LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/Mobile-Guide/html/mobile-guide-p5c1s6-theft-p...

488 lines
12 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>Theft Protection</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Linux on the Road"
HREF="index.html"><LINK
REL="UP"
TITLE="Different Environments"
HREF="mobile-guide-p5c1-different-environments.html"><LINK
REL="PREVIOUS"
TITLE="Security in Different Environments"
HREF="mobile-guide-p5c1s5-security-in-different-environments.html"><LINK
REL="NEXT"
TITLE="Dealing with Down Times (Cron Jobs)"
HREF="mobile-guide-p5c1s7-dealing-with-down-times.html"></HEAD
><BODY
CLASS="sect1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux on the Road: </TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="mobile-guide-p5c1s5-security-in-different-environments.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 15. Different Environments</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="mobile-guide-p5c1s7-dealing-with-down-times.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="mobile-guide-p5c1s6-theft-protection"
></A
>15.8. Theft Protection</H1
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN4372"
></A
>15.8.1. Means to Protect the Data</H2
><P
>&#13;
<P
></P
><OL
TYPE="1"
><LI
><P
>&#13; Encryption: the Linux Kernel offers different options.
This
<A
HREF="http://shappyhopper.co.uk/b2154/sharedencryptedhowto.cgi"
TARGET="_top"
>Encrypted dual boot single hard drive system HOWTO</A
>,
explains how to secure your system using nothing but Free Software.
It was primarily written for people with a dual boot laptop, describing
free tools to encrypt Microsoft Windows as well as Linux partitions.
</P
></LI
><LI
><P
>&#13; Here are some
<A
HREF="http://tuxmobil.org/smart_linux.html"
TARGET="_top"
>Linux guides for laptops with built-in SmartCard-Reader</A
>.
</P
></LI
><LI
><P
>&#13; User passwords: can be easily bypassed if the intruder gets physical
access to your machine.
</P
></LI
><LI
><P
>&#13; Hard Disk Passwords:
</P
></LI
><LI
><P
>&#13; BIOS passwords: are easily crackable at least with older laptop models.
Some manufacturers have now a second boot password (IBM).
</P
><P
>&#13; If you use a BIOS password/boot loader security, ADVERTISE IT! Paste a
sticker (or tape a piece of paper) on the top of your laptop, saying
something like:
</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="programlisting"
>&#13; WARNING
This laptop is password protected. The password can only be removed
by an authorized [manufacturer's name] technician presented with
proof of ownership. So don't even think of stealing it, because
it won't do you any good.
</PRE
></FONT
></TD
></TR
></TABLE
></LI
><LI
><P
>&#13; Before you buy a second hand machine, check whether the machine seems to
be stolen. I have provided a survey of
<A
HREF="http://tuxmobil.org/stolen_laptops.html"
TARGET="_top"
>databases for stolen laptops</A
>.
</P
></LI
></OL
>
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN4393"
></A
>15.8.2. Means to Protect the Hardware</H2
><P
>&#13;
<P
></P
><OL
TYPE="1"
><LI
><P
>&#13; Laptop lock: Almost all (if not all) of the new laptops come with a slot
for the lock, and if yours doesn't have one, most locks come with a kit
to add a slot. One of Targus' Defcon locks even has a motion sensor,
so you don't have to lock it up to a secure place, if you don't have
one around.
</P
><P
>&#13; The only drawback that I can think of is that it takes a couple extra
seconds to set up or pack up your laptop. It takes about 30 seconds to
snap into place and makes it impossible to quickly walk away with the
laptop. It won't stop a determined thief with the time to unscrew the
legs of the desk or one that wanders around with a substantial pair of
wire cutters in hand, but I feel pretty secure leaving the laptop on my
desk while I go to meetings or lunch.
</P
><P
>&#13; Well known manufacturers of dedicated laptop locks are
<A
HREF="http://www.kensignton.com"
TARGET="_top"
>Kensignton</A
>
and TARGUS.
</P
></LI
><LI
><P
>&#13; Name plates: to reduce the possibility of theft, you may want to have a
nameplate (name, phone, e-mail, address) made and affixed to the cover
of the laptop. A nice one will cost you about $12, and can be made by
any good trophy shop. They'll glue it on for you too. You could use
double-sided tape instead, but glue is more permanent. So it's easy to
return, but will look beaten and abused if these are removed. You may
even make an engravement into the laptop cover (inside). And even better
into every removable part (hard disk, battery, CD/DVD drive, power
unit). If this machine ever gets to a repair office, I might get the
machine back. Make sure you remember to update the plates if you move.
</P
><P
>&#13; If you don't mind marking up a piece of equipment worth several thousand
dollars, make sure your laptop has some distinguishing feature that is
easily recognizable, e.g. a bunch of stickers pasted on it. Not only
does it make your laptop easier to recognize, my guess is that people
would be less likely to steal it.
</P
><P
>&#13; It might even be useful to have a sticker that clearly says <SPAN
CLASS="QUOTE"
>"Does
Not Run Windows"</SPAN
>. This is at least an argument for having your
bootloader stop at the bootloader prompt, rather than mosey onwards into
a colorful XDM login.
</P
></LI
><LI
><P
>&#13; Link <B
CLASS="command"
>xlock</B
> to <B
CLASS="command"
>apm</B
> services. What
about setting a system such as when the laptop is unused for a while,
instead of using normal apm service and suspend the machine, makes it
run an xlock, disable the apm services in a way such that they do not
suspend the machine automatically and start a 'laptop-protection
daemon'. When the xlock disappears, the daemon is stopped and the apm
services are restarted (so you might use the apm services yourself).
</P
><P
>&#13; In the case somebody unplugs the machine while under the xlock (without
giving the password), then the daemon would detect it and could start
doing some preventive action, such as:
- playing a sound with maximum volume saying "I am getting stolen".
- this daemon could also register to a fixed local server and do a ping
every now and then. If the ping stops before the daemon unregister to
the server, then server then can take other actions, such as sending
SMS message, starting a video camera, in the room, etc. The apm
services down would make the stealer unable to use the hot keys to
suspend/stop the machine, isn't it?
</P
></LI
><LI
><P
>&#13; You can change the <SPAN
CLASS="QUOTE"
>"pollution preventer"</SPAN
> logo at startup on
AWARD BIOSES. See instructions from
<A
HREF="http://geggus.net/sven/linux-bootlogo.html"
TARGET="_top"
>Sven Geggus</A
>.
For IBM ThinkPads there is a dedicated DOS utility for burning
your bizcard data into the BIOS boot screen.
</P
></LI
><LI
><P
>&#13; Boot loader: a boot loader may be used to put your name and phone number
(or whatever text you choose) into the boot sequence before the
operating system is loaded. This provides a label that can't be removed
by editing files or even doing a simple format of the harddisk. Some
boot loaders (e.g. LILO) offer a password option, which is highly
recommend (note without it's very easy to get root access).
</P
></LI
><LI
><P
>&#13; Camouflage: if you carry a dedicated laptop bag, this can be spotted by
a thief easily. So think about getting another kind of bag.
</P
></LI
><LI
><P
>&#13; Serial Number: note the serial number in a secure place. This will be
necessary if your laptop gets stolen.
</P
></LI
><LI
><P
>&#13; Insurance: There are some dedicated insurances, see my page
<A
HREF="http://tuxmobil.org/stolen_laptops.html"
TARGET="_top"
>Database of Stolen Laptops</A
>.
</P
></LI
><LI
><P
>&#13; Use of software that connects and identifies itself: As far as I know
there was an old DOS utility that did something like this. It embedded
itself into the bootsector and upon a certain keycombination it would throw a
serial number onto the screen and play an audio code through the speaker
(in case th monitor was no longer usable for whatever reason). You were
supposed to register the serial number with the company that produced
the utility.
</P
><P
>&#13; The laptop can send a mail with its real IP address if connected (mail
with a print of <B
CLASS="command"
>ifconfig</B
> started by
<TT
CLASS="filename"
>/etc/ppp/ip-up</TT
> or by a <B
CLASS="command"
>cron</B
> job
(if connected at a company-network).
</P
></LI
><LI
><P
>&#13; Always remove the external devices and secure them in another
place/room. Set the BIOS to boot on the hard disk first as a default
setting and remove boot on other devices if possible. Also try to plug
the power supply in the least accessible plug. So if your machine get
stolen in your office the 'quick way' (e.g. during a 5 sec. cigarette
break), the stealer won't perhaps have time to get the power supply,
neither the time to get the drives. Perhaps he/she will end up with a
less useful laptop and you may recover it.
</P
></LI
><LI
><P
>&#13; Electronic Devices (Transponders): There are also devices available,
which can be detected remote via satellites, see my page
<A
HREF="http://tuxmobil.org/stolen_laptops.html"
TARGET="_top"
>about stolen laptops</A
> for a survey.
</P
></LI
></OL
>
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN4436"
></A
>15.8.3. The Day After</H2
><P
>&#13; Your primary goal is to prevent your laptop from being stolen in the
first place. Your secondary goal is to recover it after it is stolen.
Report it to the police station ASAP. Check the local newsgroup (in
case...) or even post in it.
</P
><P
>&#13; I have provided a
<A
HREF="http://tuxmobil.org/stolen_laptops.html"
TARGET="_top"
>survey of databases for stolen laptops</A
>.
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN4441"
></A
>15.8.4. Resources</H2
><P
>&#13; The chapter about theft protection has taken some advantages of ideas
of Lionel "Trollhunter" Bouchpan-Lerust-Juery and a discussion, which has
taken place in the
<A
HREF="http://www.debian.org/MailingLists/subscribe"
TARGET="_top"
>debian-laptop</A
>
mailing list in January 2001.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="mobile-guide-p5c1s5-security-in-different-environments.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="mobile-guide-p5c1s7-dealing-with-down-times.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Security in Different Environments</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="mobile-guide-p5c1-different-environments.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Dealing with Down Times (Cron Jobs)</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink