Posted: 4/21/2008 10:02:34 AM EDT
|
So let’s say (hypothetically) you were a consultant and you were taking your laptop overseas. Let’s say you are working for a major corporation that is trying to open large operations in China. Let’s also say that their primary competitor is backed and supported by the .gov of China. If you were taking a laptop, and it was stolen, the e-mail alone could seriously compromise operations. So… Let’s say you are currently using secure e-mail from a third-party vendor. How would you secure your laptop? I plan on removing all documents, Outlook, and the .pst file from my laptop and then wiping it with a DOD approved program. Should I just use webmail going forward? Are there encryption programs strong enough to secure documents, outlook, etc. that a .gov with funding (and smart techs) couldn’t get into it? How can private businesses compete with a .gov that has huge resources? In case you are wondering, everything here is above-board, legal, and Kosher with our .gov. |
|
Encrypt the entire hard drive. There's programs that will do that. Even 128 bit encryption would take huge amounts of processing to brute-force decrypt. They'll be better off trying to guess the password, so make sure the password is a strong one (mixed case, numbers and special characters, and nothing that could be guessed - pets names, hobbies, yadda). Start here |
|
Does your company have a PKI infrastructure? XP - Vista - Win2k all have EFS built in. EFS = Encrypting file system. if all your documents are stored in your my documents navigate to c:\documents and settings\<your name> rt click on <your name> select the general tab, click "advanced" check the box that says "encrypt contents to secure data" This won't do you a bit of good if your outlook message store isn't in the standard place however. Also won't do any good if you don't store your files in your own folder, and instead somewhere else on a C or D drive. But you can encrypt those folders in the same fashion. There are certain prerequisites however. You need a certificate, which can be bought from verisign, or can be issues via your company's PKI server. |
|
www.pgp.com/ Bout the best stuff out there. No password = no info |
|
You are entering a very hostile environment -- please act accordingly. I would suggest: - back up the laptop - wipe the ENTIRE drive with a DOD-approved security program (random data - 7 or so times) - re-install the OS and patch it immediately - set up an admin account and a regular user account with strong passwords - install TrueCrypt - move any files you want back Once there, never let the laptop out of your sight. Trust no one. Assume that the bad guys are listening in on every connection. |
|
truecrypt 5.0 features full drive encryption. You dont have to wipe your HD and reinstall windows. Truecrypt does it on the fly! its fast and easy....this is the best thing you can do. www.truecrypt.org/ |
Only problem is EVERYTHING that leaves China on the Inet goes through a series of government owned firewalls. I did that solution as well till they started blocking IP's to my destination. I was able to routinely fix this as well by changing/adding IP's to my concentrator plus I have multiple concentrators. Encrypting everything at 128-bit is pretty solid. That being said - let's assume you have everything bullet proof from an encryption standpoint and everything required a password that was 16 characters of alpha-numeric plus extended characters, etc. They could still grab you and make you give up the password. (not likely to happen as I've worked in mainland China and it's not bad at all) Peace, Dean |
This is just hypothetical. Remember? It is not the actual situation... 
|
Hypothehetically speaking everything I say on ARFCOM is a purely theoretical. |
Our folks are in the ME. Never had to deal with China. They sound like assholes. Good luck. |
|
I would highly recommend Truecrypt. It's free, easy to use, and very good. If you're really paranoid read the documentation about hidden volumes and set one up. Basically it looks like you have one encrypted container, but there is another hidden one within. This way if you're forced to give up the password, they open the outer volume and see some files that look sensitive, but your real files are hidden in the inner, hidden, volume. |