Protecting Your LaptopBy David Strom | Posted 2008-06-26 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
With the number of safeguards built into most of Today’s computers, there’s no excuse for not protecting your laptop—and your company’s data.
It may take a stolen or misplaced laptop for you to realize how easy it is for your company’s data to fall into the wrong hands when you travel. There really is no excuse for this, given the number of protective measures built into most computers these days. The key, of course, is to use these tools before an incident happens.
There are several ways to make your laptop more secure. Both Windows Vista and the latest Macintosh operating systems come with disk-encryption technology, called BitLocker and FileVault, respectively. These will automatically encrypt everything on your hard disk and will require you to use a log-in password before you can gain access to the machine.
However, these technologies depend on a simple password for access—a password that can be forgotten or guessed. An alternative is to use disk-encryption software, from vendors such as PGP, which protects the contents of your computer with more sophisticated cryptography using public/private key-encryption techniques.
An even better solution is to use your fingerprint for access. Many years ago, Microsoft sold a mouse that came with a fingerprint scanner, but the model was discontinued. Several vendors offer add-on USB readers, and there are even USB thumb drives, such those as from BioStik.com, that use fingerprint scanners to access the data on the drive.
It makes more sense to buy a laptop that comes preinstalled with a scanner so a simple swipe is all that’s needed to allow access to your entire machine. Typically, these products check your fingerprint before the machine will continue its power-on or boot-up process.
This means you can’t gain access to anything on the laptop before you swipe your finger. When you buy a new laptop or install the software, you “train” the product to recognize one or more of your fingerprints by moving the designated fingers over the scanning surface, which is about half the size of a typewriter key cap.
The scanners are easy to set up and train, and some vendors offer more sophisticated, integrated software that can tie in to other resources that are normally password-protected, such as Web sites, wireless access points and even encrypted files. The idea is to make it easy to access confidential information, without having to remember a series of passwords, and to be able to use something you don’t have to worry about losing or forgetting.
Other scanners are more sophisticated, and incorporate software that enables you to use a fingerprint as a way to log on to your corporate Active Directory identity, too.
Lenovo’s ThinkPad has long had built-in fingerprint scanners on its laptops, but what’s new is better, deeper integration for its Client Security Solution, special software that Lenovo includes on most of its laptops. This software can be integrated into Microsoft’s Active Directory for authentication.
The ThinkPad includes Ultimaco’s disk-encryption tool so you can further protect sensitive files. It also supports the Trusted Platform Module, a special security chip that manages encryption keys and other security measures, is isolated from Windows and is designed to be tamper-resistant. The TPM is included in most major laptops that have been sold in the past several years, and it forms the basis of other endpoint security measures from the Trusted Computing Group.
On some of its IdeaPad laptops, Lenovo also includes VeriFace. With this technology, all you have to do is put your face in front of the built-in camera to verify who you are.
Toshiba’s EasyGuard security software has a similar range of security solutions, including support for its fingerprint scanner, multiple-level password protection and the TPM. It is available on both Toshiba’s Tecra and Portege models.
Dell’s Latitude D820, D620 and D420 notebooks and Precision M65 can be configured with the optional UPEK fingerprint scanners. These use the Embassy Trust Suite software from Wave Systems, which also works with the TPM chip for endpoint security.
Hewlett-Packard incorporates Bioscrypt’s VeriSoft Access Manager into some of its systems. The fingerprint scanner identifies the user and controls access to Windows or other secure systems. The only problem is that it is hard to figure out which models come with the option when you configure and order them online from HP’s Web site.
Acer’s entire Travelmate line and some of its Aspire models have what the company calls its Bio-Protection fingerprint readers.
Fujitsu’s Lifebook models S2210, P7120 and A6120 come equipped with fingerprint scanners.
Tablet vendor Motion Computing also includes a fingerprint reader on its machines. The technology, which is made by AuthenTec using software from OmniPass, can connect to a variety of enterprise and Internet authentication services, such as terminal services, VPNs and database servers. Using the TPM chip, OmniPass also can be used to encrypt local files stored on a laptop.
Clearly, there are no acceptable excuses for failing to protect your laptop and the vital information it contains.