Analysis of Laptop Security Incident at Los Alamos Laboratory
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

Analysis of Laptop Security Incident at Los Alamos Laboratory -Ciscop Consulting- PowerPoint PPT Presentation


  • 44 Views
  • Uploaded on
  • Presentation posted in: General

Analysis of Laptop Security Incident at Los Alamos Laboratory -Ciscop Consulting-. Incident. 80 Laptops lost 67 were stolen 13 Found missing when audited All Laptops lost offsite. How it Happened. No audits No Check-in or check-out procedures There were, but were not followed

Download Presentation

Analysis of Laptop Security Incident at Los Alamos Laboratory -Ciscop Consulting-

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Analysis of Laptop Security Incident at Los Alamos Laboratory-Ciscop Consulting-


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Incident

  • 80 Laptops lost

    • 67 were stolen

    • 13 Found missing when audited

  • All Laptops lost offsite


Analysis of laptop security incident at los alamos laboratory ciscop consulting

How it Happened

  • No audits

  • No Check-in or check-out procedures

    • There were, but were not followed

    • Failure to know where laptops were


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Recommendation

  • Establish two security levels

  • Low Risk Classification

    • Desktop or on-campus devices

    • Non classified data

  • High Risk Classification

    • Mobile or laptop devices

    • Sensitive or classified data


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Low Risk Classification

  • Spiceworks

  • Check-in and out procedures

  • Physically locking machines down

  • More regularly scheduled and formal audits


Analysis of laptop security incident at los alamos laboratory ciscop consulting

SpiceWorks

  • Separate Spiceworks servers high risk/low risk

    • Additional servers

  • Spiceworks audits daily electronically

    • Only if computer doesn’t check in for the day Monday-Friday


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Lock Down Machines

  • Non mobile devices locked down

  • Laptop Lockdowns

    • $10

  • Desktop lockdowns

    • $10/15ft of cable

      • Covers 3 computers

    • $3 per lock


Analysis of laptop security incident at los alamos laboratory ciscop consulting

High Risk Classification

  • Beacons

  • RFID

  • Encrypted hard drives


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Beacons

  • Constantly sends a location packet to the server

  • Wipes the hard dive upon server request

  • Built into the BIOS

  • Can be used as an auditing tool


Analysis of laptop security incident at los alamos laboratory ciscop consulting

RFID’s

  • Passive tags

  • Creates a log of when and

  • where a device leaves

  • High implementation costs

  • Low recurring costs


Analysis of laptop security incident at los alamos laboratory ciscop consulting

RFID’s

  • Estimated prices

    • Readers $500 - $2,000

    • Tags 7-15 cents each

    • Support software


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Encrypted Hard drives

  • All Mobile devices

  • Full Disc Encryption (FDE)

    • Uses AES requires authentication before boot up will occur

      • Password

      • Biometrics

      • Smart cards

    • Hard ware encryption

    • Seagate Monentus 7200 rpm FDE.2 ST9250411AS 89.99


Check in out procedures

Check-in/out Procedures

  • RFID’s help to denote high and low risk

  • Low risk laptops

    • Basic Check-out procedures

      • Once weekly

      • Monitored by SpiceWorks

        • SpiceWorks audits once weekly

  • High risk laptops

    • Check-out Daily

    • Check-in Daily

    • Constantly Monitored by SpiceWorks


Analysis of laptop security incident at los alamos laboratory ciscop consulting

References


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Questions?


Analysis of laptop security incident at los alamos laboratory ciscop consulting

Thanks and have a great day!


  • Login