![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Corporate Laptop Security
- Thread starter Manu
- Start date
gigabyte1024
[H]ard|Gawd
- Joined
- Mar 10, 2001
- Messages
- 2,027
I'm sure there might be someone bashing this... but
Dell (others too? I don't use other brands) has a feature for a hard drive password.
Basically anytime you turn on the laptop you must type in the hard drive password. It's seperate from the BIOS password and stored on the drive itself. It helps protect the drive/data from just being put in another computer.
Dell (others too? I don't use other brands) has a feature for a hard drive password.
Basically anytime you turn on the laptop you must type in the hard drive password. It's seperate from the BIOS password and stored on the drive itself. It helps protect the drive/data from just being put in another computer.
Yes, Lenovo has quite a bit of that too. They don't have a full hard drive encryption app, but they do have a file-based encryption virtual drive.
There are full-disk encryption utilities out there, but the ones I've tested weren't all that great (as they bogged down the CPU and ran the HDD a lot, which also killed the battery's power).
Threats? It really depends upon what your company does. If you do a lot of sales, then you need to worry about client information getting out in the open. If you do development, you need to worry about competitors getting hold of your source code. If someone snatches hardware, its fairly easy to get the files off (even without the proper log-in information) unless there is some form of file-based password and/or encryption scheme.
One thing that I really want to find out is how Windows deals with caching passwords on the laptops. On-site, yeah, it'll check with the main AD server, but what about when users log-in offsite? I know it still works fine, but how secure is it having that ability?
There are full-disk encryption utilities out there, but the ones I've tested weren't all that great (as they bogged down the CPU and ran the HDD a lot, which also killed the battery's power).
Threats? It really depends upon what your company does. If you do a lot of sales, then you need to worry about client information getting out in the open. If you do development, you need to worry about competitors getting hold of your source code. If someone snatches hardware, its fairly easy to get the files off (even without the proper log-in information) unless there is some form of file-based password and/or encryption scheme.
One thing that I really want to find out is how Windows deals with caching passwords on the laptops. On-site, yeah, it'll check with the main AD server, but what about when users log-in offsite? I know it still works fine, but how secure is it having that ability?
Malk-a-mite
[H]ard|Gawd
- Joined
- Feb 16, 2002
- Messages
- 2,023
You have two options with our laptops, VPN in and RDP to your desk.
Or SSL and Citrix.
No data lives on the laptops.
No software other than our default build is put on the laptops.
Yes, we are that mean.
Or SSL and Citrix.
No data lives on the laptops.
No software other than our default build is put on the laptops.
Yes, we are that mean.
Wow, no data lives on the laptop, that is mean 
While I would actually LOVE that, I do not think I'd ever be given the ability to move forward with something like that.
Vette5885-
Can you expand a bit on the Lenovo security stuff? What is their product called, is it loaded by standard on their T series machines?
While I would actually LOVE that, I do not think I'd ever be given the ability to move forward with something like that.
Vette5885-
Can you expand a bit on the Lenovo security stuff? What is their product called, is it loaded by standard on their T series machines?
Teknikallysekure
Gawd
- Joined
- Dec 1, 2006
- Messages
- 594
We do full laptop hdd data encryption. That and we use Cisco VPN tools for intranet access.
Other than that, well that's about it.
Other than that, well that's about it.
My Lenovo T60 (as well as my older T41, T42, and T43 laptops when I ran and managed them) has a program, which would create an encrypted file that could be mounted as a mapped drive. The file could be as large as you want (default is 512MB), and you can put anything in it (I think it was NTFS formatted too). I want to say that it was part of the Client Security Solution (part of Lenovo's ThinkVantage Technologies that came pre-installed on the laptop). I personally have since removed it, as I don't keep any individual confidential files on my laptop.
I'm sure their site has something about it.
What do you guys use for full HDD encryption?
the mid size(non sub prime ;-) ) mortgage company I work for...
which is heavily technology based...
Our machines aren't really locked down too much to someone motivated, though we do give our "Certified" laptops out (Which are all IT chosen/imaged) with no local administrative rights except to our IT staff. The rest of it is domain login only as far as authentication goes (cached password for off site use of course).
When the user leaves the company we remove the machine account from A/D and of course disable the user's AD access, which will cut off the VPN access.
The software we though, almost all of it is stored centrally in the data center. Anything local will be something the loan officer has put on there himself, not the company. Come to think of it, we actually go to the extent of disabling all the built in machine security/built in biometric measures available in order to make life easier for the users.
In our business model though, we are pretty safe iwth this, as not much confidential data is kept locally.
which is heavily technology based...
Our machines aren't really locked down too much to someone motivated, though we do give our "Certified" laptops out (Which are all IT chosen/imaged) with no local administrative rights except to our IT staff. The rest of it is domain login only as far as authentication goes (cached password for off site use of course).
When the user leaves the company we remove the machine account from A/D and of course disable the user's AD access, which will cut off the VPN access.
The software we though, almost all of it is stored centrally in the data center. Anything local will be something the loan officer has put on there himself, not the company. Come to think of it, we actually go to the extent of disabling all the built in machine security/built in biometric measures available in order to make life easier for the users.
In our business model though, we are pretty safe iwth this, as not much confidential data is kept locally.
We use true crypt on all our laptops and usb drives.
http://www.truecrypt.org/
http://www.truecrypt.org/