Encrypting the Disk 654 discs, and external drives. See Figure 1-3. The LE version creates multi- ple 25MB encrypted containers on your hard disk that you can load and unload as needed. You can view, modify, and hide all types of files with a single password. The product works with all current versions of Windows (including 95 and 98 as well as XP and Vista). Consult www. cypherix.com/cryptainerle for more information about the free version. Hardware-based disk encryption Most laptops include in their setup BIOS a means to set a password before you can access an installed hard drive; however, a number of hacker tools allow someone to determine this password and once someone has bypassed it, she can read everything on the drive. Full disk encryption Seagate’s Full Disk Encryption (FDE) system (introduced to consumers with its Momentus line of hard disks) and similar concepts are different in that the encryption key (the code that decrypts the data) isn’t stored on the drive or in the BIOS. No amount of physical attack on the machine by a hacker is going to locate a decryption key because it isn’t on the laptop. Figure 1-3: The Cryptainer control window allows creation of hidden volumes with complex passwords. 46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 654 Book IX Chapter 1 Traveling with a Laptop Encrypting the Disk 655 Under FDE, you’ve no need to initialize a new disk or to encrypt the full con- tents of a large drive when the software is added to an existing disk. All data is encrypted as it records, and according to Seagate the process occurs at full interface speed. In other words, no overhead is involved. Under software encryption schemes, if the key to the encryption software is compromised, you must change it. This usually involves completely decrypt- ing and re-encrypting the entire drive. Since the key to an FDE drive is locked into the hardware, it can’t be corrupted. Removable flash memory key Another option is to use a removable flash memory key that holds the decoding key for an encrypted disk. One such product is the PCKey from Kensington. The system combines an access key that plugs into the laptop’s USB port and holds the complex decoding key; you must enter a password into an onscreen form. Both are required before any user is permitted to use the machine and any network to which it connects. All data on the hard drive is encrypted by the PCKey system; when an appli- cation requests it, the encoded data passes through the PCKey filter and is decrypted for storage in the computer’s system memory for the applica- tion’s use. It’s re-encrypted when written back to the hard drive. The encryption algorithm for PCKey is quite strong and difficult to break; the loophole with this system appears if the laptop is up and running with the key in place and the password entered. In that situation, a thief could access all the data on the machine until turning it off. The solution: Remove the key and take it with you any time you walk away from your laptop. If you forget your password or lose the key, contact Kensington and answer a set of questions to obtain a replacement code. Adding the Sys Key utility You can add yet another layer of Microsoft-brand protection to your pass- words by adding the Sys Key utility to your Windows XP or Windows Vista laptop. Sys Key encrypts copies of user passwords stored on your hard drive and adds a more complex encryption scheme to basic passwords. See Figure 1-4. 46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 655 Encrypting the Disk 656 To Configure Windows System Key Protection, do the following: 1. Click Start ➪ Run. Run is a way to issue a command directly from a program that exists out- side the operating system. 2. Type syskey in the Run text box. 3. Press Enter. 4. Select the Encryption Enabled check box. The check box is in the Securing the Windows Account Database sec- tion. Enabling this option encrypts the password database and is the recommended setting. 5. Click Update. 6. Click Password Startup. This requires that a strong password start Windows. 7. Enter a complex password. The password should include a combination of upper- and lowercase let- ters, numbers, and symbols; the code should be at least 12 characters long, with a maximum of 128 characters. Figure 1-4: The Sys Key utility of Windows XP or Windows Vista adds extra layers of security to encrypted files and settings. 46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 656 Book IX Chapter 1 Traveling with a Laptop Keeping Panic in Check(list) 657 Keeping Panic in Check(list) What to do if, despite all your best efforts, your laptop really goes missing or your software becomes corrupted? Don’t spend too much time cursing, screaming, or crying; as good as it might feel, that won’t help, and time is a-wasting. Follow these steps: ✦ Call the boss. If the machine or software is owned by or related to a business, government agency, or any other organization, immediately notify your employer or legal department. They should have a plan to deal with the loss of confidential or other important information. ✦ List your data. Make notes about any data files you know are on your machine’s hard disk. Don’t forget: • Files you may have deleted but are still in the recycle bin • Backup copies of earlier editions of your documents (Many applica- tions, such as word processors, make these copies) • The contents of your e-mail folder ✦ Get the cops. Contact the local police or other law enforcement agency where the laptop was stolen or lost. File a complete report as soon as possible. Include a description of the brand and model as well as its serial number and other information. ✦ Jog your memory. Get your most recent set of backup files for the machine. (You’ve been making backups on a regular basis, right?) Use a borrowed or rented machine — if you’re sure that machine is secure — and refresh your memory about any confidential data that may have been on your laptop’s hard drive. ✦ Call all accounts. Contact your bank, credit card companies, and any other institution with which you have financial or personal accounts. They may put a notation on your account to be on the watch for fraud; they may close existing accounts; or they may disable your current user ID and password and ask that you create new ones. ✦ Write to your dear diary. Maintain a journal with model numbers, serial numbers, and an inventory of components and add-ons that you travel with. I have one copy of this list in my wallet and another copy with important papers in my office. Don’t bother to keep the list in the laptop’s carrying case; that probably won’t help at all. ✦ Admit to the admin. If you use your laptop with any networks that use password protection, notify the administrator; you may have to change user IDs and passwords. If you run your own wireless network in your home or office, make the changes yourself. 46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 657 Keeping Panic in Check(list) 658 ✦ Be fickle. Again. Change any user ID and passwords for e-mail and other applications that are automatically filled in by Windows or a built-in util- ity on your laptop; if you manually enter user IDs and passwords you can decide for yourself whether or not to make changes. ✦ Stake your claim. Notify your insurance company (or the administrator of your company or organization’s insurance) to file a claim for the loss of the laptop. Some policies include coverage for software application loss; most policies, though, don’t cover data loss. Have you taken out the recycling? One way to slightly reduce the risk of damage caused by a lost laptop: Get in the habit of clearing out the Recycle Bin each time you shut down the machine. That setting is available in the operating system. You can also use an IMAP mail server instead of a POP3 mail server so your e-mails aren’t stored locally on your laptop (but are instead kept on a central server). And you can also have applications like word processors not automatically create backups of files in progress. Each of these poli- cies has disadvantages, but they’re the safest way to treat data stored in a moveable (and los- able) laptop. 46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 658 Chapter 2: Guarding Against Intruders In This Chapter ߜ Locking the doors against electronic burglars ߜ Setting up and using a firewall ߜ Going with antivirus, antispam, and antispyware ߜ Getting a security suite ߜ Cleaning up after yourself H ere at the Department of Laptop Security, we’re very concerned that all road warriors understand and follow all our rules, regulations, sug- gestions, pleas, wishes, and hopes regarding one very important little detail: keeping the front and back doors closed and locked. That’s really what it comes down to. Although it seems so silly to some people, the fact is that an entire subspecies of humans devotes its every waking hour to (electronically) turning the door knobs and rattling the screen doors of laptop and desktop computers all over the world. Some do it for the sport, the computer equivalent of graffiti artists who get their jol- lies by defacing other people’s property. Some of them are in it for the money, looking to steal your bank account information and whatever other personal data you may have stored within your machine. In the previous chapter I discuss ways to hold onto your machine and pro- tect the contents of your hard drive in case the laptop is stolen or lost at sea (or from a car, or a plane, or a train, or otherwise misplaced). In this chapter, you explore ways to keep people from breaking into your machine from afar. Breaking and Entry, Laptop-Style Let me get one thing out of the way right at the start: If you bought a new laptop from a major manufacturer and ran it, unaltered, right out of the box, without ever connecting to the Internet, you’d have a very good — but not perfect — chance of never having to worry about computer viruses. And you’d have no reason to fear spam, malware, adware, spyware, or phishing. (I define each of these terms in a moment.) 47 140925-bk09ch02.qxp 4/8/08 12:53 PM Page 659 Breaking and Entry, Laptop-Style 660 In theory, a brand-new laptop from the factory comes equipped with Windows or another operating system and a basic set of applications that have been verified, scanned, checked, and otherwise given a close look-see by the manufacturer. It’s highly unlikely that the machine will arrive infected. As long as you use your machine in its unaltered state and completely avoid connecting to another computer, the Internet, or e-mail, your laptop is like the boy in the bubble: safe from infection . . . but also unable to fully experi- ence life. Table 2-1 reveals the ways a virgin machine can become sullied by disease and distress. I ranked threats in relative order of likelihood from very rare to very common. I awarded one star to the least likely culprits and as many as five to the biggest threats. Table 2-1 Threats to a New Machine Your Action How Likely It Is to Happen * Through the installation of an infected program supplied ૽ on a CD, DVD, or other media. As noted (see sidebar), this is rather unlikely; software makers are under orders from their lawyers and marketing departments to double- and triple-check for rogue code. A virus or other form of malware on a bootable disk ૽ installed in a floppy disk drive or other device. Relatively few current laptops have a floppy disk drive, and your system BIOS has to be set to boot from the drive to load the nasty code. Whoops Back in the early days of personal computing . . . and the early days of computer viruses . . . I received a new version of a personal finance program from a major software vendor, sent to me for review in PC Magazine, where I was executive editor. I installed the program on a machine and all of a sudden the machine began behaving strangely. I assumed it was a flaw with the new program itself until I rebooted the machine and an early antivirus program flashed a warning on my screen: My PC was infected. To make a long, sad story short: The financial software company had hired a service bureau to duplicate its product onto floppy disks (the medium of the time) and unbeknownst to all, their computers were infected. Today that’s pretty unlikely to reoccur . . . but not impossible. 47 140925-bk09ch02.qxp 4/8/08 12:53 PM Page 660 Book IX Chapter 2 Guarding Against Intruders Being Neighborly with a Firewall 661 Your Action How Likely It Is to Happen * Accepting a bootleg copy of a program or a shareware ૽૽ utility given you on a floppy disk, flash memory key, CD, or DVD. Installing onto your machine a data file that includes ૽૽૽ macros (like those available in word processors and spreadsheets) that include malware. By connecting to the Internet by a wired or wireless ૽૽૽ connection and downloading drivers, utilities, icons, and programs from sources you don’t know and trust. Downloading any active content (programs, utilities, ૽૽૽ animated icons, music, and more) through an instant messenger (IM) program. Accepting an offer from a pop-up screen on the Internet ૽૽૽૽ that offers a free program or utility that you didn’t request. Opening and running an attachment on an e-mail that you ૽૽૽૽ didn’t request or that comes from an unknown source. Clicking a link in an unsolicited e-mail. ૽૽૽૽ Opening your folders and files to others on a local area ૽૽૽૽ network or on a public network (like you might find at an Internet café). Not installing and enabling a capable firewall utility (or ૽૽૽૽ using the one built into current versions of Windows) and going online or onto a network. Though it isn’t a cause of infection, I reserve a special ૽૽૽૽૽ set of stars for anyone who operates a laptop without a capable and fully updated antivirus program in place. If you had a proper antivirus in place, chances are very good that it would prevent all the preceding infections. *One star is the least likely to happen; five stars means it’s one of the biggest threats. Being Neighborly with a Firewall Good fences, as Robert Frost observed, make good neighbors. In the case of computers, good fences help you distinguish between good neighbors and nasty intruders. The Internet is a fast-moving stream of billions of snippets of information called packets. The situation is made better (or much worse, depending on how you look at it) by bringing high-speed broadband connections to homes and offices on cable, DSL, and fiber-optic systems. In addition to the danger posed by the huge volume of data that moves on a broadband circuit, there’s also the fact that these connections are always on: Your machine is hooked 47 140925-bk09ch02.qxp 4/8/08 12:53 PM Page 661 Being Neighborly with a Firewall 662 up to the Internet all the time. A connected PC sticks an electronic toe into the stream looking for packets addressed to your address. And when you click an Internet link or send an e-mail, your machine is creating a packet with your return address. Hackers create viruses and other malware that fly around on the Internet, jig- gling the doors of tens of millions of PCs until they find one they can open. The odds of breaking in are low, but even a tiny percentage of success can make these miserable louts very happy. One of your laptop’s most important security program components is the enabling and use of a good firewall. The original term comes out of construction and automobile manufacturing: a solid physical barrier intended to stop the spread of a fire. In the world of computing, a firewall is a piece of hardware or software that stands guard between your laptop and the outside world. Its role is to inspect all network traffic that passes through it and decide whether to ✦ Block the data ✦ Allow it through based on a set of rules ✦ Halt data and display a message asking you to decide whether to proceed A firewall erects a defensive ring for your computer. It stands physically or logically at the point where data comes into an individual machine or an entire network; its primary purpose is to prevent unauthorized access to your machine. It can’t, however, protect against an assault that doesn’t go through the firewall. For example, if you load software from a CD or DVD, you’re inside the hardware fence. Several kinds of firewalls exist: ✦ Application gateway firewall (also known as a proxy), are the most common type of device. You can have the firewall check packets against a particular list of addresses or limit the actions of particular applica- tions. For example, the proxy could block downloads or prevent a packet from initiating a file deletion or change. ✦ Packet filters allow entrance only to packets from specified addresses. ✦ Circuit-level firewalls only permit communication with specific comput- ers and Internet service providers. ✦ Stateful inspection firewalls are the newest and most advanced design. These devices actually read the contents of packets and block those that are determined to be harmful or an unauthorized threat to privacy. 47 140925-bk09ch02.qxp 4/8/08 12:53 PM Page 662 Book IX Chapter 2 Guarding Against Intruders Being Neighborly with a Firewall 663 Why do you need both a firewall and an antivirus program? If you want to think in law enforcement terms, the firewall keeps any potential evildoers away from a place where they might try to commit a crime. An antivirus system stops a criminal act by someone who’s gotten past the wall with a weapon. Hardware firewalls Hardware firewalls are very effective because they literally are separated from the computer or network they protect. The incoming signals from a broadband modem connected to the Internet or from a local area network have to be approved by the firewall “appliance” before they get to a com- puter. You find hardware firewalls in many large companies and organiza- tions that can afford the cost of the device (from several hundred to several thousand dollars for a basic unit, rising from there based on the amount of traffic and number of machines protected) as well as the cost in payroll for a trained professional to manage the network. One intermediate step is to use a wired router that includes a basic firewall. These systems, though not quite as full-featured as a dedicated hardware firewall, add another fence where a network of computers link to each other and to a broadband modem. Router firewalls only provide protection from computers on the Internet, not from computers on the other side of the router: your local network. If a machine on the network becomes infected, it can easily spread a worm (a self-replicating piece of unwanted code that sends copies of itself to as many places as it can before it’s squashed) to other machines on the network. For that reason, you should also enable a software firewall on each machine. Software firewalls As a laptop user, a hardware firewall may protect you when you connect your portable computer (either by wire to an office network or wirelessly to a WiFi system). But most of the time you won’t have the hardware between you and the wild, wild Internet; instead you’ll use a piece of software intended to stand between your computer’s essential files and the outside world. Software firewalls (also called personal firewalls) can ✦ Be written as utilities within the operating system ✦ Be a package that sits in front of or behind the operating system to pro- tect the data on the machine ✦ Block incoming traffic based on a set of rules and exceptions you establish 47 140925-bk09ch02.qxp 4/8/08 12:53 PM Page 663 . www. cypherix.com/cryptainerle for more information about the free version. Hardware-based disk encryption Most laptops include in their setup BIOS a means to set a password before you can access an. filter and is decrypted for storage in the computer’s system memory for the applica- tion’s use. It’s re-encrypted when written back to the hard drive. The encryption algorithm for PCKey is quite. double- and triple-check for rogue code. A virus or other form of malware on a bootable disk ૽ installed in a floppy disk drive or other device. Relatively few current laptops have a floppy disk