Home ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/spacer.gif) ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/breadcrumb_arrow.gif) Programs ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/spacer.gif) ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/breadcrumb_arrow.gif) Emergency management ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/spacer.gif) ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/breadcrumb_arrow.gif) Response ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/spacer.gif) ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/breadcrumb_arrow.gif) CCIRC ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/spacer.gif) ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/breadcrumb_arrow.gif) Analytical releases2 ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/spacer.gif) ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/breadcrumb_arrow.gif) Other analytical products ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/spacer.gif) ![](/web/20061025230427im_/http://www.psepc.gc.ca/world/site/images/breadcrumb_arrow.gif) IN04-001: General best practices for laptop security
PurposeThe purpose of this paper is to provide advice on best practices for securing sensitive data stored within laptop computers. This includes physical security in the handling of laptops and securing the information therein. AudienceThis Public Safety and Emergency Preparedness Canada (PSEPC) Information Note is intended for both laptop users and those responsible for the security of laptop computers that store sensitive data, such as programs related to the functionality of critical assets. IntroductionLaptop computers are increasingly being used by Canadian industry and government to store and transport sensitive data. Laptops are a desirable tool due to their portability and ease of use; however, as computer technology becomes more advanced so do methods of compromising vulnerabilities inherent in the laptop's configuration and existing security protocols. Theft of industry-owned laptop computers from residences and offices is not an uncommon occurrence in Canada. If an unauthorized user has physical access to a laptop computer system, then gaining administrative access (i.e. the ability to run any program) to the laptop, and its sensitive data, is a simple process. There are some hardware-based security devices available that can increase the time required to break into a system from a few minutes to a few hours.
Best PracticesStrong AuthenticationEnforcing strong authentication on laptops is one of the best measures to prevent unauthorized access to sensitive data. To ensure only authorized personnel are able to gain access to a laptop computer, a user should be required to present at least two of the following: a) something they know (password/passphrase matched with a username); b) something they have (hardware token, smart card); or, c) something they are (biometrics).
EncryptionIt is recommended that sensitive information on laptop computers be kept encrypted at all times. Encryption involves scrambling a file or other type of data, known as the "plaintext," in order to render it unusable or unreadable. Properly-implemented encryption will make it extremely difficult for unauthorized users to gain access to stored data. Encryption technologies most commonly used include full disk, volume, and file and folder encryption. Full disk encryption is recommended as a comprehensive method of ensuring that data is secure. Once all partitions of a hard drive are encrypted, they are very difficult to compromise. Encrypting the full disk drive also prevents access to any sensitive software applications that may be on the laptop. Additional Tools- Maintaining up-to-date anti-virus, patching, and personal firewall software is a good general network security practice.
Laptops are not to be left unattended in any environment that is not secure. Locking cables are inexpensive and they help to prevent the physical theft of laptops. Asset tags are a low-technology security device that will assist in protecting the security of laptops. These semi-permanent tags will leave a type of tattoo if removed. This simple security measure may deter those thieves who realize an identifying mark will be left on the laptop. Another type of tag includes radio frequency identification (RFID) tags. The RFID tag transmits identifying information about the laptop to nearby sensors that are located along a specified perimeter. When the laptop is removed from the perimeter, an alarm is triggered. Location tags will disable the system if the laptop is removed from a specified area. - Motion-detection devices can identify when a laptop is being moved. Moving the system will trigger an alarm that increases in volume as the system is in motion. A password for activating or deactivating the motion-based security device can be added.
ReferencesGrant, Chris Defense-In-Depth Applied to Laptop Security: Ensuring Your Data Remains Your Data. 14 October 2003. GIAC GSEC Practical -- Version 1.4b, Option 1. http://www.giac.org/practical/GSEC/Chris_Grant_GSEC.pdf ![This link will open in a new window.](/web/20061025230427im_/http://www.psepc.gc.ca/images/newwindow.gif)
|