Secure data when you're on the road.Here's something to do the next time you're waiting in line at the airport security checkpoint (programming) checkpoint - Saving the current state of a program and its data, including intermediate results, to disk or other non-volatile storage, so that if interrupted the program could be restarted at the point at which the last checkpoint occurred. : Count how many of your fellow travelers fellow traveler n. One who sympathizes with or supports the tenets and program of an organized group, such as the Communist Party, without being a member. Noun 1. have a computer with them. On a recent business trip, I figured two out of three passengers were packing laptops. If your job description includes protecting your company's information, that 66 percent is a worrying statistic. This article describes some of the challenges businesses face as they struggle to keep mobile data secure, and provides some practical suggestions on how to achieve that goal. A tale of two hotels Just to clarify the scale of the problem, consider a couple of points. First, the Travel Industry Association of America (TIA (1) (Telecommunications Industry Association, Arlington, VA, www.tiaonline.org) A membership organization founded in 1988 that sets telecommunications standards worldwide. It was originally an EIA working group that was spun off and merged with the U.S. ) estimates Americans will make more than 140 million business person-trips in 2004. (The report defines a person-trip as one person traveling 50 miles or more, one way, for business purposes, away from home or including one or more nights away from home.) However, as you probably know from personal experience, business laptops also travel quite frequently on non-business trips, and the TIA estimates we'll take more than a billion of non-business trips in 2004. The second point, about which there are few statistics but some solid anecdotal evidence anecdotal evidence, n information obtained from personal accounts, examples, and observations. Usually not considered scientifically valid but may indicate areas for further investigation and research. , is that laptops are targeted by data thieves. Take the case of the research employee who flew to a conference in Europe and left her laptop in a hotel room for a few hours. During that time, the thief took the machine apart, removed the hard drive, cloned it, and reassembled the laptop. None of this was discovered until some time after the employee returned to the office. The value of the cloned data to a competitor? Several millions of dollars. It's unlikely anyone other than a competitor would have gone to that much trouble to acquire it so stealthily stealth·y adj. stealth·i·er, stealth·i·est Marked by or acting with quiet, caution, and secrecy intended to avoid notice. See Synonyms at secret. . Of course, breaking into hotel rooms is a risky business, which is why an unethical unethical said of conduct not conforming with professional ethics. competitor, or any other malicious interloper, might first try a much safer tactic: Access the victim's hard drive when he or she connects to the Internet from a hotel room. Unfortunately, at too many hotels today, this is an easy procedure. And, staying in an up-scale hotel isn't a guarantee that the hotel has taken measures to protect your data. Figure 1 shows a screen shot of Windows Explorer See Explorer. in the act of "exploring" guest computers connected to the Internet at a AAA AAA: see American Automobile Association. (Triple A) A common single-cell battery used in a myriad of electronic devices of all variety. Like its double A (AA) cousin, it provides 1.5 volts of DC power. When used in series, the voltage is multiplied. FourDiamond rated hotel in Washington, D.C. [FIGURE 1 OMITTED] There's a lot of potentially valuable information here. The machine appears to belong to someone in sales and marketing. The exposed files and folders could be a gold mine for a competitor. Ironically, the "good stuff" is usually easy to find because most of us label our files and folders in a logical way, thus providing a handy roadmap to an intruder An attacker that gains, or tries to gain, unauthorized access to a system. See attacker, intrusion and IDS. . A competitor might zero in on the "04estimates" folder or the "sales projections" document. Note that this type of industrial espionage industrial espionage Acquisition of trade secrets from business competitors. Industrial spying is a reaction to the efforts of many businesses to keep secret their designs, formulas, manufacturing processes, research, and future plans. doesn't require sophisticated backing tools, just a basic knowledge of Windows and its built-in capabilities. Obviously, this hotel has a security problem. But, it isn't the kind of security problem hotels normally worry about--making sure guests are physically secure--but it's a security problem nonetheless. Before I discuss how to solve this problem, it's helpful to understand how the problem arose in the first place. The most likely answer is probably the simplest one: Nobody thought about what would happen if, in order to provide guest rooms and meeting rooms with high-speed Internet See broadband. access, you connected all of the rooms to a network that was then connected to the Internet. After all, that's how many offices, and an increasing percentage of U.S. households, connect to the Internet, right? Indeed, computer networks were invented to let machines share expensive resources, from mass storage to expensive printers to broadband Internet See broadband. uplinks. The problem arises when you try to apply a traditional "open" network architecture to a hotel facility. Hotel guests aren't the same as coworkers or family members, and they need a different kind of network: one that's "closed," allowing them to access the Internet without exposing their hard drives to strangers. Unfortunately, failure to provide a closed network in a place like a hotel produces problems that go beyond industrial espionage. In Figure 2 you can see a guest computer at another up-market hotel, during a medical conference. You don't need to be an expert in the privacy regulations imposed by HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, to know that this screen shot could be evidence of, or a prelude to, a privacy violation. [FIGURE 2 OMITTED] As in Figure 1, the names of the folders and files tell the story: Data that should be private is exposed to strangers. Bear in mind that in some hotels, where there is wireless Internet connectivity, those strangers aren't just other guests but can include someone parked outside with a Wi-Fi laptop. Indeed, the Washington hotel I mentioned earlier had the signal on its wireless access points turned up so high you could log on from two blocks away. How could someone who isn't a guest log on to the hotel network? The answer is depressingly simple: Because the hotel provides the wireless service to guests at no charge, the hotel skipped the authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. process completely and requires no room number, no access code, nothing. Defensive measures Fortunately, not all hotels are like that. At the end of the article you will find some tips on finding less dangerous places for you and your data to stay when you are on the road. However, it isn't fair to lay all of the blame for egregious e·gre·gious adj. Conspicuously bad or offensive. See Synonyms at flagrant. [From Latin security lapses like those in Figures 1 and 2 on the hotels. If the owners of those machines had used some basic precautions, their files wouldn't have been so exposed. Even though the lax security of the network would have let an attacker probe for holes, two simple measures could have kept them out. You would be well-advised to use these measures yourself when traveling with your company laptop, and establish them as company policy if you're responsible for the security of company data. First, turn off file and printer sharing An operational state in a computer that lets other users in the network copy files and use the printer. See file sharing. . You might use file and printer sharing on your laptop when you're plugged into the office network, but you either don't need them or shouldn't use them when you're connecting to the Internet from a hotel or wireless hotspot. In these scenarios, file and print sharing only serve to make it easier for someone to get to your hard drive. Second, install a personal firewall on the laptop and turn it on. Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. comes with a firewall built in, but it isn't turned on by default. When you leave the office, the XP firewall should be turned on, and you should probably supplement it with a good third-party personal firewall (a must for operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. other than Windows XP). Both Zone Labs ZoneAlarm (http://www.zonelabs.com) and Sygate Personal Firewall (http://www.sygate.com) work well without asking too much of the user. You can check how well these two measures work before you go on the road by using one of the testing services, such as Sygate's S.O.S. test (http://scan.sygate.com) or Shields Up Shields Up is a port scanning service created by Steve Gibson and hosted at [https://www.grc.com/x/ne.dll?bh0bkyd2 grc.com]. The purpose of this utility is to alert the users of any ports that have been opened through their firewalls or through their NAT routers. (http://www.grc.com). If your laptop is properly configured for travel it should pass these tests and be a lot harder for others to detect or explore than the ones shown in the figures. Indeed, although the hotels at which those screen shots were taken were clearly doing a poor job of protecting the data on their guests' computers, the guests themselves should have been doing a better job, too. If a lawsuit were to result from the harmful expo sure of sensitive information on one of these machines, it's hard to say where the courts would lay the bulk of the blame. Attorneys for the plaintiff, with their natural tendency to look for deep pockets, might try to pin blame on the hotel, but the owner of the computer could also be judged negligent for failing to take either of the two basic security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security I recommended. Going further If you're serious about the security of your information, there are five more measures you should take. The first of these is something you must do before you leave for the airport: Back up your data. Having a laptop stolen while traveling is bad enough, but failing to keep a replacement copy of your data only adds insult to injury. The second additional measure is more of a strategy: Decide which data on your laptop is the most valuable, then 1) store it on removable media In computer storage, removable media refers to storage media which can be removed from its reader device, conferring portability on the data it carries. A removable drive is a reader device for such media. , and/or 2) consider leaving it behind. Nowadays, you can store hundreds of megabytes of data on a removable card device the size of a postage stamp postage stamp, government stamp affixed to mail to indicate payment of postage. The term includes stamps printed or embossed on postcards and envelopes as well as the adhesive labels. . Why not use one of these for your most important documents and keep it separate from the laptop when you aren't using it? Or, leave the really valuable data back at the office, behind the company firewall, where you can access it via Virtual Private Network (VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. ). Which brings me to the third extra precaution: using a VPN. When you're on the road, you shouldn't be checking e-mail through an unencrypted link. Your company should provide VPN access to corporate e-mail so none of the messages are transmitted "in the clear." Likewise, remote access to data and applications on company servers should be via a VPN (the hotel Internet service provider Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. for which I work, STSN STSN Seaman, Sonar Technician Striker (Naval Rating) STSN Set and Test Sequence Number , actually certifies corporate VPNs to make sure they work properly at hotels that use STSN for broadband connectivity). The fourth precaution is to run an anti-virus application that has been freshly updated. In fact, some VPN clients can be configured to deny access to machines that don't have current anti-virus installed and operational. They can even check to make sure you have an active firewall in place. The final precaution is a lot less technical: Don't leave your laptop unattended. If you can't stand the thought of taking it to dinner with you, put it in the safe in your hotel room. If there isn't a safe in the room, the front office will have one you can use. If you choose to lock your laptop in the trunk of your rental car, but do this before you reach your destination (yes, some thieves do watch restaurant parking lots to learn which trunks to pop). Final steps All these measures make sense regardless of where you travel, but you can further boost the security of your mobile data if you stay at hotels that use a "closed" network, as opposed to the "open" ones shown earlier. As companies continue to tighten their perimeter security, fine-tuning their firewalls and access controls, the bad guys are bound to keep looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. the weak link, the easy way in. Increasingly, the chink in the enterprise security armor is the laptop that leaves the office. Now is the time to make sure yours is well-protected. MOBILE BUSINESS BENEFITS Unlike the servers and desktop machines back at the office, laptops on the road are beyond the control of the IT department. Each one represents a bundle of valuable data and, in many cases, a set of keys to the enterprise network (in the form of remote access credentials). What measures are you taking to protect that data? TAKE AWAYS Here are seven steps you can take to protect your data while you're on the road: 1. Turn off file and printer sharing. 2. Install a personal firewall on the laptop and turn it on. 3. Back up your data. 4. Decide which data on your laptop is the most valuable, then 1) store it on removable media, and/or 2) consider leaving it behind. 5. Implement and use a virtual private network (VPN). 6. Install an anti-virus application and keep it updated. 7. Don't leave your laptop unattended. Stephen Cobb, CISSP (Certified Information Systems Security Professional) The award for successful completion of an examination in computer security administered by the International Information Systems Security Certification Consortium (ISC)2. , is the author of "Privacy for Business" and the chief security executive of STSN, which supplies wired and wireless broadband High-speed wireless transmission of data. What is "high" speed is always a changing number. Wireless systems are typically slower than land-based, wireline networks. In the past, wireless broadband started at 250 Kbps, whereas land-based broadband was generally considered to start at T1 to business travelers via a hotel network architecture that's so different from a typical network that it recently received its own patent. All of the hotels listed at http://www.stsn.com/hotel_locator.php use a closed network. scobb@stsn.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion