security

[NoBob]

Hi,

Am going away on a trip and will be taking my T41. If it got stolen, I'd want the thief to have to trash the hard drive because they couldn't get through a security barrier. How do I set that up?

Also, is it worth downloading the software to "Maximize your PC's security by activating your IBM security chip now!"

Thanks,

NoBob.

[jdhurst]

You can put a hard drive password on the hard drive. Unless the thief is particularly capable or well-acquainted, they will not be able to start the hard drive. I have not implemented the security chip, so cannot say anything about it. ... JDHurst

[Greg Gebhardt]

Just how secure is the IBM security?

[T41mbi]

Well if people used the search function you would see my post about how easy it is to bypass the IBM client security software/hardware.

Anywhoo, to answer your question about how to lockdown your PC to make it unusable... depends on whether you want to spend money or not?

If you dont want to spend money best bet is to activate all the BIOS passwords (HDD, supervisor, booton etc..) and for the fun of it the IBM client security software... although all this stuff is very easily bypassed by the knowledgeable person..but your common thief won't know what to do.

If you are willing to spend money your best bet is to purchase some sector level encryption package. A sector level encryption package different from a normal software solution (e.g. PGP) because it encrypts the ENTIRE hard drive, its swap files and everything else in it with 256bit AES. On a good PC, e.g. a T41 (like mine) you will notice no difference in performance. So what this particular software does is like i said encrypt the entire hdd... when you boot it up you will come accross a BOOT AUTHENTICATION screen where you will need to enter the correct password (ideally 14-28 characters to stop the brute force approach of hacking) which will unlock the computer.

[T41mbi]

though of course a thief could always replace the hdd

oh and even though the bios security aint top notch you should still use the security features mentioned above... expcept IBM CSS because i think for the resources it takes up it aint worth it.. better 3rd party options

And its restrictions on a 8 character max adminstrative password is pathetic i could brute force that sucker easy.... but of course they (IBM) have to intentionally weaken the security software to stay in line with US Laws etc...

[Greg Gebhardt]

Not that good is what I thought. You confirm it.

[leesiulung]

Well, T41mbi, I did a search like many of your posts suggested and found no information regarding how to break the client security system... how bout u post a link to ur previous posts?

Thanks

[T41mbi]

http://forum.thinkpads.com/viewtopic.ph ... highlight=

If you are trying to bypass the IBM Secure Login just boot in safemode and it will revert to the windows logon. - This is a obvious flaw.

If you are trying to access encrypted containers, you have to obtain the adminstrators password which is not to hard considering that IBM provides many of the password requirement variables in their manual, they also limit it to a measly 8 character - their password requirements are not their to make it more secure, quite the opposite, to make it less secure. So a very simple brute force attack will solve that.