Thursday, May 20, 2010

Lessons I learnt when my laptop was stolen

Before we go ahead, lets go over a "What if" condition -
"Right now, some stranger has access to your personal laptop and they are going over everything you have on the hard drive".

Enough to send chills through my spine, how about you ?

Replace laptop with "Backup storage" or "Desktop" to get the desired effect 8-)

Recently my house was broken into, and along with other valuables, they took my beloved Thinkpad (Yes, I love those plain black no-nonsense machines).

It had a lot of personal & important information..

Its been almost a month, and it still drives me crazy.

o.k. enough of rambling, let me get you to the meat of the story -

Lessons
As most of you, my laptop didn't have any encryption.
The only safety it had was my password and luckily fingerprint scanner. This is one reason I liked thinkpads.
You can have a pretty long & complicated password, but at the same time have fingerprint authentication. Hence when you want to login to your computer, you just swipe your finger and you are in.
For anyone who wants to breakin to the computer they have an uphill battle.

Coming back to encryption, I should have had atleast a very rudimentary encryption enabled, so that even if someone gets in, they have to have basic skills to get to your data.

There are a number of ideas which you can employ, and I want to get this out, so all my friends can implement them -

1.) Hide your personal folders
I know, this sounds extremely lame, especially for all who have grown with computers.
But you will be surprised how many people don't know how to "unhide" a folder.
I'm talking about PCs here.
Here is another reason - Someone who is into breaking in hopefully isn't as skilled as the above.

This is the minimum ! I'm kicking myself for not doing even this.

2.) Truecrypt
Did you know that there is a free encryption program available on the internet, which you can use to encrypt a part or whole of your harddrive or your backup USB drive ?

Well neither did I.

I started looking into it after the breakin and discovered Truecrypt
You can learn more by clicking on the link above.
Go over this step-by-step process to create a secure directory on your harddrive which is encrypted and private only to you.

For geeks like me who want to get into the details of everything, there is this nice comparison of features.

If you are going to buy a new laptop, you have two more options - Hardware encryption & Bitlocker.
Bitlocker only comes with Windows 7 ultimate.
Hardware encryption as shown below.

3.) Use an encrypted harddrive
There is a saying - "Once your tongue is burnt my hot milk, you will make sure that butter milk is cold". (Sorry for the ghastly translation, but I guess you get it - butter milk is never served hot).

Hence, I wasn't satisfied with software encryption, and wanted to get something -
a.) more robust
b.) more unobstrusive
c.) Better performance (There is nothing called "too fast" 8-) )

God answered - Hardware encryption 8-)

Since I was buying a new laptop, I wanted to see if there are laptops which inherently provide hardware encryption, something built into the system.
The answer is SED - Self encrypting drives, a.k.a (Toshiba HDD) FED : Full Encrypted Disks (Seagate).

In FED's the encryption key exists with the harddrive controller itself and is not exposed to your computer/OS or even you. The key is stored by the controller on the harddrive at a secret location.
Also encryption cannot be disabled on them.
The next logical question that comes to mind is - How in the world do I access my own files if I don't have the encryption key ?!!
Valid question, the crux is, you have to enable a hardrive password.
This password is in the BIOS.

FEDs solved an important concern of mine - A lot of HDD have passwords so you can't boot from them. However, stick the HDD as a secondary on a separate computer, and boom, you have access to all its data.

In the case of FED, if you stick the drive as secondary, all you see is 256 AES encrypted data you cannot read 8-) And if you stick it as primary, you need a harddrive password.

Now, with a thinkpad even before you get to the OS, you have swipe your finger and then enter the HDD password.

This is good enough for the average, non-CIA, non-FBI, non-SPY kind of people, just like you and me.

4.) Which laptops have FEDs ?
I was trying to find laptops with FEDs and again thinkpad came to the rescue.
& Surprise - Although I loved the HP laptops, none of them came with FEDs !!!
Dell has an Inspiron with encryption drives, but thinkpad has a lot more value/money. Plus there is thinkvantage 8-) Someday I'll blog about why my logical brain pushes me to thinkpads.

Another option is to buy an FED from Seagate and put it into your laptop. Here is the issue with that or what I've learnt from the Seagate forum. If you buy and configure an FED by yourself, the harddrive is married to your motherboard. In the sense, you cannot take that drive and stick in another laptop. With a thinkpad you can do it.

5.) Lets catch a thief
Think like a thief to catch a thief. If that is difficult 8-) just buy Lojack.
Lojack is a software which can help you track a lost/stolen computer.
Does my new laptop have Lojack ? Ya betcha 8-)

So my friends, if you have your faithful laptop with you, atleast get truecrypt on it and Lojack it 8-)

Follow me on twitter @nikhilkodilkar