Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

The $50,000 Laptop Expand / Collapse
Author
Message
Posted Monday, January 7, 2013 9:28 AM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 15,444, Visits: 9,596
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.

However, when using VPN it's important not to save your login credentials in Remote Desktop. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.


We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.

Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.

If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).


- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #1403704
Posted Monday, January 7, 2013 9:36 AM


SSCommitted

SSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommittedSSCommitted

Group: General Forum Members
Last Login: 2 days ago @ 6:39 PM
Points: 1,657, Visits: 4,740
GSquared (1/7/2013)
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.

However, when using VPN it's important not to save your login credentials in Remote Desktop. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.


We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.

Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.

If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).

I don't dial in through a phone connection, always some broadband connection from multiple locations, but I guess the VPN could be setup to only accept from specific IP address. You're right, I first have to login to the VPN using my domain uid/pw. However, knowing hackers, they can probably find a way to decrypt any credentials stored in the VPN or Remote Console config, so I type everything in manually.
Post #1403710
Posted Monday, January 7, 2013 10:56 AM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Today @ 7:53 AM
Points: 21,744, Visits: 15,436
Steve Jones - SSC Editor (1/7/2013)
GSquared (1/7/2013)
sqlpadawan_1 (1/7/2013)
With a terabyte of storage for less than $100, free utilities like Sync Toys from Microsoft, and unlimited online backup services as cheap as $60\yr, I will never understand the mentality of not backing up your data. I haven't lost a laptop, but I have lost the hard drive. With my Carbonite backup, I was back up and running with no losses within hours.


Of course, even that isn't completely foolproof. Carbonite lost data for some customers a couple of years ago. Bing/Google "carbonite data loss" and you'll find the news articles about it. Summary here: http://www.datacenterknowledge.com/archives/2009/03/25/more-on-carbonites-data-loss/

However, the odds of Carbonite (or DropBox or SkyDrive or whatever) losing your data is MUCH, MUCH lower than the odds of losing a laptop or having a hard drive fail.


Very true, and you'd hope you wouldn't lose both at the same time.

I keep a backup of my laptop handy, and run one before I leave town. I also make sure I have a third around. I need a remote backup like Carbonite as well, just to be sure, since I'm somewhat depending on Dropbox right now as my final backup.


Similar boat here. I need a carbonite subscription as an extra measure.




Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server


SQL RNNR

Posting Performance Based Questions - Gail Shaw
Posting Data Etiquette - Jeff Moden
Hidden RBAR - Jeff Moden
VLFs and the Tran Log - Kimberly Tripp
Post #1403756
Posted Monday, January 7, 2013 11:40 AM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 15,444, Visits: 9,596
Eric M Russell (1/7/2013)
GSquared (1/7/2013)
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.

However, when using VPN it's important not to save your login credentials in Remote Desktop. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.


We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.

Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.

If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).

I don't dial in through a phone connection, always some broadband connection from multiple locations, but I guess the VPN could be setup to only accept from specific IP address. You're right, I first have to login to the VPN using my domain uid/pw. However, knowing hackers, they can probably find a way to decrypt any credentials stored in the VPN or Remote Console config, so I type everything in manually.


I'm not dialing in via a phone connection. Connect however you normally do, but the VPN server then calls a pre-defined phone number that's assigned to you. Can be your business cell phone, for example. The phone rings, you pick up, hit # on the phone keypad, and then it considers you authenticated. That's AFTER you've typed in your username and password to the VPN client. Nothing to do with how the computer (laptop or otherwise) is connected, just an authentication step.

With that, even if someone uses a keylogger to steal your UID and password, and can somehow copy the VPN connection settings via packet-sniffing or something, unless they also steal your phone, they can't connect.


- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #1403783
Posted Monday, January 7, 2013 2:40 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Yesterday @ 2:03 PM
Points: 1,335, Visits: 3,069
I'm not sure that posting a notice like that would get your laptop back at all, or even if so, how much big $$$$$$ the person(s) would try to hold you hostage for it. You would probably be better served just giving a description of the lost laptop rather than revealing what is on it. Anyway, leaving a laptop on a bus is the height of absent-mindedness IMHO, not like leaving a cell phone, which is much easier to lay down and overlook when you leave the bus. That is one big brain fart..

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ..."
Post #1403880
Posted Thursday, January 10, 2013 11:01 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Monday, March 17, 2014 6:21 AM
Points: 1,073, Visits: 6,477
Definitely need to buy a laptop with TPM chip http://en.wikipedia.org/wiki/Trusted_Platform_Module

-------------------------------------------------------------
"It takes 15 minutes to learn the game and a lifetime to master"
"Share your knowledge. It's a way to achieve immortality."


Post #1405566
Posted Monday, January 14, 2013 7:30 AM
Say Hey Kid

Say Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey KidSay Hey Kid

Group: General Forum Members
Last Login: Friday, August 29, 2014 11:17 AM
Points: 707, Visits: 396
I work for a public school system and all of our portable devices have the district seal laser etched on the exterior of the device along with GPS tracking devices embedded internally that automatically notify the network of the current location each time the devices are powered up. While these devices do nothing to protect the data, they will facilitate the recovery of a lost or stolen device, as well as capturing and prosecuting any culprits. Local law enforcement authorities recently recovered (5) stolen devices using this technology.

The bottom line is that it is the user's responsibility to protect both the device and the data. In my opinion, sensitive data should always be protected by encryption if it is carried off site.



Post #1406724
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse