Laptop level security tips.

GarIT

Basically I'm related to someone who is somewhat a celebrity. I rather not go into details here although it is relevant. They travel the world spending a lot of time in hotels, airports and those sort of places. They use both Mac and Windows but mainly Mac. What security precautions should they be taking to ensure their privacy?

knuth

Encryption and a lesson about public hotspots ( mitm, DNS etc )

syklops

lordlame wrote: »

Encryption and a lesson about public hotspots ( mitm, DNS etc )

I wish I could thank this post twice.

Hard drive encryption on the laptop so if stolen or lost no-one can see their data. Never, ever, allow them use public hot spots. Consider using GPG when using email and other browsing. There is an extension for Firefox called FireGPG, which implements the GPG protocol for Gmail and other browsing.

General security training a must.

BaconZombie

If you are extra paranoid you could take the HD out of the laptop and swap in a dummy one whenever you leave.

GarIT

Its not that bad that they would need fake hard drives. Would truecrypt work the same on a mac?

moneymad

GarIT wrote: »

Basically I'm related to someone who is somewhat a celebrity. I rather not go into details here although it is relevant. They travel the world spending a lot of time in hotels, airports and those sort of places. They use both Mac and Windows but mainly Mac. What security precautions should they be taking to ensure their privacy?

They should use a vpn at all times.

Galia

Minimal ....
install pray on your computer .

it is a must have for everyone in my book no matter who you are if all fails and if it does go missing.

http://www.preyproject.com/

RUCKING FETARD

GarIT wrote: »

Would truecrypt work the same on a mac?

http://www.howtogeek.com/howto/20150/getting-started-with-truecrypt-on-mac-os-x/

SouperComputer

Using the OS X "Filevault" function for their user account is worth a punt. It converts the entire user folder to an encrypted disk image and mounts it seemlessly in the background.
It impacts performance somewhat but with an SSD it will be minimal.
Its only as strong as the password for the user account of course so basic password criteria should be met.
Should the laptop fall into the wrong hands the data in their user profile, would be difficult to gain access to without specialist knowledge.

His\her user account should NOT be an admin account.

VPN or other tunneling of internet traffic when using an untrusted connection is a good idea. This includes public networks that have encryption on them as your traffic is still visible to the others legitimately connected to that network.

On win7 I think I would just use EFS for the user profile folder rather than going full-on HD level encryption.

All depends on your level of paranoia. Ideally you want to keep as much critical data off the laptop as possible and use it as a means to access the data that's stored elsewhere only.

RUCKING FETARD

http://lifehacker.com/5900969/build-your-own-vpn-to-pimp-out-your-gaming-streaming-remote-access-and-oh-yeah-security

Capt'n Midnight

if it's only used for browsing / webmail then another option is have no data on the laptop and run it from a live CD ( install the live CD image on flash or hard drive as read only) use firefox with adblock / noscript

the above will also mean no windows updates so you won't get screwed on 3G charges.


set the BIOS password to match the HDD password


BTW
http://getfiregpg.org/s/home - FireGPG is discontinued