Network Risks
Your company's firewall adequately protects your desktop workstations from outside network attacks, but laptops are directly exposed to network attacks whenever employees use a modem to connect to the Internet. Laptops are also vulnerable when employees travel to a client's site and connect the laptop to the client's network. Malicious users know many methods (e.g., mapped drives, the Scheduler service, Telnet) of gaining entry into a Win2K or NT computer over a network. To protect laptops from such attacks, you need to lock down your standard laptop configuration by disabling all unnecessary services. For information about the risks of Win2K's native services, see my three-part "Dangerous Services" series listed in "Related Reading." You can adapt this information to the NT platform. I also strongly recommend that you consider implementing a personal firewall on your laptops.
NT lets you define port filtering, but because the OS can't distinguish incoming packets from outgoing packets, you'll probably find this functionality useless. Win2K's IP Security (IPSec) offers more flexible port filtering, which lets you provide good protection for your laptops from network attacks. Of course, you can always opt to purchase one of the many personal firewalls available from Independent Software Vendors (ISVs). For more information about personal firewalls, see "Related Reading."
Virus Signature Updates
The importance of installing a virus scanner on each computer and keeping it up-to-date is obvious, but laptops present unique virus concerns. Most enterprise antivirus products offer a variety of methods for updating virus signatures on your computers, including the ability to configure a server to regularly download the latest signatures and distribute them to workstations through your LAN. To conserve network bandwidth, many administrators choose this option rather than configuring computers to individually contact the antivirus vendor's Web site. However, laptops typically connect to your company's LAN irregularly and thus might not receive updates through your internal distribution mechanism for weeks at a time. I recommend that you configure laptops—particularly those belonging to highly mobile users—to automatically download virus signature updates directly from the Internet.
The Importance of Backups
Backing up laptops is usually even more important than backing up workstations. You probably don't permit users to store important information on workstations, instead centralizing that information on servers that you back up nightly. But laptop users must keep important files on their local hard disk because they're often not connected to the company LAN. Yet you can't depend on users to regularly back up their computers. Even if laptop users conscientiously back up their computers, the backup media are probably nestled inside the carrying case with the laptop. Backups won't do you any good if they're damaged, lost, or stolen along with the computer.
Online backups provide a solution. You can implement an online backup server internally, or you can use an online backup service over the Internet. I use NetMass's SystemSafe service. I simply created an account on the company's Web site, installed the SystemSafe client software, and chose an encryption key. Each night, the client determines which files have changed since the most recent backup, compresses and encrypts those files locally, then sends the update to a NetMass backup server. I get offsite, fault-tolerant backups for about $15 a month. Because the backup client uses compression and transmits only information that has changed, the backup is quick—even over a dial-up line. You can configure most backup clients to automatically initiate a dial-up connection if the computer isn't already connected to the Internet. You don't need to keep track of backup floppy disks or offsite storage. The service is secure because it encrypts information with a key that doesn't leave your computer. Neither the backup-service provider nor anyone sniffing packets on the Internet can use the information. If you're uncomfortable with the thought of another company maintaining your information, you can implement an inhouse online backup product, such as Dantz Development's Retrospect Backup.
Don't Rely on Users
Laptop security is a difficult prospect. As a primary measure, make sure users implement appropriate physical security. But don't bet the farm on your users. Use encryption products to protect confidential information. Ensure that the virus protection on laptops is equal to or better than that on your internal computers. Protect your laptops from network attacks, particularly when they're exposed to potentially hostile networks. And do your users and yourself a favor: Implement an automatic online backup solution.
End of Article
Prev. page
1
[2]
next page -->
