Need to secure my M11x

I'm leaving for the military, And I'm taking my M11x with me. I was wondering if anyone knows how I can lock this thing down like Ft. Knox So If someone Swipes it It would be absolutely useless for them.

I remember there being back door ways to log into windows- I need to disable all of those.

I'm going to lock down the BIOS so they cant switch boot drives and reinstall.

I was wondering if theres a way so they cant install windows on another hd and use that to boot the computer?

I'm pretty sure that you can see what i'm trying to do, I'm trying to make it if you don't have the PW this thing is nothing but a expensive paper weight.


Thanks in advance.

 

Use truecrypt and its whole disk encryption option. Do some research on it first.

But at the end of the day, if you loose possession of the machine, the bad guys get unlimited playtime with it, then you MUST consider the entire machine and its contents to be compromised. If you loose a machine, any on-board security will just slow down the bad guys. That is a basic cardinal rule of security; whoever owns the machine, pOwns the machine.

Again, BIOS security is ok, but if someone has physical possession of your machine it can be bypassed/reset. Only with a factory installed TPM do you have any chance of bricking a stolen machine. And what are you going to do, put a big sign on it that says "machine will brick itself if stolen"? That sure won't deter anyone who really wants to steal the thing. Criminals generally aren't as smart as you are, crimes of opportunity (as most thefts of personal property are) rarely make sense.

OTOH, do you really have enough 'secrets' to worry about and do you need to worry about the people around you? Paranoia is a horrible thing in that it poisons relationships that have to be based on trust (as in the military). And any court, civilian and/or military, can ORDER you to cough up the necessary passwords if they want them bad enough.

So considering all that, what do you really want to do? Were it me I'd use truecrypt/wde, register the machine with your unit as high-value personal property (serial numbers and photos) and let it go at that.

Oh, don't bother bringing your laptop to basic; no privacy, no places to lock up personal valuables. Leave it home until *after* you get to AIT or A-school or whatever.

 

GuardianEdge Technologies, Inc.
http://www.guardianedge.com/

Comply with Federal Standards and Regulations by Deploying EAL 4+ and FIPS 140-2 Certified Data Protection

GuardianEdge is the leading provider of endpoint data protection for the United States Government. The Data Protection Platform includes applications for hard disk encryption, removable storage encryption, advanced authentication, device control, and smartphone protection.


http://www.guardianedge.com/shared/ds/ds_disk_encryption.pdf

By deploying GuardianEdge Hard Disk Encryption, organizations can:

* Prevent data loss due to theft or accidental loss of laptop and desktop PCs by ensuring all data on the hard disk is encrypted
* Assure that intellectual property and sensitive or legally protected information is accessible only to authorized users
* Meet regulatory compliance requirements through strong, centrally managed encryption, including FIPS 140-2 certified and AES 128 bit/256 bit encryption

 

guardianedge=big bucks
truecrypt=free

 

Just wanted to throw GuardianEdge out there. Mainly because I hate it.. lol

 

Thanks for the help. Get it set up tonight.

 

A simple Kensington lock may also do wonders.

Instead of someone just stuffing your laptop inside his shirt, the thief have to hide the whole bed attached to the laptop.

 

LOL I got it looped around the bag. That may help. But a knife would take care of that. (although no one should have one)

arnt there programs where you would need a flash drive and plug it in. that kinda "unlocks" the computer?

 

A CAC (Common Access Card)

 

This. This really all you need. Most people in the military already have laptops anyway.

 

I'd suggest the program Predator. It uses a USB drive as a physical key for the computer. It's free btw.

 

they have lojack for laptops. so if the person steals it they can locate where it is. i read somewhere that the recovery rate is actually pretty good. you cant simply uninstall it either. it modifies the bios. you can also remotely delete the data from it if its stolen.

http://www.absolute.com/products/lojackforlaptops

 

I'm going to look into that Predator program and make multiple keys. I already have the BIOS locked so you have to enter my PW get boot anything. But the more security the better i guess!

 

keys get lost/stolen and the more complex a system is, the more ways it has to fail.

 

yeah I opted out of the key for that reason. Im sitting at the airport now. I'm sticking with the BIOS pw figuring the average joe won't be able to beat that.

 

Why not have both a login (user) BIOS password and an administration password to lock the computer. When someone turns on the computer they have to have a password to even get the laptop to boot. USB key lock would be a problem is something happens to it. Even yet you can buy an external fingerprint reader to lock the laptop.