Home > Articles > Laptop Security

Laptop Security

November 15th, 2010

I recently bought a used laptop for travel (called TRV), hardware redundancy, and use as an additional screen. Since I only paid $150 for it ($250 after a display upgrade), I can afford the dollar loss if the laptop is stolen and because it is redundant, it would not be a crimp in my ongoing operation.

However, during travel, I want access to what I need for customer support (ecommerce, past email correspondence, etc.). I also want access to my telephone book and website passwords. For about a month or so, I have been running my TRV computer with these kinds of app running on it. However, I was at great risk if the computer itself got stolen because of the data on it.

A second issue has come up this month, with the release of the FireSheep program. This is a password sniffer which can pull passwords from an unsecured wifi access point. Even more, it can hijack most sessions in an unsecured wifi access point because only the logon session is secured and not the entire session. These are not new vulnerabilities but the ease with which this can be done is alarming.

Websites and wifi access points can resolve the FireSheep vulnerabilities. Open relays used to be widespread but now secured access to SMTP is the norm. So too, secured wifi will likely become the norm as well. In the meantime (i.e. now), there is a risk using any public wifi using protocols that pass information in the clear.

I have now resolved both issues quite simply. Now, all of my apps run on my main computer. This computer never leaves my office. I then use remote desktop (RDP) to connect and have access to *all* my programs. There are no programs a thief can use to compromise me.

I have deleted my previous programs on TRV and then copied over a movie file to overwrite the sectors holding previous data.

To run RDP, the target computer must have Remote Desktop enabled (Computer Properties >> Remote Settings >> Remote >> Remote Desktop. I have to allow the less secure version because I am connecting XP to Windows 7. Even so, I have used a network sniffer to verify that the login is secure. I have not yet locked it down and will use

http://www.mobydisk.com/techres/securing_remote_desktop.html
http://articles.techrepublic.com.com/5100-10878_11-6166676.html

as guides.

To run RDP, enter “mstsc” in a Run command from the Start Menu. You may also find it in the Acce4ssorries folder in the Start Menu Programs folder.

I have a static IP address for my home system and have given it a domain name. Rhino Software used to offer a great, free service called DNS4me to ASP members but has decided to stop offering it. They are advising people at http://www.dns4me.com/ to consider http://www.dyndns.com/index1.html or http://www.no-ip.com/.

A downside of the RDP approach is that my laptop has essentially nothing useful on it unless it is connected to the internet. In particular, I cannot work on anything in an airline seat unless the airline provides wifi. I don’t expect this downtime to be a problem as having people in front of you recline their seats makes airline seat computing a dicey proposition anyway.

Annother issue with RDP approach is if you are using sound. For example, you want to use Skype. With RDP, the sound will go to main computer and then to the remote desktop, introducing delays and consuming bandwidth.

Articles

  1. November 16th, 2010 at 03:48 | #1

    Funny. I’d see it the other way round. I’ve simply encrypted my laptop’s hard disk and use encrypted connections for mail and FTP. I’d have nightmares if RDP was enabled on my development computer, thus leaving it potentially vulnerable against attacks.

  2. Dennis Reinhardt
    November 16th, 2010 at 22:58 | #2

    It sounds like you are running Win 7 Ultimate. My travel laptop is old and does not have enough memory to install Win 7. I am running XP on my laptop. My laptop is inherently insecure. So, I don’t store anything of value on it.

    Securing http everywhere is tough.

    Using open wifi can leave you open to session hijack.

    These last two considerations are what pushed me to using a secure connection for everything via RDP when I travel.

  3. November 17th, 2010 at 04:44 | #3

    No, my laptop is too old for Win7. I use a shareware to encrypt it. (Although nowdays you can also use TrueCrypt.)

    Right, you cannot securely use all sites. But all that matter to me. 😉

  4. December 3rd, 2010 at 15:12 | #4

    I tried to put together an RDP once and had a hard time with it. Thank you for sharing this info, I can now run the RDP that I need. The no-ip site is the best to use.

  5. June 15th, 2011 at 14:12 | #5

    An alternative is to set up a VPN. Windows 2003/2008 support it natively. You probably already have a network in the workplace. Through VPN you dialed into the network and your laptop is registered. Then you remote desktop to your workstation if required.

Comments are closed.