Proposal 2010

INTRODUCTION
Ensuring security in a system is one of the best ways to protect the system from theft
either in hardware (physical components or software (data). Organizations are trying all
the ways out to protect their assets so far as their IT departments are concern. Any lost
of hardware or software relates to cost. And as the adage goes, organizations would
like to reduce cost and maximizes profit. It is therefore the aim of every organization to
make profit but not lost.

This piece is to highlight the various ways upon which a computer system can be made
safe from both data lost and stealing of the whole computer. As the organization is
trying to lunch a pilot program of distributing laptops to deserved people in East
Malaysia, it is therefore necessary for some of these methods to be applied to these
systems. This will help prevent data lost and theft since the organization may follow up
with this project in future for the success of the project.

The following scenarios have been created for the organization to assess which of the
methods will be best to support the program. The report has been prepared to be more
cost effective and better still more effective for its purposes.

SETTING A BIOS PASSWORD

This is a password set in the system Basic Input and Output system which is demanded
at the boot up before the operating system starts. This kind of protection is stronger
than using the Operating System such Windows to set up the user account. Without the
password the user will not be able to use the system or make any configuration
(changes). This is because the BIOS introduce the core components (Hard drive,
Motherboard, Processor, Memory etc) to each other.
Setting up the BIOS password will secure the software of the system from unauthorized
access of data and system configuration. This will help maintain the organization’s
settings in the system and prevent it from being modified or stolen.

1
 Proposal 2010

Configuring BIOS
BIOS configuration to control the way the system should boot or start up is also very
important. This tries to hide a lot of security futures from the user and prevents user
interventions. That is the user may not have access to certain security features to
modify them. This will make it difficult for the user to resell the laptop to others.

Label and Tag the Laptop and All Accessories

This makes sure that everything that can be labeled is labeled with the name of the
organization, and ensures that these labels are conspicuous. The potential theft value of
a laptop or peripheral is reduced greatly when additional work is required to remove the
identifying marks. Conspicuous identity labels also significantly increase the risk of a
potential thief being caught in the act of theft or reselling or distribution.

Signing of Agreements
From the scenario, it is understood that the laptops are going to be used and cared for
by people who do not own them and who do not necessarily have to pay for their
replacement. This can be problematic. A clearly written, clearly communicated policy
that states the user’s responsibility for the laptop can significantly reduce the risk of
theft, if only by increasing the user’s risk awareness. While the details of user
responsibility and liabity will spells out the risks of laptop theft, the responsibility of the
user and the liability of the user. The organization should have all users sign off on this
policy at the time a portable computer is given out to the user. This will ensure that the
user is aware of the risk of theft and his or her responsibility in the protection and,
potentially, replacement of the laptop.

The Use of Open Source Software (Prey)

Prey helps to locate missing laptop by sending timed reports with a bunch of information
of its whereabouts. This includes the general status of the computer, a list of running
programs and active connections, fully-detailed network and wifi information, a
screenshot of the running desktop and — in case the laptop has an integrated webcam
— a picture of the user is sent.

2
 Proposal 2010

Prey uses a remote activation system which means the program sits silently in the
computer until you actually want it to run. If so, it gathers all the information and sends it
to your Prey web control panel or directly to your mailbox. The thief or the user will
never know his movements are being watched.

Although I don not know much about how the organization is going to handle their client
privacy, I still recommend this system to be incorporated in the system so that users will
be properly monitored to prevent them from reselling of the laptops.

Use of Anti Virus

The anti virus is not necessary a security check but will help prevent situations of users
files contracting various which may lead to user formatting of the laptop. This will lead to
eraser of important security checks in the system.

Conclusion
The above methods proposed are the best ways for the organization to monitor its
clients from reselling of the laptops. Since the users are not going to be monitored 24/7
in their various homes or work places, these methods are the best so far of all the
research I did.

As a programmer and a computer security expect I can say that there is no system
which is 100% secure but we try as much possible to protect some aspects that are
protectable.

No matter how secure the system looks, there are still loose holes for people to operate
on. Hence a combination of two or more of the above methods will help in satisfying the
organizations objectives along this line.