Laptop Security

From YWAMKnowledgeBase

Keeping sensitive data secure is important, as sensitive data in the wrong hands is always a problem. But do we in YWAM know what is and what isn't sensitive information? When we do we can go about securing that information in a number of ways.

Although this is a general problem all computer users face, with the great numbers of laptop computers in our hands in the missions the chance for theft or other data loss to happen keeps increasing. That is why this article is directed to Laptop users although it applies across the board.

Contents 1 Laptop Security 1.1 Sensitive YWAM Information 2 Securing a Laptop 2.1 Preventing people from stealing your Laptop 2.2 Preventing others from accessing your data 2.3 Encrypting your Data 2.4 Sending Encrypted Emails

Laptop Security

Just what ought we to consider as "sensitive information" that requires securing?

If we take as a starting point that we have two categories:

1. Personal information (That is information that belongs to us only)
   
2. YWAM information (Information that belongs to YWAM only)
   

The first category is important to most users! However, when we think operationally we need primarily concern our selves with YWAM Information. However, many of our co-workers are also our friends. This means we communicate with them on a personal as well as business basis. Then, of course, we have our family and supporters we communicate with. And how easy can slip a little piece of information in there that might reveal something that just helps for someone to get a bigger picture... There is a strong case that if YWAM information needs to be made secure then ALL the information we have needs to be secure.

I would think that if we believe we require the highest level of security then we are out of scope with this article which needs to focus on the General Security that 90% of YWAMers need.

So what sensitive information falls into the second category? What should we be concerned that our colleagues should keep secure?

NOTE: Let's not forget that Mobile Phones and Handheld computers/Agendas can also be a security risk too!

Sensitive YWAM Information

1. YWAM Bank accounts and passwords
2. Passwords to YWAM websites
   
   • not only YWAM Websites, since many people are just using one password for everything like Personal / YWAM Website, MySpace, FaceBook, Blog, Forum, Second Life, etc. - even the same password as the login for the computer itself...
     
3. Confidential information about members of YWAM (Beliefs, Health etc)
   • YWAM and other organisations and churches we partner with
4. Reports about meetings (potential to reveal Names, Locations, Contact Details, Future Plans, etc.)
5. Projects / Outreach Plans (General Information)
6. Project Partner / Outreach Partner (Names, Locations, Contact Details, etc.)
7. Email communication
   • Emails reveal Names, Email Addresses, Information, etc. and user names / passwords for email accounts
   • Emails are always sent in plain text accross networks - if you don't want anyone to read it you will need to encrypt it before you send it!
   • Email Attachments
   • Email Address books
8. Mailing lists and address books for obvious reasons
9. Browser Bookmarks (and caches) can reveal interesting information as well as the Browsers History. Remember, Google, MS and others claim that they can find out if a person is male or female, age, hobbies, approx wages and other information just by logging the browsing habits.
10. Pictures can reveal a big deal.
    • It a recent U of N conference there was a person present who's image should not be published on websites or what ever other publications. It got specifically announced...

Securing a Laptop

There are several ways of securing your laptop.

Preventing people from stealing your Laptop

• 
  Buy a Laptop security cable. All laptops for the last 10 years have a little secuirty slot built in for a metal cable like this one to lock into (now LCD screens and Beamers have them). You lock the cable into your laptop at one end having passed the other end around a secure fixture. NOTE: I have never seen a YWAMer with one of these.

Preventing others from accessing your data

• Pick a good password and make sure that you log into your Desktop account with a password!
• Make sure you have a screensaver (even the blank screensaver)  with the option to insist upon a password to let you back into your account.
• Turn on the BIOS password option - then anyone wanting to start your machine will have to figure out what password you chose - they can't bypass this without removing the CMOS battery. (This is only prevents people who have quick access to your laptop)
• And of course make sure your computer is regularly backed up. The backup must be stored somewhere secure too!

Encrypting your Data

You can use TrueCrypt to encrypt a whole partion of your hard disc and/or make a very big file on your disk and then turn that into a new partition. Then you need to put all your data inside that encrypted drive.

You can also do Full Disk Encryption. This is where the entire hard disk is encrypted rather than a small part.

• You can purchase some laptops with the entire hard drive encrypted and secure... but you might have to search around for them!
• Microsoft Windows Vista (Ultimate or Enterprise editions only) includes a form of full disk encryption by the name of BitLocker Drive Encryption [1]
• You could install the latest version of Ubuntu Linux on your laptop as it comes with Full Disk Encryption. You could also buy a Linux Laptop (Dell offer some good ones) pre-installed but you might need to look around for someone to install it encrypted. There is a step-by-step guide to installing Linux onto a computer here [2].

Sending Encrypted Emails

This will keep the contents, but not the recipients addresses (obviously), secure during the transition of the email across the different mail servers till the recipient reads it.

1. It is a complex process and you will need specialised email software or special extensions for your current email. Thunderbird has a useful add-on called Enigmail that together with the GNU Privacy Guard (GnuPG) program can provide a good encrypted email system for Windows, Linux and Mac. Instructions available here.[3]
2. You software will create two keys. You own Private key (YOU MUST NEVER DIVULGE THIS, EXCEPT FOR LEGAL REASONS) and a Public key that should be passed around freely.
3. You will need to first of all securely share you Public key with the recipient and you must get a copy of their Public key too. Tip: don't send your key by email if you can but why not when you next meet copy their key onto a USB stick and pass them yours...
4. Once you have their key and you know for certain it is their key then you can sign their key with your Private key. This established a relationship of trust with that persons keys. Only now can you start encrypting mail with that person.
5. You then write and email and ask the mail program to encrypt it. It will ask you for a special passphrase arrange the encryption. Sometimes it will ask which key you wish to sign the email with. You choose your correspondents key. Then you send your mail to the recipient and no-one else will be able to read your messages.
6. The encryption is strong. Very Strong. It would take 1000's of hours of processor time by very large computers to crack it. However, it is almost certain that if a mail can not be cracked then the fact that you both are sending encrypted email to each other will almost definitely be noticed.