|
Posted by Bad Beagle on November 8, 2006, 10:33 am
If you were Registered and logged in, you could reply and use other advanced thread options
I am trying to weigh the pros and cons of allowing a set of users in my
enviroment to use public wireless (hotel etc). These users are s specific
group (politicians). They are travelling to hotels with their laptops. The
laptops could contain sensitive data and do not currently have any form of
encryption etc. Does anyone have any recommendations on where to start or
what to implement before allowing wireless?
|
|
Posted by Malke on November 8, 2006, 11:48 am
If you were Registered and logged in, you could reply and use other advanced thread options
Bad Beagle wrote:
> I am trying to weigh the pros and cons of allowing a set of users in
> my
> enviroment to use public wireless (hotel etc). These users are s
> specific
> group (politicians). They are travelling to hotels with their
> laptops. The laptops could contain sensitive data and do not
> currently have any form of
> encryption etc. Does anyone have any recommendations on where to
> start or what to implement before allowing wireless?
I wouldn't. It would be better to either:
1. Give them a "travel hard drive" that has a basic install of the
operating system and some necessary programs and show them how to
switch hard drives. That way they never travel with the important drive
in the laptop.
2. Make an image of a plain install and an image of their current drive
and image the laptops with the plain install before they go on a trip.
Image back when they return.
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
|
|
Posted by Steve Riley [MSFT] on November 8, 2006, 11:47 pm
If you were Registered and logged in, you could reply and use other advanced thread options
What risks are you trying to mitigate? Someone attempting to attack the =
computer while it's online and connected to the hotel network? Or =
someone stealing the computer?
If the former, then there are two important steps required for =
mitigating the risk: enable the Windows firewall and make sure the =
computer is always kept current with all security updates.
If the latter, then you can use EFS to encrypt the files. But since =
these are politicians, who generally aren't tech-savvy, EFS presents an =
operational challenge -- you have to remember to store the files in the =
folders that you've enabled EFS on. If you can, maybe consider using =
Windows Vista (Ultimate or Enterprise editions) for the politicians. =
Those editions include a technology called BitLocker than can encrypt =
the entire volume transparently.
--=20
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
I am trying to weigh the pros and cons of allowing a set of users in =
my=20
enviroment to use public wireless (hotel etc). These users are s =
specific=20
group (politicians). They are travelling to hotels with their =
laptops. The=20
laptops could contain sensitive data and do not currently have any =
form of=20
encryption etc. Does anyone have any recommendations on where to =
start or=20
what to implement before allowing wireless?=20
------=_NextPart_000_0027_01C70377.285243E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<STYLE></STYLE>
<META content=3D"MSHTML 6.00.6000.16386" name=3DGENERATOR></HEAD>
<BODY id=3DMailContainerBody=20
style=3D"PADDING-RIGHT: 10px; PADDING-LEFT: 10px; FONT-SIZE: 10pt; =
COLOR: #000000; PADDING-TOP: 15px; FONT-FAMILY: Cambria"=20
bgColor=3D#ffffff leftMargin=3D0 topMargin=3D0 CanvasTabStop=3D"true" =
acc_role=3D"text"=20
name=3D"Compose message area">
<DIV>What risks are you trying to mitigate? Someone attempting to attack =
the=20
computer while it's online and connected to the hotel network? Or =
someone=20
stealing the computer?</DIV>
<DIV> </DIV>
<DIV>If the former, then there are two important steps required for =
mitigating=20
the risk: enable the Windows firewall and make sure the computer is =
always kept=20
current with all security updates.</DIV>
<DIV> </DIV>
<DIV>If the latter, then you can use EFS to encrypt the files. But since =
these=20
are politicians, who generally aren't tech-savvy, EFS presents an =
operational=20
challenge -- you have to remember to store the files in the folders that =
you've=20
enabled EFS on. If you can, maybe consider using Windows =
Vista (Ultimate or=20
Enterprise editions) for the politicians. Those editions include a=20
technology called BitLocker than can encrypt the entire volume=20
transparently.</DIV>
<DIV><BR>-- <BR>Steve Riley<BR><A =
title=3Dmailto:steve.riley@microsoft.com=20
R><A=20
title=3Dhttp://blogs.technet.com/steriley=20
href=3D"http://blogs.technet.com/steriley">http://blogs.technet.com/steri=
ley</A><BR><A=20
title=3Dhttp://www.protectyourwindowsnetwork.com/=20
href=3D"http://www.protectyourwindowsnetwork.com">http://www.protectyourw=
indowsnetwork.com</A></DIV>
<DIV> </DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Bad Beagle" <<A title=3Dmailto:maxwelli@nospam.postalias=20
=
t;=20
=
@TK2MSFTNGP02.phx.gbl</A>...</DIV>I=20
am trying to weigh the pros and cons of allowing a set of users in my=20
<BR>enviroment to use public wireless (hotel etc). These users =
are s=20
specific <BR>group (politicians). They are travelling to hotels =
with=20
their laptops. The <BR>laptops could contain sensitive data and =
do not=20
currently have any form of <BR>encryption etc. Does anyone have =
any=20
recommendations on where to start or <BR>what to implement before =
allowing=20
wireless? <BR><BR></BLOCKQUOTE></BODY></HTML>
------=
|
|
Posted by S. Pidgorny on November 9, 2006, 2:58 am
If you were Registered and logged in, you could reply and use other advanced thread options
> If the former, then there are two important steps required for mitigating
> the risk: enable the Windows firewall and make sure the computer is always
> kept current with all security updates.
I've done a PoC test of a reasonably hardened system and compromised it
using rogue wireless access point - combination of permissive settings for
the trusted sites and domain-aware Windows Firewall did the trick. Details
here:
http://sl.mvps.org/docs/RogueAP.htm
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
|
|
Posted by Roger Abell [MVP] on November 9, 2006, 10:21 am
If you were Registered and logged in, you could reply and use other advanced thread options
As I see it the challenges that remain, not covered by your good advise,
are largely "stupid user behavior" risk factors, but they are very real.
EFS or not, well-patched and without zero-day issues, the user can
(hence will with some statistical significance) invite a compromise
of the data from within their active login. In my view, if one cannot
get the users to take ownership of the problem then one only has an
unending trail of partial efforts, much like a big-daddy legal system
that attempts to protect its citizens with ever pickier, less-generalized,
rules and regulations.
Roger
What risks are you trying to mitigate? Someone attempting to attack the
computer while it's online and connected to the hotel network? Or someone
stealing the computer?
If the former, then there are two important steps required for mitigating
the risk: enable the Windows firewall and make sure the computer is always
kept current with all security updates.
If the latter, then you can use EFS to encrypt the files. But since these
are politicians, who generally aren't tech-savvy, EFS presents an
operational challenge -- you have to remember to store the files in the
folders that you've enabled EFS on. If you can, maybe consider using Windows
Vista (Ultimate or Enterprise editions) for the politicians. Those editions
include a technology called BitLocker than can encrypt the entire volume
transparently.
--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
I am trying to weigh the pros and cons of allowing a set of users in my
enviroment to use public wireless (hotel etc). These users are s specific
group (politicians). They are travelling to hotels with their laptops.
The
laptops could contain sensitive data and do not currently have any form of
encryption etc. Does anyone have any recommendations on where to start or
what to implement before allowing wireless?
|
| Similar Threads | Posted | | Microsoft 'recommendation' for virus protection | January 19, 2006, 11:47 am |
| Does anyone have a good recommendation for a legitimate/safe tool that monitors changes to the registry? | April 5, 2007, 10:16 am |
| RE: General PKI Question | July 8, 2005, 9:07 am |
| General VPN question | January 5, 2006, 4:35 am |
| General EFS Question | November 17, 2006, 10:16 am |
| IE6 and OE6 security in general | March 7, 2007, 4:16 pm |
| General Recommendations | April 25, 2007, 11:47 am |
| AVG 7/8 - general story | April 24, 2008, 12:21 pm |
| General Network Security question | October 19, 2005, 4:19 am |
| Network security general discussion | April 18, 2008, 12:24 pm |
|
XML site map