1 / 17

Analysis of Laptop Security Incident at Los Alamos Laboratory -Ciscop Consulting-

Analysis of Laptop Security Incident at Los Alamos Laboratory -Ciscop Consulting-. Incident. Initially 3 laptops were stolen BlackBerry also stolen Triggered Internal Audit 80 Laptops lost or missing 67 were stolen 13 Found missing All Laptops lost offsite. How it Happened. No audits

velika
Download Presentation

Analysis of Laptop Security Incident at Los Alamos Laboratory -Ciscop Consulting-

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Analysis of Laptop Security Incident at Los Alamos Laboratory-Ciscop Consulting-

  2. Incident • Initially 3 laptops were stolen • BlackBerry also stolen • Triggered Internal Audit • 80 Laptops lost or missing • 67 were stolen • 13 Found missing • All Laptops lost offsite

  3. How it Happened • No audits • No Check-in or check-out procedures • There were, but were not followed • Failure to know where laptops were

  4. Recommendation • Establish two security levels • Low Risk Classification • Desktop or on-campus devices • Non classified data • High Risk Classification • Mobile or laptop devices • Sensitive or classified data

  5. Low Risk Classification • Spiceworks • Check-in and out procedures • Physically locking machines down • More regularly scheduled and formal audits

  6. SpiceWorks • Separate Spiceworks servers high risk/low risk • Additional servers • Spiceworks audits daily electronically • Only if computer doesn’t check in for the day Monday-Friday

  7. Lock Down Machines • Non mobile devices locked down • Desktop lockdowns • $10/15ft of cable • Covers 4-5 computers • $3 per lock • Laptop Lockdowns • $10

  8. High Risk Classification • Beacons • RFID • Encrypted hard drives

  9. Beacons • Constantly sends a location packet to the server • Wipes the hard dive upon server request • Built into the BIOS • Can be used as an auditing tool

  10. RFID’s • Passive tags • Creates a log of when and • where a device leaves • High implementation costs • Low recurring costs

  11. RFID’s • Estimated prices • Readers $500 - $2,000 • Tags 7-15 cents each • Support software

  12. Encrypted Hard drives • All Mobile devices • Full Disc Encryption (FDE) • Uses AES requires authentication before boot up will occur • Password • Biometrics • Smart cards • Hard ware encryption • Seagate Monentus 7200 rpm FDE.2 ST9250411AS 89.99

  13. Check-in/out Procedures • RFID’s help to denote high and low risk • Low risk laptops • Basic Check-out procedures • Once weekly • Monitored by SpiceWorks • SpiceWorks audits once weekly • High risk laptops • Check-out Daily • Check-in Daily • Constantly Monitored by SpiceWorks

  14. References • Merritt, C. M. (n.d.). lessons from lanl laptop loss. Retrieved from http://blog.lumension.com/?p=573 • Jackson, J. J. (2009, Febuary 13). Los alamos stung by loss of scores of laptops. Retrieved from http://www.gcn.com/Articles/2009/02/13/LANL-Laptop-Loss.aspx?Page=1 • Moscaritolo, A. M. (2009, Febuary 12). Los alamos computers go missing. Retrieved from http://www.scmagazineus.com/los-alamos-computers-go-missing/article/127281/ • Mellor, A. M. (2007, August 7). los alamos nuclear lab loses more data . Retrieved from http://www.networkworld.com/news/2007/080707-los-alamos-nuclear-lab-loses.html • Los Alamos National Security, LLC, Initials. (2009). Los Alamos National Laboratory - Nuclear Weapons. Retrieved from http://www.lanl.gov/natlsecurity/nuclear/index.shtml • Files • Loveless, B. (2009, February 16). Missing los alamos lab computers prompt nnsa call for more control. Inside Energy, 12. Missing_Los_Alamos_lab_computers_prompt_NNSA.PDF • Associated Press. (2009, February 12). US nuke lab loses 67 computers. The New Zealand Herald, • US_nuke_lab_loses_67_computers_The_New_Zeala.PDF • Cobit Student Book. (2004). Cobit in academia. Rolling Meadows, IL: IT Governance Institute. Cobit_Student.pdf

  15. Questions?

  16. Thanks and have a great day!

More Related