<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQLServerCentral.com
»
Editorials
»
The $50,000 Laptop
17 posts, Page 2 of 2
««
1
2
The $50,000 Laptop
Rate Topic
Display Mode
Topic Options
Author
Message
GSquared
GSquared
Posted Monday, January 07, 2013 9:28 AM
SSCoach
Group: General Forum Members
Last Login: 2 days ago @ 1:55 PM
Points: 15,442,
Visits: 9,571
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.
However,
when using VPN it's important not to save your login credentials in Remote Desktop
. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.
We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.
Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.
If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #1403704
Eric M Russell
Eric M Russell
Posted Monday, January 07, 2013 9:36 AM
Ten Centuries
Group: General Forum Members
Last Login: Yesterday @ 1:53 PM
Points: 1,164,
Visits: 3,335
GSquared (1/7/2013)
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.
However,
when using VPN it's important not to save your login credentials in Remote Desktop
. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.
We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.
Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.
If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).
I don't dial in through a phone connection, always some broadband connection from multiple locations, but I guess the VPN could be setup to only accept from specific IP address. You're right, I first have to login to the VPN using my domain uid/pw. However, knowing hackers, they can probably find a way to decrypt any credentials stored in the VPN or Remote Console config, so I type everything in manually.
"Wise people understand the 10,000 things without going to each one.
They know them without having to look at each one,
and they transform all without acting on each one." - The Tao Te Ching: Verse 47
Post #1403710
SQLRNNR
SQLRNNR
Posted Monday, January 07, 2013 10:56 AM
SSCoach
Group: General Forum Members
Last Login: Monday, May 20, 2013 1:07 PM
Points: 18,733,
Visits: 12,332
Steve Jones - SSC Editor (1/7/2013)
GSquared (1/7/2013)
sqlpadawan_1 (1/7/2013)
With a terabyte of storage for less than $100, free utilities like Sync Toys from Microsoft, and unlimited online backup services as cheap as $60\yr, I will never understand the mentality of not backing up your data. I haven't lost a laptop, but I have lost the hard drive. With my Carbonite backup, I was back up and running with no losses within hours.
Of course, even that isn't completely foolproof. Carbonite lost data for some customers a couple of years ago. Bing/Google "carbonite data loss" and you'll find the news articles about it. Summary here:
http://www.datacenterknowledge.com/archives/2009/03/25/more-on-carbonites-data-loss/
However, the odds of Carbonite (or DropBox or SkyDrive or whatever) losing your data is MUCH, MUCH lower than the odds of losing a laptop or having a hard drive fail.
Very true, and you'd hope you wouldn't lose both at the same time.
I keep a backup of my laptop handy, and run one before I leave town. I also make sure I have a third around. I need a remote backup like Carbonite as well, just to be sure, since I'm somewhat depending on Dropbox right now as my final backup.
Similar boat here. I need a carbonite subscription as an extra measure.
Jason
AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server 2008
SQL RNNR
Posting Performance Based Questions - Gail Shaw
Posting Data Etiquette - Jeff Moden
Hidden RBAR - Jeff Moden
VLFs and the Tran Log - Kimberly Tripp
Post #1403756
GSquared
GSquared
Posted Monday, January 07, 2013 11:40 AM
SSCoach
Group: General Forum Members
Last Login: 2 days ago @ 1:55 PM
Points: 15,442,
Visits: 9,571
Eric M Russell (1/7/2013)
GSquared (1/7/2013)
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.
However,
when using VPN it's important not to save your login credentials in Remote Desktop
. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.
We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.
Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.
If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).
I don't dial in through a phone connection, always some broadband connection from multiple locations, but I guess the VPN could be setup to only accept from specific IP address. You're right, I first have to login to the VPN using my domain uid/pw. However, knowing hackers, they can probably find a way to decrypt any credentials stored in the VPN or Remote Console config, so I type everything in manually.
I'm not dialing in via a phone connection. Connect however you normally do, but the VPN server then calls a pre-defined phone number that's assigned to you. Can be your business cell phone, for example. The phone rings, you pick up, hit # on the phone keypad, and then it considers you authenticated. That's AFTER you've typed in your username and password to the VPN client. Nothing to do with how the computer (laptop or otherwise) is connected, just an authentication step.
With that, even if someone uses a keylogger to steal your UID and password, and can somehow copy the VPN connection settings via packet-sniffing or something, unless they also steal your phone, they can't connect.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #1403783
TravisDBA
TravisDBA
Posted Monday, January 07, 2013 2:40 PM
Ten Centuries
Group: General Forum Members
Last Login: Thursday, May 09, 2013 9:23 AM
Points: 1,288,
Visits: 2,996
I'm not sure that posting a notice like that would get your laptop back at all, or even if so, how much big $$$$$$ the person(s) would try to hold you hostage for it. You would probably be better served just giving a description of the lost laptop rather than revealing what is on it. Anyway, leaving a laptop on a bus is the height of absent-mindedness IMHO, not like leaving a cell phone, which is much easier to lay down and overlook when you leave the bus. That is one big brain fart..
"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...
"
Post #1403880
D.Oc
D.Oc
Posted Thursday, January 10, 2013 11:01 AM
Ten Centuries
Group: General Forum Members
Last Login: Monday, May 06, 2013 4:10 PM
Points: 1,053,
Visits: 6,426
Definitely need to buy a laptop with TPM chip
http://en.wikipedia.org/wiki/Trusted_Platform_Module
-------------------------------------------------------------
"It takes 15 minutes to learn the game and a lifetime to master"
"Share your knowledge. It's a way to achieve immortality."
Post #1405566
Mad Hacker
Mad Hacker
Posted Monday, January 14, 2013 7:30 AM
Say Hey Kid
Group: General Forum Members
Last Login: Yesterday @ 8:57 AM
Points: 700,
Visits: 373
I work for a public school system and all of our portable devices have the district seal laser etched on the exterior of the device along with GPS tracking devices embedded internally that automatically notify the network of the current location each time the devices are powered up. While these devices do nothing to protect the data, they will facilitate the recovery of a lost or stolen device, as well as capturing and prosecuting any culprits. Local law enforcement authorities recently recovered (5) stolen devices using this technology.
The bottom line is that it is the user's responsibility to protect both the device and the data. In my opinion, sensitive data should always be protected by encryption if it is carried off site.
Post #1406724
« Prev Topic
|
Next Topic »
17 posts, Page 2 of 2
««
1
2
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
