Home » Skills » COMSEC: Get Security

Notebook Security

No public posts in this group. You must register or login and become a subscriber in order to post messages, and view any private posts.
a skill ( something you can learn how to do using Skillpedia ) by lxpk Fri, 2008-05-02 10:20

Notebook computers are especially vulnerable to security risks because you carry them with you.

Notebook COMSEC

The US Government mandates notebook security and you should pay careful attention to the security of your notebooks too.

  • Theft Prevention: A computer bag is something you do not want to lose. Any time you carry a computer, you must have heightened awareness and diligence to avoid getting it stolen. Keep your bags near you at all times.
  • Untrusted Wireless: Using foreign wireless internet is also a risk. Any wireless access you use can intercept your traffic, compromising your privacy and security.
    • Use Encryption : Encrypting your communications ensures that even someone snooping your packets cannot easily decypher their contents.
    • You can find hotspots with wififreespot.com. Obviously, you'll need to scout for locations before you get there.
  • Property Return Services: Register mobile gear with a property return service like StufBak (free with Radtech cases), which can help increase the odds of your lost devices being returned to you. Across 15 independent media tests of StuffBak's service, 75% of StuffBak-labeled items were recovered, compared to 5% without.
  • Recovery Software: There are also programs like Undercover, zTrace and CyberAngel that will report the location of a stolen laptop. They work when the laptop connects to the Internet, and can report the laptop's exact physical location.
  • Contact Info: Make sure your name and contact information are in the case or on a sticker applied to your notebook

 

Encrypting Or Obscuring Data While Traveling

"The Ninth Circuit's recent ruling (pdf) in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers’ rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a letter asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers’ data. The letter also asks Congress to pass legislation protecting travelers’ laptops and smart phones from unlimited government scrutiny.

If privacy at the border is important to you, contact Congress now and ask them to take action!

In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home?

 

Finally, however useful these techniques might be to protect laptops, travelers do not have this array of options for protecting data stored on less configurable smart phones. Of course, many phones do have a lock or password protection option, which travelers might consider enabling before heading to the airport.

In sum, while you must submit yourself and your electronic devices to warrantless and suspicionless searches at the border, you are not legally obligated to decrypt information or reveal passwords. However, if you fail to do so, the border agents may detain or search you, or even seize the device. There are no options that provide perfect privacy protection, but there are some options that reduce the likelihood that a legitimate international traveler's confidential information will be subjected to arbitrary and capricious examination.

Example Security Precaution

Attorney Alice needs to have confidential attorney-client privileged information overseas. Before departure, she removes unnecessary information, encrypts her hard drive with strong crypto and sets up a login for a protected account and a travel account on her computer. To access the confidential data, one would need to first login to the protected account, and then open the encrypted files. Only Alice’s employer (The Law Offices of Bob) knows the passwords to the account and encrypted data, and keeps them secret until Alice arrives at her destination. Bob then sends the passwords to Alice in an encrypted email message.

 

 

http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t

‹ Mobile Bootable OSupOPSEC: Operation Security ›
»