Companies that spend many hours and dollars on network security often don’t give a second thought to securing the computers that users carry out of the office each day. This article explains why they–and you–should be taking the necessary steps to secure laptops as well as PCs and servers. Then, I’ll discuss some techniques you can use to protect yourself and your laptop data.
What would happen if…
Imagine for a moment that you’re walking through the security checkpoint at a crowded airport with your notebook computer. Just as your computer comes out of the X-ray machine, some thug grabs it and takes off. You try to catch the guy, but he loses you in the crowd. Now, you have to ask yourself, what have you really lost? First, you’ve lost a $2,500 notebook computer. However, that’s probably the least of your problems. After all, the computer probably belongs to the company and is insured. What about your data, though? If you have a backup of the work you did last night, then you’re probably not too worried. The insurance company will buy your company another computer and you can simply restore your backup. All you’ve really lost is some productivity until you get your new computer. Or is it?
What if the guy who ripped off your computer is more interested in stealing your data than making a fast buck off of selling a stolen laptop? Is that multimillion-dollar proposal you just finished secure? What about that Word document outlining the plans for a big corporate merger, or the memo outlining plans for laying off 500 people? As you can imagine, the thief could use the contents of your hard disk for personal profit through insider trading or blackmail. Worse yet, potentially damaging information off your hard disk could be released without your knowledge to the press, your shareholders, or your competitors.
The good news is, you can do something to fight back: You can apply some of the various Windows 2000 security mechanisms and protect your data from access by anyone but you. Imagine the look on that data thief’s face when he can’t read a single usable file from your hard disk.
Before we begin
Before we get started, you should know a few things. First, security is way too big a topic to fit into a single article. Therefore, it’s necessary to limit the scope of my discussion to security as it pertains to the local computer. Obviously, you should take certain measures to prevent someone from stealing your data while connected to the Internet or while dialed into another network. For now, though, I’ll be discussing techniques related solely to protecting the files on your hard disk from local access.
I should also mention that there’s no such thing as a totally secure system. If someone is knowledgeable enough, and has the right tools and enough time, any computer is eventually accessible. However, people with such skills are few and far between. You can prevent all but the most skilled hacker from breaking your system’s security.
No matter how elaborate the security policies you’ve set up on your notebook, all it takes for a user to access your data is a single password. It’s been said time and time again that you shouldn’t use weak passwords. However, this statement has so much truth that it can’t be stressed enough. All the encryption and group policies in the world won’t do a bit of good if the thief can figure out that your password is “12345” or “password”.
A good password is made up of a mixture of uppercase and lowercase letters along with some numbers or symbols. You should always avoid using normal words, because many hacker utilities use a dictionary program to break passwords. Therefore, a dictionary based hack program would quickly disclose a password such as “WILDCATS”. However, cracking passwords such as “g0_kAtz”, “uOFk#1”, or “Da~ky_WyldKatz” would be much more difficult, because a brute-force password cracker would be required. Such passwords could potentially take a dedicated computer weeks to crack.
Obviously, it’s very important to protect Windows 2000 Professional from unauthorized access through the user interface. However, protecting the operating system alone isn’t enough. A hacker could quite easily bypass the operating system by using one of the boot disks available on the Internet, which can access an NTFS partition. You need to implement two basic mechanisms to secure your data: NTFS permissions and file-level encryption.
The technique involves first securing your hard disk by converting it to NTFS, if it isn’t already formatted that way. Sure, utilities exist that can break NTFS security; but using NTFS is better than leaving your system formatted as FAT, which lets any idiot regardless of skill, utilities, or security clearances access anything on your entire system.
Once you’ve set up your system to use NTFS, it’s time to establish some basic permissions. Remember that in Windows 2000, a specific denial overrides any other permission. Therefore, lock down any directories that contain data to specifically deny access to anyone other than yourself, the administrator, and anyone else who may need access. The best way to implement this technique is to create a group with a name like NOTME and to add any local accounts to the group. If you also spend time logged in to a network, you might also add domain accounts to this group. However, don’t add any groups to this group, because one of the groups may contain your account or the administrator’s account. You don’t want to accidentally lock yourself out of your own data.
Once you’ve created the NOTME group, go to the folder that you want to restrict and assign the NOTME group a specific denial on all permissions that are associated with that folder. Be sure to also reset permissions on any existing files and to propagate the changes to any subfolders that might exist beneath the parent folder.
Be a master of disguise
One way to increase password security on local as well as network systems is to require the use of smart cards. A smart card is a credit-card-size card that contains information about the user’s login credentials. Before a user can log in, he must insert the smart card into the card reader and enter a PIN number. Although not many travelers carry readers today, this technology may become more commonly used with laptops in the future.
Smart cards offer several advantages. First, smart cards are designed to be tamperproof. Therefore, using a smart card is much more secure than storing security credentials on a hard disk. Another advantage is that the information stored on a smart card isn’t part of the operating system. One common technique that hackers use to gain public key information is to force a buffer overflow or a memory dump. They can then analyze the output to determine the pertinent security information. Smart cards won’t reveal this information during a crash because they aren’t part of the operating system. Finally, if you use smart cards for everyone in your organization, you don’t have to worry about anyone forgetting a password. The user must remember only a single PIN number, rather than a dozen passwords. You can keep a database of these PINs, in case users forget their PIN numbers.
Keep in mind that each PIN will work with only one smart card. Therefore, if user A finds out user B’s PIN number, he won’t be able to log in as user B unless he also steals user B’s smart card. Likewise, if user A steals user B’s smart card, he can’t log in as user B unless he also knows user B’s PIN.
While I’m on the subject of data theft, I should also point out that disguising your data goes a long way to protect it. For example, if you have a sensitive memo that you don’t want anyone to read, don’t store it in the My Documents folder–that’s the first place a data thief will look. Instead, you might create a folder called BACKUP_DLLs and bury this folder beneath the WINNTSYSTEM32 directory. You can then change the name of the document from something like GOING_BANKRUPT.DOC to something a little less obvious, like 3C5X9.DLL. (I know of cases where this technique has gone a long way to hiding things like video games and resumes from former employers.)
Keep in mind that disguises won’t do a bit of good if your list of recently opened documents points to the name and location of the file you’re trying to hide. Therefore, after you work with the file, be sure to clear the list manually or by using one of the many utilities available from the Internet.
If for some reason you absolutely must use FAT, and you really want to be slick, you can create a hidden null directory. If you haven’t converted to NTFS yet, you can boot your system with a DOS disk (version 6.2 or earlier). At the command prompt, navigate to the location where you want to create the directory and enter the MD command followed by a space. Next, hold down the Alt key and enter the numbers 255 on the numeric keypad. Release the Alt key, and you’ll see an extra space appear after the space that you typed. Press Enter–and you’ve just created a null directory. What appears to be a space in the command is actually a null. You can only access the directory by entering the CD space ALT 255 command or by double-clicking on the folder. You can make the folder totally inaccessible through Windows 2000 by using a utility such as Norton’s Disk Editor to hide it. If you implement this technique, you’ll have to boot to DOS and copy the hidden data to a different folder before you’ll be able to work with it through Windows 2000. When you’re done working, you’ll have to boot do DOS again and move your data back to the hidden directory.
The final piece of the puzzle is encrypting your data. Windows 2000 contains everything you need to encrypt files on your hard disk. Of course, enabling encryption won’t do much good unless you follow a few basic rules. First, remember that encryption can only be implemented on NTFS partitions. Second, when you enable encryption on a directory, only new files that are added to the directory are encrypted. Existing files are left as is. Therefore, if you decide to use encryption, use the following procedure:
- Empty and then encrypt the documents folder.
- Once the folder has been encrypted, copy all your documents back into it. The documents will be encrypted upon doing so.
- Configure your applications to use an encrypted folder to store temporary files. An alternative is to empty and then encrypt the current temp folders.
- Set the security permissions to keep anyone except yourself and the administrator from removing the encryption.
- Use the SYSKEY utility to protect the private keys associated with the encryption process.
I’ll discuss these steps in detail in a future article.
Every time that I’ve ever spoken to a group or written about encryption, someone always says that they would never allow encryption, because if the employee leaves, the files would remain encrypted and therefore inaccessible. However, this is a myth. The administrator can recover such files by using a command-line tool called CIPHER.