Problem solve Get help with specific problems with your technologies, process and projects.

What are the best authentication tools for locking down a laptop?

Stolen laptops continue to be a troublesome issue for businesses. In this Identity Management and Access Control Ask the Expert Q&A, Joel Dubin reviews the best available authentication and encryption tools for securing company laptops.

My company has a lot of remote users and people traveling with laptops. What are the best authentication tools that should be installed on each laptop to protect against malicious access or theft?

This has been a big issue even before the recent theft of a VA employee's laptop containing the personal information of 26 million people. Laptops, because they're mobile and used in public places, are susceptible to theft.

The best solution is to make a stolen laptop unusable by encrypting the laptop's hard drive. This makes it impossible to read or retrieve all laptop data, whether sensitive or not. Even if the hard drive is removed from the machine and reinstalled in another laptop, desktop or even test bed, the data still cannot be recovered.

A popular tool is SafeBoot N.V.'s Device Encryption, designed specifically for laptops and other mobile devices. The product is part of the company's suite of data encryption tools for various IT devices, including USB keys.

The nice thing about SafeBoot is that it requires a user ID and password before the operating system even loads. This protects users from the age-old trick of using a Linux boot disk, like Knoppix, to bypass the operating system log on credentials and access the machine.

If you require more than a user ID and password, SafeBoot can also be configured to synch with one-time password (OTP) tokens, biometrics devices or a PKI system. The tool uses RC5 and 256-bit AES encryption, and it encrypts data behind the scenes while the user is working on the laptop. This happens transparently and without affecting performance.

PGP Corp. also offers Whole Disk Encryption for Professionals, a similar product that seamlessly encrypts a laptop's or other mobile device's entire hard disk. Another popular tool is Encryption Anywhere from GuardianEdge Technologies Inc. There's also SecureDoc from WinMagic Inc., designed for Windows systems and the open source TrueCrypt that runs on both Windows and Linux platforms.

More information:

  • Weigh the pros and cons of laptop encryption.
  • Where do you stand on the laptop security debate?
  • This was last published in October 2006

    Dig Deeper on Two-factor and multifactor authentication strategies