Securing road warriors' communications

In the first article of this two-part series, I looked at physical protection of laptop computers outside the office. Today we'll review fundamentals of protecting data and data communications. This pair of articles is designed to be useful in security-awareness training for employees who take corporate laptop computers out of the office.

All computers today include a BIOS password that is stored in a special semi-permanent memory call CMOS registers. Without the password, it may be difficult to start your computer; however, criminals and ordinary technicians know simple methods for resetting the CMOS registers.

Encrypt data

Some security packages offer a secure startup routine, usually associated with whole-disk encryption (discussed below) which is much stronger than the security conferred by BIOS passwords.  In this technique, a special part of the hard disk called the master boot record is replaced by special security code that demands a password and the original bootstrap program is placed in the encrypted portion of the disk. Once the user has provided the right user ID and password, the secure startup program branches to the original bootstrap program and the system continues its startup process using dynamic decryption of the disk contents.

Whole-disk encryption, if used with an effective password  (NOT your spouse's name or the word "password") will protect the contents securely against all non-government attackers. Additional security can be achieved using biometric authentication or token-based authentication (or both).

Secure communications

When using wireless or wired communications outside the office – including at home – users should be conscious of securing their data transfers. Most digital subscriber line (DSL), cable and wireless broadband routers ("modems") provided by ISPs include firewall capabilities. However, portable computers in hotels or conference centers may be exposed to attack from other users of the hotel network or from external attackers. Software firewalls (e.g., the highly-respected – and free – ZoneAlarm product) or hardware-based portable firewalls (e.g., Yoggie) can protect your computer against intrusion. To check your status at a hotel (or anywhere else online), try Gibson Research Corporation's (free) ShieldsUp service, which reports on whether any of your ports are open or even responding to challenges.

Don't let the convenience of your laptop put your corporate and private data at risk: use the security tools you need to safeguard your portable computer!

In another series of articles, I'll look at security for today's smartphones.

Learn more about this topic

Breaches and vectors

Doing the laptop drive of shame, Part III

Laptop losers hall of shame

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2011 IDG Communications, Inc.

IT Salary Survey 2021: The results are in