Analysis of Laptop Security Incident at Los Alamos Laboratory
-Ciscop Consulting-
Incident
• 80 Laptops lost• 67 were stolen• 13 Found missing when audited
• All Laptops lost offsite
How it Happened
• No audits• No Check-in or check-out procedures
There were, but were not followedFailure to know where laptops were
Recommendation
• Establish two security levels• Low Risk Classification
• Desktop or on-campus devices• Non classified data
• High Risk Classification• Mobile or laptop devices• Sensitive or classified data
• Spiceworks• Check-in and out procedures• Physically locking machines down• More regularly scheduled and formal audits
Low Risk Classification
SpiceWorks
• Separate Spiceworks servers high risk/low risk• Additional servers
• Spiceworks audits daily electronically• Only if computer doesn’t check in for the day
Monday-Friday
Lock Down Machines
• Non mobile devices locked down• Laptop Lockdowns• $10
• Desktop lockdowns• $10/15ft of cable• Covers 3 computers
• $3 per lock
High Risk Classification
• Beacons• RFID• Encrypted hard drives
Beacons
• Constantly sends a location packet to the server
• Wipes the hard dive upon server request• Built into the BIOS• Can be used as an auditing tool
RFID’s
• Passive tags• Creates a log of when and
where a device leaves• High implementation costs• Low recurring costs
RFID’s
• Estimated prices• Readers $500 - $2,000• Tags 7-15 cents each• Support software
Encrypted Hard drives
• All Mobile devices• Full Disc Encryption (FDE)– Uses AES requires authentication before boot up will
occur• Password• Biometrics• Smart cards
– Hard ware encryption– Seagate Monentus 7200 rpm FDE.2 ST9250411AS 89.99
Check-in/out Procedures
• RFID’s help to denote high and low risk• Low risk laptops• Basic Check-out procedures• Once weekly• Monitored by SpiceWorks
• SpiceWorks audits once weekly
• High risk laptops• Check-out Daily• Check-in Daily• Constantly Monitored by SpiceWorks
References
Questions?
Thanks and have a great day!