This blog is my attempt to share information with faculty, introducing new apps, websites, or other snippets of information that may be of use to faculty. I am also using it to keep track of projects I'm working on that might be good to reference in the future.

Sunday, March 24, 2013

Safeguarding Laptop - Part 5 (BIOS Security and Encryption)

One of my projects for Spring Break was to figure out how to cost effectively secure my PC (and then share with other users at school).  After doing some thinking these are the things I wanted to do:
1) Label mobile devices so they can be returned if lost.
2) Backup my system regularly - to include data, passwords, etc.
3) Find a system to track my device/laptop if it gets stolen, or misplaced.
4) Set up a firewall to block incoming and outgoing traffic I don't want (make it more secure)
5) Look into encryption software, or a way to ensure my data doesn't get out if I do have my laptop stolen. Do I use a BIOS password, software, an online password storage/retrieval system.
6) Determine what other security software I may need.

I also wanted to do this for my other mobile devices (phone, tablet) and not just my laptop.

Here is part five.....

Safeguarding Laptop - Part 5

Part five was to look into some type of encryption and see about using the BIOS features to help lock down the laptop.  

Using BIOS features:
In the Dell Latitude computers we have at school you can set passwords in the BIOS.  The Admin Password is what is needed to change BIOS and some options.  I set this password for my PC, and you only have to enter it when you go into change the BIOS setup.

If you set the System password you will have to enter the password whenever you start up your computer.  While this is more secure, it is not practical for everyday use.  If we were a business or military and more concerned with security then you might want to set the system password as well.  

With the Admin password set, I then went into the Boot Sequence and selected only Internal HDD, so that the computer will only boot from the internal hard drive.  This way if the computer is stolen, the thief would not be able to boot from a USB or DVD and wipe your hard drive, or look at your hard  drive.    There is an option for Hard drive password, which encrypts your hard drive and then requires a password anytime you try to first access the hard drive - so even if you move the hard drive to another computer, they won't be able to access it without the password.

Encryption Software:

There are several free encryption tools that you can use, with several options, if you feel the need for security if great enough.  You can encrypt either a folder (say MyDocuments), a drive or your whole computer/Windows setup.  While encrypting the whole Windows drive is the most secure, it also involves a some technical efficiency and is not something you should undertake if you are uncomfortable delving into the innards of your computer.  

Some software you can use are....
- TrueCrypt: A free program that can encrypt a full system all the way down to specific files/folders.
- Cypherix LE: This is another free program that can encrypt full drives, such as USB or external hard drives.  If you repartition your hard drive and create a volume just to store data, then you can use this to protect all your files on that partitioned drive.  You could also do that with TrueCrypt.

There are also some paid programs you can try in which you could get tech support if problems arise.  Freeware can also provide you with tech support, but response time may not be as quick.

My level of security I did not feel that I needed to encrypt the hard drive (or MyDocuments) at this point.  So I will not be installing any encryption software at this point....but that may change in the future.

Post a Comment