What can I do to secure a computer, more than a master password at boot? (Anti-theft)

0

I'm about to do a trip in which the risk of computer being stolen is much higher than usual (train, car, let my bag with computer by friends of friends, and obviously I won't take my computer while I'm swimming in the sea etc.).

What I've done so far:

  • master password at boot (in Lenovo BIOS)

  • backups of my hard drive in different places (even in different cities, by my parent's, etc.)

But even if the master password blocks the computer from booting, the hard drive can be easily removed from a Lenovo, and then all my data could be easily taken.

What other options are there?

  • encryption: I was thinking about this, but would this require to rewrite all the 650GB of data of my 1TB SSD ? This would probably be very long...

  • geolocalization: have a software running in background sending a ping with IP and approximate location to a server?

  • or even a keylogger that sends data to a server, so that if it gets stolen, I can have information? or even a software that would connect to my server once every minute from which I could send a "Wipe everything" signal in case of computer being stolen? (ok this looks crazy, but I have been stolen recently -- not a computer -- that's why I want to prevent it to happen again).

I'm mostly on Windows 7 x64 bit, but I sometimes boot on Linux, and access to the D:\ from Linux.

Note: this question is close, but doesn't exactly address all the concerns here.

Basj

Posted 2017-08-06T14:54:45.400

Reputation: 1 356

4Use full disk encryption – Ramhound – 2017-08-06T15:02:53.707

How on Windows 7 x64 Integral? Will this require to rewrite all the 650 GB of data? If not, how much time does it take? Is it easily possible to disable the encryption later? – Basj – 2017-08-06T15:07:52.583

1If you're only worried about a few files, or you don't have bitlocker, you can try enabling EFS on the files you're worried about, though the names would be visible still I think. – jiggunjer – 2017-08-06T16:49:21.070

@jiggunjer does EFS also work if we move the hard drive to another computer? does it need to rewrite all the data? – Basj – 2017-08-06T18:30:34.360

EFS only rewrites the files you encrypt so it should save time, but it is an NTFS feature so your linux files need another solution. It's unlike bitlocker in that only the Windows user who encrypted the files can access them. There is no password involved. – jiggunjer – 2017-08-07T02:33:44.423

@jiggunjer oops so it means if the computer crashes, I cannot move the hard drive to another computer if EFS doesn't use a password to re-identify myself on another computer? – Basj – 2017-08-07T08:11:04.567

Probably, but you might be able to export a separate recovery key (store it on a usb at home), I'm not sure what the options are. – jiggunjer – 2017-08-07T08:18:21.373

When EFS is used to encrypt an already-existing file, a new encrypted file is created. The unencrypted version is "deleted", which means recovery software can potentially recover it. On magnetic medium disks this can be resolved by wiping free space after enabling EFS, but on SSD disks this becomes more complicated since SSDs don't expose all disk sectors to the host. Bottom line: Use FDE if you want to ensure your data is protected. – I say Reinstate Monica – 2017-08-07T23:57:41.563

Answers

2

Use full disk encryption, such as BitLocker (Windows 7 Ultimate) or TrueCrypt/VeraCrypt. Encrypting your existing storage will take a while, but with modern CPUs and SSDs it shouldn't take more than a few hours (limiting factor likely being how fast your SSD can write).

In case your laptop gets lost, your data will be safe assuming your system is in locked state (powered off).

sebasth

Posted 2017-08-06T14:54:45.400

Reputation: 670

So this means it rewrites all the data bytes of the disk? I ask this because after the trip, I'd like to unencrypt, because I don't want to have to write a password each day / or having a 10%-slower I/O system because of encryption. – Basj – 2017-08-06T15:45:13.367

If so, isn't there a "lighter encryption"? (I heard the recent ransomware WannaCrypt did use encryption, this was probably a fast unnoticeable encryption, right?) – Basj – 2017-08-06T15:46:18.960

1@Basj There will be no performance hit with full disk encryption – Ramhound – 2017-08-06T15:47:55.193

Yes, full disk encryption encryption is used to encrypt whole partitions/disks. You can remove encryption later as described in the software documentation. Performance impact is negligible with modern CPUs which have native AES instructions (your bottleneck will still be your disk). – sebasth – 2017-08-06T15:49:00.807

Thanks @sebasth. Even with a fast SSD? Also if I move the disk myself to another computer, can I still access the data? Can I set an memorizable password or forced to use a random alphanumeric sequence that I could loose? – Basj – 2017-08-06T18:36:09.223

1

Your encryption software has recommendations on password length/complexity and backup plans (usually a separate recovery key). Using disk on different machine might vary a bit depending on TPM etc, with VeraCrypt you can use the disk on another computer (same password and VeraCrypt installed). SandyBridge era i5 CPUs benchmarks by AnandTech http://www.anandtech.com/bench/CPU/335 already exceed 1GB/s throughput, so its unlikely your CPU being the bottleneck.

– sebasth – 2017-08-06T18:50:24.367

Asked: 2017-08-06T14:54:45.400

Viewed: 79 times

Active: 2017-08-06T15:22:35.860