What steps, precautions, dos and don’ts are there to taking a laptop on the road (aside from dodging oncoming traffic)?
We have both Win 7 and OS X machines that connect to airport and hotel wireless access points. The PC runs mainly runs Firefox (with adblock, NoScript, etc.), Thunderbird, Dreamweaver and Office 2007. There are other applications running in the background, the only one I think may be relevant is Pidgin(clearly let us know if there are other things to check). It’s also running Microsoft Security Essentials.
The Mac runs mostly the same, except it has Entourage instead of Thunderbird and AFAIK only OS X default security.
Though these aren’t our primary storage machines (we have an NAS at home), there is sensitive information in various places (e.g., Word documents with personal or client information).
I tend to run towards the paranoid, and am a bit freaked out that the most I’ve done so far is select “public network” when Windows connects.
So… what now?
For each of the machines, what services and settings should I be checking (or unchecking), running (or not running), and doing (or not doing)? Should browsing habits—particularly logging in to sites–change? Also, for Very Sensitive Files, is there a quick and effective way to password protect them that can be wholly undone when we return to the office?
Lastly, though my main focus is on network security, any thoughts about Lojack-like software that tries to call home if a machine is stolen? Are they worth it or so easily disabled that it’s the cyber-equivalent of The Club?
Here’s my rough advice, ordered from safest to least safe (my estimates):
Don’t go online unless you have to.
Remove all sensitive files from your laptop. You should not be traveling with them unless you absolutely have to, and if that’s the case, use encryption software (built into Windows and OSX, or a third-party solution like TrueCrypt).
Sign up for a VPN service.
Use a 3G/4G cellular connection instead of public WiFi.
Use a Linux Live CD or a virtualized Linux environment.
Use the OSX laptop instead of Windows.
Regardless of OS, make a new guest account (as a limited, non-admin user) just for internet browsing. Don’t store sensitive files on this account.
Use HTTPS whenever possible. There is an HTTPS Everywhere extension for Firefox that makes this easier. Check your email through Gmail’s HTTPS version – even if you use insecure POP3 from another email provider, you can route it through Gmail.
Don’t access any non-HTTPS sites if you can help it at all. This includes the Dope, etc.
LoJack could potentially help you if the thief is dumb enough to connect to the Internet before a wipe. LoJack built into the BIOS (such as on business-class Dells) is even better. A proximity alarm that bleeps like crazy when too far away from your physical body is even better.
Do nothing at all. With a modern, patched machine, the chances of getting hacked from a public hotspot isn’t really that big to begin with. But of course, there’s always a tradeoff between convenience and security – where you want to be on that line is up to you.