April 14, 2015 at 6:50 am
I would be sacked and possibly subject to criminal proceedings if my employer discovered I had been working in a public place such as Starbucks.
April 14, 2015 at 6:52 am
t.pinder (4/14/2015)
Grant Fritchey (4/14/2015)
All this "never use public WIFI" and "never work in public" might be viable when you have a job that requires you to show up in an office from 9-5. But if you're travelling as part of your work or you're a consultant without an office, or you're a person working for a company remotely, or your place of employment is one of the growing trend where they don't need you to be in the office every day, and probably many other reasons I can't think of, you may find yourself in a restaurant, at a library, in an airport, definitely in a hotel, using your laptop. It's unreasonable to assume otherwise. Yeah, the person who walked away from their laptop in the care of a random stranger in a completely open environment like a Starbucks, they pretty much deserve what they get. But there are a lot of us taking all the precautions we reasonably can, but can't just wall ourselves off in our cube in order to avoid everything and everyone that might be risky.Oh, and why have a laptop at all then?
But then you really ought to be using (at the very least) a VPN. and all the other security others have mentioned (whole disk encryption etc etc).
Yes. Of course. I'm just saying, there are many of us who can't simply wall ourselves off as a security measure. It won't work.
----------------------------------------------------The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood... Theodore RooseveltThe Scary DBAAuthor of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd EditionProduct Evangelist for Red Gate Software
April 14, 2015 at 7:31 am
Pick up a book called "No-Tech Hacking". It's certainly an eye-opener on this topic if it doesn't scare the **** out of you first.
Grant is right: We can't always wall ourselves off everywhere we go, but simple situational awareness and thoughtful practices can certainly minimize risk.
____________
Just my $0.02 from over here in the cheap seats of the peanut gallery - please adjust for inflation and/or your local currency.
April 14, 2015 at 7:48 am
I've seen even crazier stuff on YouTube - like someone walking down the street just swipes a laptop off someone's outdoor cafe table while the person is sitting there using it.
But that is an extreme case. Regarding the Starbucks story, I for one believe the days of "can you watch my stuff while I go to the bathroom" are long gone. I pack up like a turtle and take everything with me if I am out alone with no friend to keep an eye out.
-webrunner
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html
April 14, 2015 at 7:50 am
Grant Fritchey (4/14/2015)
All this "never use public WIFI" and "never work in public" might be viable when you have a job that requires you to show up in an office from 9-5. But if you're travelling as part of your work or you're a consultant without an office, or you're a person working for a company remotely, or your place of employment is one of the growing trend where they don't need you to be in the office every day, and probably many other reasons I can't think of, you may find yourself in a restaurant, at a library, in an airport, definitely in a hotel, using your laptop. It's unreasonable to assume otherwise. Yeah, the person who walked away from their laptop in the care of a random stranger in a completely open environment like a Starbucks, they pretty much deserve what they get. But there are a lot of us taking all the precautions we reasonably can, but can't just wall ourselves off in our cube in order to avoid everything and everyone that might be risky.Oh, and why have a laptop at all then?
Mobile hotspot paid by the employer? I personally have my own and use it outside of public WIFI because I too am paranoid about jumping on public networks.
April 14, 2015 at 8:09 am
t.pinder (4/14/2015)
Well, if you can't trust someone you just met in a coffee shop then who can you trust?
+1
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html
April 14, 2015 at 8:29 am
xsevensinzx (4/14/2015)
Grant Fritchey (4/14/2015)
All this "never use public WIFI" and "never work in public" might be viable when you have a job that requires you to show up in an office from 9-5. But if you're travelling as part of your work or you're a consultant without an office, or you're a person working for a company remotely, or your place of employment is one of the growing trend where they don't need you to be in the office every day, and probably many other reasons I can't think of, you may find yourself in a restaurant, at a library, in an airport, definitely in a hotel, using your laptop. It's unreasonable to assume otherwise. Yeah, the person who walked away from their laptop in the care of a random stranger in a completely open environment like a Starbucks, they pretty much deserve what they get. But there are a lot of us taking all the precautions we reasonably can, but can't just wall ourselves off in our cube in order to avoid everything and everyone that might be risky.Oh, and why have a laptop at all then?
Mobile hotspot paid by the employer? I personally have my own and use it outside of public WIFI because I too am paranoid about jumping on public networks.
That can work, assuming the employer is ready to pay for it. Also, assuming you don't travel overseas.
Security is all about access and target hardening. You're focused on access. And maybe that's the way to go. I personally find it extremely impractical and expensive. Instead, I try to harden my target through a lot of the processes that others have said. Could a really determined and skilled hacker get at my system? Yeah, probably. Is some script kiddie hanging out in Starbucks? Nope.
----------------------------------------------------The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood... Theodore RooseveltThe Scary DBAAuthor of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd EditionProduct Evangelist for Red Gate Software
April 14, 2015 at 8:43 am
Some thoughts on this, as it directly applies to me...
The Kensington locks are nice, but yes, can be easily defeated. The type that use the "round" type key can be beaten with a 20c Bic stic pen (Google for this one, I actually tried it on a cable lock of my own, it works, and quickly...)
For a brief period after a stolen laptop incident, we were told we could not, ever, no matter what, leave our laptops in our cars, even in the trunk out of sight. The policy was eventually relaxed a little, such that we can now leave the laptops in our trunks for short periods of time (say running in to the store to get groceries) IF the laptop is secured to the vehicle via a cable lock.
Can this be betean? Sure, steal my car, or pop the trunk and yank really hard to rip the cable lock out of the laptop...
That being said, we are explicitly prohibited from working using "non-trusted" networks. So Starbucks wifi is out, hotel wifi we can get approval to use, our personal home networks are OK. All connections to the office are required to go through a VPN as well.
That being said, I wouldn't trust anyone whom I didn't know personally with watching any of my electronics (laptop, cell, tablet, eReader) To easy for those items to "grow legs" and walk away...
April 14, 2015 at 8:54 am
I use a BIOS password and BitLocker and the machine can be wiped remotely. Regardless, I'd never leave it unattended like that. I don't even leave my desk without locking it.
Cheers
April 14, 2015 at 8:59 am
Ed Wagner (4/14/2015)
Personally, I wouldn't be sitting around working in a Starbucks. Then again, I'm also the semi-paranoid type who won't use public wireless networks for work at all because they aren't secure. I've heard and read too many instances of people getting things hijacked and just don't use them.My company has some good rules for working with data. No unencrypted copies of data, full disk encryption, don't take data home, make sure your devices are protected and encrypted, etc. Mostly common sense stuff, but making it policy makes it more real for everyone and enforceable. I don't have to like everything that's in place, but I certainly do respect it. The alternative is to bury your head in the sand and not believe anything bad can happen - until it does.
I agree and act the same. My employer also has strict security policies related to this kind of stuff and they are enforced.
Cheers
April 14, 2015 at 9:03 am
Grant Fritchey (4/14/2015)
xsevensinzx (4/14/2015)
Grant Fritchey (4/14/2015)
All this "never use public WIFI" and "never work in public" might be viable when you have a job that requires you to show up in an office from 9-5. But if you're travelling as part of your work or you're a consultant without an office, or you're a person working for a company remotely, or your place of employment is one of the growing trend where they don't need you to be in the office every day, and probably many other reasons I can't think of, you may find yourself in a restaurant, at a library, in an airport, definitely in a hotel, using your laptop. It's unreasonable to assume otherwise. Yeah, the person who walked away from their laptop in the care of a random stranger in a completely open environment like a Starbucks, they pretty much deserve what they get. But there are a lot of us taking all the precautions we reasonably can, but can't just wall ourselves off in our cube in order to avoid everything and everyone that might be risky.Oh, and why have a laptop at all then?
Mobile hotspot paid by the employer? I personally have my own and use it outside of public WIFI because I too am paranoid about jumping on public networks.
That can work, assuming the employer is ready to pay for it. Also, assuming you don't travel overseas.
Security is all about access and target hardening. You're focused on access. And maybe that's the way to go. I personally find it extremely impractical and expensive. Instead, I try to harden my target through a lot of the processes that others have said. Could a really determined and skilled hacker get at my system? Yeah, probably. Is some script kiddie hanging out in Starbucks? Nope.
Hrrm. Why wouldn't the employer pay for it? If you're not being comped for using paid WIFI to do work remotely on travel, then you may want to revisit that with someone. I mean, you don't pay for the interwebs at work when you come into the office do you? 😛
But, I'm pretty sure hotspots work international too. You likely just have to pay a higher premium when you go overseas just like your mobile depending on your mobile companies relationship with local networks in the city you're visiting. I could be wrong though. I just know I have data when I visit London to Oslo.
I don't think access in this context is that expensive. You're talking about either using public or private. The price point difference is not extreme and the accessibility to both is highly accessible. So, you get a hotspot and use public WIFI when the hotspot is not available. It still reduces the risk over time without breaking the bank or your back setting it up.
April 14, 2015 at 9:44 am
lshanahan (4/14/2015)
Pick up a book called "No-Tech Hacking". It's certainly an eye-opener on this topic if it doesn't scare the **** out of you first.Grant is right: We can't always wall ourselves off everywhere we go, but simple situational awareness and thoughtful practices can certainly minimize risk.
I'm not familiar with that book, but Kevin Mitnick's books on intrusion are quite good.
-----
[font="Arial"]Knowledge is of two kinds. We know a subject ourselves or we know where we can find information upon it. --Samuel Johnson[/font]
April 14, 2015 at 9:54 am
Leveraging something like a botnet or backdoor trojan, a hacker doesn't even need physical access to the laptop to get at your files. The type of security threats that keep me from falling back to sleep at 2AM are those that lurk silently in the background.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
April 14, 2015 at 10:09 am
jasona.work (4/14/2015)
..For a brief period after a stolen laptop incident, we were told we could not, ever, no matter what, leave our laptops in our cars, even in the trunk out of sight. The policy was eventually relaxed a little, such that we can now leave the laptops in our trunks for short periods of time (say running in to the store to get groceries) IF the laptop is secured to the vehicle via a cable lock.
Can this be betean? Sure, steal my car, or pop the trunk and yank really hard to rip the cable lock out of the laptop.....
The problem is, carrying it with you is not secure either. Carrying armloads of bags, sitting at a restaurant etc. are easily vulnerable to grab-and-run. Out of sight in a car is probably better. A thief would have to break into random cars to find one, which starts to attract a lot of attention. Of course NEVER open you trunk where you park, pack everything in place some distance away, then drive in and park.
I had a co-worker lose his briefcase at the airport carousel, during the fraction of a second it took to reach for his suitcase, someone grabbed the case from between his legs.
Probably the safest is an empty laptop, with everything on remote.
...
-- FORTRAN manual for Xerox Computers --
April 14, 2015 at 10:14 am
First, the Starbucks story is made up, but based on real events reported by people. However, don't get wrapped up in I left my laptop on a table. You could be there, you could turn around, you could be working without a network, you could be sitting in your car. There's innumerable situations where your laptop could be taken. Including the way travelers at airports would slip metal onto your person, get you held up at the metal detector and take your laptop on the other side, walking away with it.
There are plenty of "opportunistic" ways people can get your physical machine, so you should prepare for those. Encrypt the disk, and make sure you have good passwords. Don't save connections to VPNs or secure places.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Viewing 15 posts - 16 through 30 (of 57 total)
You must be logged in to reply to this topic. Login to reply