For laptops, users must be sure to secure not only the data that goes in and out of the system, but also the laptop itself. Because of its portable nature, a laptop is much more likely to be stolen than a desktop. Antitheft MeasuresThere is a growing concern for security and safety with portables because their small size and weight makes them easy targets for thieves . A prime target is the traveler at the airport. In that environment, you should always be sure you keep tight control over your computer; otherwise , it can easily be stolen. A common scam involves two people at the X-ray scanner. They both stand in front of you in line; one goes through and the other waits until you put your system on the conveyer belt before holding up the line, fumbling with change and other items in his pocket. This serves to detain you while the companion grabs your notebook and runs. By the time you get through, your system is gone. Moral of the story: Don't set your computer on the conveyer belt until there is nobody between you and the metal detector portal. Various alarms are sold that can shriek if your system is stolen, but these are a fairly extreme solution. System manufacturers offer protection for their systems in several ways. One is to offer a latch on the system to which a security lock cable can be bolted. This is ideal if you are working with your system on a desk and want to lock it to the desk. Companies such as Kensington Microware sell steel cables with a key lock that goes through the latch in the system case and can then be wrapped around a secure object. The latch in the case is made as a part of the frame and not the flimsy plastic exterior casing . Hardware-Level PasswordsA second method for protection involves hardware-level passwords. These passwordsnot to be confused with those of the operating systemare designed to secure the actual hardware of the laptop. Most notebook systems offer several levels of password protection, but the most secure are the administrator password and the hard disk password. Both of those, if lost, can't be reset or deleted, so losing them renders the motherboard or hard disk useless. Be careful if you set these passwordsdon't forget them! Of course, the idea is that if thieves steal your portable, they won't be able to access any of the data on it, even if they move the hard disk to another machine. IBM includes a Personalization Editor with some of its ThinkPad systems that enables you to place information such as your name , address, phone number, company information, and even logo directly into the BIOS, such that they will appear when the system is started. This easily identifies the proper owner of the system if it falls into the wrong hands. It can also be useful for identifying individual computers in a company where everybody is issued the same system. Operating System PasswordsAnother way to secure your laptop is to use the password feature of Windows. Set up secure passwords on all user and administrator accounts. With Windows XP Professional, you can provide extra security for individual folders. Note that a hidden backdoor exists for both the Home and Professional versions of Windows XP. This backdoor is in the form of a hidden Administrator account that is used to gain access to your system if you've forgotten the password to your own administrator account. Here's how to deactivate this account:
This procedure creates a disk that enables you to log on if you forget your password. Keep this disk secure. This procedure also deactivates the hidden administrator account. Antivirus SoftwareIf you have received more than a few email messages, you have probably received one that was infected with a virus. These days, a good and well- maintained antivirus program is a must. Be sure to update the virus definitions for the program on a regular basis. Otherwise, you will be vulnerable to the new viruses that are sure to crop up. FirewallsIf you connect to the Internet for any length of time, be aware that your connection is a two-way street. At any time someone may be trying to connect with you, or more precisely, trying to get into your system. Alternatively, a rogue program that somehow got on your laptop may be trying to send out confidential information from your laptop to some destination on the Internet. The way to stop this is the set up a firewall. One of the best is also free (for the basic version): ZoneAlarm, available at www.zonealarm.com. Virtual Private NetworkingIt was not long ago that companies would lease private communications cables for high-speed communications between distant offices. In addition to fast data links, this arrangement also ensured privacy. Now, however, most companies opt for a much more affordable way. Virtual private networking (VPN) enables you establish what is effectively a private connection over the very public medium of the Internet. This is accomplished via encryption. Although there are some powerful VPN programs on the market, Windows is already equipped with a fairly decent implementation of VPN. To use it, you must be sure that both ends of the connectionyour laptop and your host systemare running it at the same time. EncryptionAn increasingly significant security hazard for laptops is wireless LAN eavesdropping. Someone can very easily tap into your wireless LAN and monitor all of its traffic simply by parking his car outside your office. The solution to this problem involves encryption. File EncryptionIf you are sending a sensitive file via an untrustworthy medium, such as a wireless LAN or the Internet, you may want to encrypt it first. Even if the file never leaves your laptop, you may want to encrypt it to prevent prying eyes from reading it. Fortunately, the latest versions of many Microsoft Office applications include fairly robust encryption capabilities. For example, Microsoft Word 2002 features a good encryption scheme that gives you a choice of several different encryption techniques. To encrypt a file in Word 2002 (part of Office XP), follow these steps:
A similar process can be used to encrypt files under Microsoft Excel. Wireless LAN EncryptionCurrently, the encryption standard for wireless LANs is evolving. As a result, users now have two standards from which to choose: WEP and WPA. WEPWireless Equivalent PrivacyBecause of the obvious security vulnerability of a wireless LAN, the original specification for 802.11b wireless LANs included an encryption technique called Wireless Equivalent Privacy (WEP) . Two possible key lengths were specified: a fairly secure 128-byte key, and a less secure 40-byte key meant for sale outside the United States. During 2001, a serious vulnerability was exposed in WEP, and people began writing programs to exploit this security hole. An industrial spy can now download a program off the Internet that could analyze all the traffic on your wireless LAN and eventually deduce the WEP key. On a WLAN with heavy traffic, this program could gather sufficient packets to accomplish this task in only one day. Because of this vulnerability, many highly secure installations banned wireless LANs outright . Although flawed, WEP security may still be secure enough for residential and small office applications. But its value should not be overestimated. Like most door locks, its main function may be limited to keeping honest people honest. The actual process of activating WEP security can vary from one 802.11b PC Card brand to another. In most cases, you can access the card through the Networks icon in the Control Panel of Windows. Once there, click the Configure button, which should lead you to a menu that includes a WEP security setting. WPAWi-Fi Protected AccessIn order to provide corporations with bulletproof wireless LAN security, the Wi-Fi Alliance worked together with the Institute of Electrical and Electronics Engineers (IEEE) 802.11 group to develop a new security solution called Wi-Fi Protected Access (WPA) . The new standard, which was announced in October of 2002, builds on the just-completed 802.11i Robust Security Network standard. Part of the strength of WPA is its reliance on the 802.1x authentication standard. This authentication technique ensures that only authorized users can access the wireless LAN, but it requires an authentication server. Smaller companies without such a server will have to rely on a key installed on each PC Card node and access point. A number of products have already been certified as WPA compliant by the Wi-Fi Alliance. This number will surely grow, and in time the WPA-compliant products will replace the WEP-compliant products. Note, however, that at this point, operating system support for WPA is limited, but it will improve shortly. |