SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


The $50,000 Laptop


The $50,000 Laptop

Author
Message
GSquared
GSquared
SSC Guru
SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)

Group: General Forum Members
Points: 55065 Visits: 9730
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.

However, when using VPN it's important not to save your login credentials in Remote Desktop. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.


We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.

Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.

If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Eric M Russell
Eric M Russell
One Orange Chip
One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)One Orange Chip (27K reputation)

Group: General Forum Members
Points: 27914 Visits: 11481
GSquared (1/7/2013)
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.

However, when using VPN it's important not to save your login credentials in Remote Desktop. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.


We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.

Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.

If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).

I don't dial in through a phone connection, always some broadband connection from multiple locations, but I guess the VPN could be setup to only accept from specific IP address. You're right, I first have to login to the VPN using my domain uid/pw. However, knowing hackers, they can probably find a way to decrypt any credentials stored in the VPN or Remote Console config, so I type everything in manually.


"The universe is complicated and for the most part beyond your control, but your life is only as complicated as you choose it to be."
SQLRNNR
SQLRNNR
SSC Guru
SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)SSC Guru (64K reputation)

Group: General Forum Members
Points: 64089 Visits: 18570
Steve Jones - SSC Editor (1/7/2013)
GSquared (1/7/2013)
sqlpadawan_1 (1/7/2013)
With a terabyte of storage for less than $100, free utilities like Sync Toys from Microsoft, and unlimited online backup services as cheap as $60\yr, I will never understand the mentality of not backing up your data. I haven't lost a laptop, but I have lost the hard drive. With my Carbonite backup, I was back up and running with no losses within hours.


Of course, even that isn't completely foolproof. Carbonite lost data for some customers a couple of years ago. Bing/Google "carbonite data loss" and you'll find the news articles about it. Summary here: http://www.datacenterknowledge.com/archives/2009/03/25/more-on-carbonites-data-loss/

However, the odds of Carbonite (or DropBox or SkyDrive or whatever) losing your data is MUCH, MUCH lower than the odds of losing a laptop or having a hard drive fail.


Very true, and you'd hope you wouldn't lose both at the same time.

I keep a backup of my laptop handy, and run one before I leave town. I also make sure I have a third around. I need a remote backup like Carbonite as well, just to be sure, since I'm somewhat depending on Dropbox right now as my final backup.


Similar boat here. I need a carbonite subscription as an extra measure.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw

GSquared
GSquared
SSC Guru
SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)SSC Guru (55K reputation)

Group: General Forum Members
Points: 55065 Visits: 9730
Eric M Russell (1/7/2013)
GSquared (1/7/2013)
Eric M Russell (1/7/2013)
Using the a VPN to connect to my desktop at the office, I don't even have any corporate email on my laptop, it absolutely nothing work related except for the VPN client configuration itself.

However, when using VPN it's important not to save your login credentials in Remote Desktop. Giving a hacker the opportunity to Remote Desktop into your office is an even worse scenario than having a laptop with confidential data on it.


We use 2-factor authentication on VPN. Even with stored credentials, it dials your phone and you have to hit the hash (#) key on the phone to authenticate there. That way, if someone steals your laptop (or finds it and decides to joy-ride, I guess), unless they also get your phone, they can't connect to VPN.

Storing RDP credentials doesn't matter (much) unless you have your VPN domain password on the laptop, even without 2-factor authentication.

If someone got my laptop and my phone, they'd still need to know my current domain password, before they could connect VPN. If they have all that, then stored RDP credentials are the least of my worries (especially since they already have the domain username and password somehow, in order to establish the VPN connection).

I don't dial in through a phone connection, always some broadband connection from multiple locations, but I guess the VPN could be setup to only accept from specific IP address. You're right, I first have to login to the VPN using my domain uid/pw. However, knowing hackers, they can probably find a way to decrypt any credentials stored in the VPN or Remote Console config, so I type everything in manually.


I'm not dialing in via a phone connection. Connect however you normally do, but the VPN server then calls a pre-defined phone number that's assigned to you. Can be your business cell phone, for example. The phone rings, you pick up, hit # on the phone keypad, and then it considers you authenticated. That's AFTER you've typed in your username and password to the VPN client. Nothing to do with how the computer (laptop or otherwise) is connected, just an authentication step.

With that, even if someone uses a keylogger to steal your UID and password, and can somehow copy the VPN connection settings via packet-sniffing or something, unless they also steal your phone, they can't connect.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
TravisDBA
TravisDBA
Hall of Fame
Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)

Group: General Forum Members
Points: 3254 Visits: 3069
I'm not sure that posting a notice like that would get your laptop back at all, or even if so, how much big $$$$$$ the person(s) would try to hold you hostage for it. You would probably be better served just giving a description of the lost laptop rather than revealing what is on it. Anyway, leaving a laptop on a bus is the height of absent-mindedness IMHO, not like leaving a cell phone, which is much easier to lay down and overlook when you leave the bus. That is one big brain fart..:-D

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
D.Oc
D.Oc
Ten Centuries
Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)Ten Centuries (1.2K reputation)

Group: General Forum Members
Points: 1225 Visits: 6480
Definitely need to buy a laptop with TPM chip http://en.wikipedia.org/wiki/Trusted_Platform_Module

-------------------------------------------------------------
"It takes 15 minutes to learn the game and a lifetime to master"
"Share your knowledge. It's a way to achieve immortality."

Mad Hacker
Mad Hacker
SSC Eights!
SSC Eights! (818 reputation)SSC Eights! (818 reputation)SSC Eights! (818 reputation)SSC Eights! (818 reputation)SSC Eights! (818 reputation)SSC Eights! (818 reputation)SSC Eights! (818 reputation)SSC Eights! (818 reputation)

Group: General Forum Members
Points: 818 Visits: 421
I work for a public school system and all of our portable devices have the district seal laser etched on the exterior of the device along with GPS tracking devices embedded internally that automatically notify the network of the current location each time the devices are powered up. While these devices do nothing to protect the data, they will facilitate the recovery of a lost or stolen device, as well as capturing and prosecuting any culprits. Local law enforcement authorities recently recovered (5) stolen devices using this technology.

The bottom line is that it is the user's responsibility to protect both the device and the data. In my opinion, sensitive data should always be protected by encryption if it is carried off site.



Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search