software

If you have received more than a few email messages, you have probably received one that was infected with a virus. These days, a good and well-maintained antivirus program is a must. Be sure to update the virus definitions for the program on a regular basis. Otherwise, you will be vulnerable to the new viruses that are sure to crop up.

Firewalls

If you connect to the Internet for any length of time, be aware that your connection is a two-way street. At any time someone may be trying to connect with you or, more precisely, trying to get into your system. Alternatively, a rogue program that somehow got on your laptop may be trying to send out confidential information from your laptop to some destination on the Internet. The way to stop this is to set up a firewall. One of the best is also free (for the basic version): ZoneAlarm, available at www.zonealarm.com.

Virtual Private Networking

It was not long ago that companies would lease private communications cables for high-speed communications between distant offices. In addition to fast data links, this arrangement also ensured privacy. Now, however, most companies opt for a much more affordable way. Virtual private networking (VPN) enables you to establish what is effectively a private connection over the very public medium of the Internet. This is accomplished via encryption.

Although there are some powerful VPN programs on the market, Windows is already equipped with a fairly decent implementation of VPN. To use it, you must be sure that both ends of the connectionyour laptop and your host systemare running it at the same time.

Encryption

An increasingly significant security hazard for laptops is wireless LAN eavesdropping. Someone can very easily tap into your wireless LAN and monitor all of its traffic simply by parking his or her car outside your office. The solution to this problem involves encryption.

File Encryption

If you are sending a sensitive file via an untrustworthy medium, such as a wireless LAN or the Internet, you may want to encrypt it first. Even if the file never leaves your laptop, you may want to encrypt it to prevent prying eyes from reading it. Fortunately, the latest versions of many Microsoft Office applications include fairly robust encryption capabilities. For example, Microsoft Word 2002 features a good encryption scheme that gives you a choice of several different encryption techniques.

To encrypt a file in Word 2002 (part of Office XP), follow these steps:

1.	With the file open, select Tools, Options from the menu bar.
2.	Click the Security tab.
3.	Type in a password, which will be required to open the file.
4.	If you click the Advanced button, you can choose a more powerful encryption technique.

A similar process can be used to encrypt files under Microsoft Excel.

Wireless LAN Encryption

Currently, the encryption standard for wireless LANs is evolving. As a result, users now have two standards from which to choose: WEP and WPA.

WEPWireless Equivalent Privacy

Because of the obvious security vulnerability of a wireless LAN, the original specification for 802.11b wireless LANs included an encryption technique called Wireless Equivalent Privacy (WEP). Two possible key lengths were specified: a fairly secure 128-byte key and a less secure 40-byte key meant for sale outside the United States.

During 2001, a serious vulnerability was exposed in WEP, and people began writing programs to exploit this security hole. An industrial spy can now download a program off the Internet that could analyze all the traffic on your wireless LAN and eventually deduce the WEP key. On a WLAN with heavy traffic, this program could gather sufficient packets to accomplish this task in only one day. Because of this vulnerability, many highly secure installations banned wireless LANs outright.

Although flawed, WEP security may still be secure enough for residential and small office applications. But its value should not be overestimated. Like most door locks, its main function may be limited to keeping honest people honest.

The actual process of activating WEP security can vary from one 802.11b PC Card brand to another. In most cases, you can access the card through the Networks icon in the Control Panel of Windows. Once there, click the Configure button, which should lead you to a menu that includes a WEP security setting.

WPA/WPA2Wi-Fi Protected Access

To provide corporations with bulletproof wireless LAN security, the Wi-Fi Alliance worked together with the Institute of Electrical and Electronics Engineers (IEEE) 802.11 group to develop a new security solution called Wi-Fi Protected Access (WPA). The standard, which was announced in October of 2002, builds on the IEEE 802.11i Wireless LAN Security Network standard. The WPA2 standard was introduced in September of 2004 and differs from WPA by providing a stronger encryption mechanism through Advanced Encryption Standard (AES), which is a requirement for some corporate and government users.

The WPA and WPA2 standards closely mirror the official IEEE 802.11i Wireless LAN security standard. Both standards have two componentsencryption and authenticationthat are crucial to wireless LAN security. WPA2 adds stronger encryption requirements (AES) but also enhancements to support fast roaming of wireless clients. For example, WPA2 allows you to reconnect to an access point that you've recently connected to without the need to reauthenticate. Preauthentication support in WPA2 allows you to preauthenticate with the access point toward which you are moving, while maintaining a connection to the access point you're moving away from.

Part of the strength of WPA/WPA2 is its reliance on the 802.1x authentication standard. This authentication technique ensures that only authorized users can access the wireless LAN, but it requires an authentication server. Smaller companies without such a server will have to rely on a key installed on each PC Card node and access point.

A large number of products have already been certified as WPA/WPA2 compliant by the Wi-Fi Alliance. This number will surely grow, and in time the WPA/WPA2-compliant products will replace the WEP-compliant products. All products that are certified for WPA2 will be interoperable with products that are certified for WPA, whereas some WPA products can be upgraded by software or firmware to support WPA2. Note, however, that at this point, operating system support for WPA/WPA2 is limited; just Windows XP, Apple's OS X and Linux support it.