header image
 

Proactive approach to data/hardware recovery

 July 18, 2010 • No Comments

Sitting on my sofa reading up on new security software I began to reflect on the security software and hardware that I use on a regular basis to protect my most valuable assets. I rarely think twice about the security mechanisms in place to recover my valuable possessions and priceless data but am reminded about how important this software and hardware can be when I read a report about a stolen laptop or missing iPhone where the victim has no tracking or recovery tools in place.

I’m not wanting to dive into specific details nor am I endorsing any of these products but I do want to give you a general idea of what is out there and, specifically, what I use to protect my property.

  • Vehicles

    • OnStar
      General Motors provides a service call “OnStar” that uses global positioning data (GPS) transmitted via cellular networks to track and recover stolen vehicles (1). OnStar also provides additional services such as hands-free calling and navigation via the OnStar system. To check if your vehicle is OnStar capable visit: http://www.onstar.com/web/portal/newvehicles or http://www.onstar.com/web/portal/preownedvehicles. My personal experience with OnStar has been very positive. I’ve activated the OnStar service on my wife’s vehicle and she uses it regularly to report accidents and get vehicle maintenance reports. Hopefully we’ll never have to use it in a theft.

    • Lojack
      I don’t use this service on any of my vehicles but there is also Lojack. Lojack works by utilizing a radio transmitter that, when activated, allows law enforcement officers equipped with a Lojack tracking unit to track your vehicle to a specific location. One benefit of Lojack is that it doesn’t require “line of sight” to work. Lojack uses radio which can work indoors unlike GPS which requires line of sight to the sky to communicate with GPS satellites (2). You can view the Lojack automotive page here: http://www.lojack.com/car/pages/car.aspx
  • Computers

    • Lojack for Laptops
      I mentioned a tracking system for vehicles called Lojack. Absolute Software provides a computer tracking solution called “Lojack for Laptops”. Don’t confuse Lojack for Laptops (LfL) with the Lojack for automobiles as LfL doesn’t use a radio transmitter to track your hardware. LfL uses software installed on the computer to report information such as IP address (your “address” used to identify your computer on the Internet) and location via IP address and GPS*. LfL also enables the owner/user to remotely delete data on the stolen computer in the event that you have sensitive data that you don’t want in the hands of a thief (3). Some computers have additional systems in place to allow the tracking software from LfL to automatically re-install in the even that the system’s hard drive is erased or replaced. This adds an additional layer of protection to mobile computers. These systems are integrated into the computer’s BIOS from the system manufacturer (4).  More information about Absolute’s Lojack for Laptops can be found here: http://www.absolute.com/en/

    • Apple’s “MobileMe”
      When my wife and I purchased our iPhones we signed up for Apple’s MobileMe. MobileMe provides many resources to the iPhone user such as wireless data synchronization but for me, more importantly, “Find My iPhone”. Find My iPhone uses cellular data to display an approximate location of the iPhone in question. In addition to locating the iPhone, Find My iPhone also allows the user remotely lock the phone (in the event that you have not set a passcode lock on the device) and, if all else fails, the ability to remotely erase all data on the phone. Find My iPhone can be very useful to law enforcement in the event of a theft… just don’t go looking for the phone yourself; leave it to the pros. More information about MobileMe can be found at http://www.me.com

Of the four solutions I’ve listed the only one I don’t use for myself is Lojack (for automobiles). I have used Lojack as a law enforcement officer and tracked a stolen vehicle using the Lojack tracking equipment (I did locate the stolen vehicle). I’ve used OnStar to locate a stolen vehicle as well and it is spot-on when it comes to location. The dispatcher was able to communicate with OnStar’s customer support and give me an exact intersection that the vehicle was close to. I have also used Lojack for Laptops to recover a handful of stolen laptops from a school here in New Orleans. Though I didn’t recover the computers myself, I did take the initial report and assist the school in reporting the laptops stolen to Absolute. The laptops were recovered a short time later in a neighboring parish.

It is important to remember that these services are not free. It is equally important to remember that these services require installation or activation before a theft occurs.

I’m sure there are more services out there that I don’t know about but as for now I’ll stick to the ones I’ve listed above as they seem to be the most reliable and the ones I’m most familiar with.

1: http://www.onstar.com/web/portal/onstartechnology
2: http://www.lojack.com/car/pages/car-works.aspx
3: http://www.absolute.com/en/lojackforlaptops/technology.aspx
4: http://developernet.absolute.com/products-bios-enabled-computers.asp

*I’m still trying to figure out how the GPS portion of LfL works. LfL lists “Geotechnology” as an additional took in tracking a stolen computer but I can’t find any specific details on how it works or how to configure GPS tracking. See: http://www.absolute.com/en/lojackforlaptops/features.aspx

Nice gadgets for Windows 7

 July 3, 2010 • No Comments

http://blog.orbmu2k.de/

(it’s in German)

iTap RDP for iPhone: A must have for IT admins!

 June 29, 2010 • 1 Comment

I recently dumped my Blackberry Bold 9000 for an Applie iPhone. I wasn’t displeased with the Blackberry but from an administrator viewpoint I can manage better FROM my iPhone than I could from my Blackberry. Not sure what I’m talking about? Have you tried to use RDP from the Blackberry Bold?

I’ve been using the iTap RDP client on my iPhone for two weeks now and have no complaints whatsoever. I can manage my server (2K3) anywhere there is a stable cellular or WIFI connection literally from the palm of my hand. Whether you manage and run a small shop in your spare time (like me) or manage a large enterprise the iTap RDP client for the iPhone is a must have! I don’t have to be around a computer to unlock user accounts or troubleshoot problems. In addition to the ease of use, iTap RDP also supports NLA and TLS; a big must for me. iTap RDP uses various finger motions to control how the application works eliminating the need for static buttons using valuable screen space.

Here are a few screen shots from my iPhone 3GS (running iOS 4.0)

iTap RDP will only set you back a few dollars but it is definitely worth every penny. http://itap.mobi/itap-rdp

Using ROBOCOPY in Server 2003 to backup files with EFS

 June 27, 2010 • 1 Comment

Sorry, no pictures in this post. I’m writing this on the go.

Off and on for the last two weeks I’ve been troubleshooting a problem with a batch file that I wrote to move Windows’ .bkf files. The problem came when I used the Encrypted File System (EFS) to encrypt the .bkf files and ran my batch jobs under a special account just for running tasks.

Windows Server 2003 creates a backup one day a week of ALL the files on my server (system image, domain user files, administrative files… EVERYTHING gets backed up). Once windows backup is finished I get a ~123GB .bkf file called “System backup.bkf”. The backup was created using the Windows backup utility and is set to run via Task Scheduler.

Once the backup is created, Windows encrypts the file using EFS (the parent folder is set to enable EFS on all child folders/files). After everything is encrytped I have a batch file set to automtically run that renames the .bkf file to the date that it was created so I can track what backups are for what weeks of the month.
The nitty gritty rename batch file: ren “E:\New_Backups\System backup.bkf” %date:~4,2%-%date:~7,2%-%date:~-4%.bkf

Everything is stored on two mirrored 1GB hard drives. Due to size limitations I only keep a total of four backups on hand at any given time (one month total). Every two weeks I have two .bkf files automatically created by the Windows backup utility and are stored in a folder called “New_Backups”. On the third week one day before the third backup is created (remember one backup a week) I run a batch file using ROBOCOPY to move the .bkf files from “New_Backups” to “Old_Backups”. The robocopy commands will overwrite ALL files on the “Old_Backups” folder once a file is copied from the “New_Backups” folder. This solved my space limitation issue so that I don’t have five, six, seven backups clogging up the hard drive.
The nitty gritty move new backups to old backups batch file: robocopy E:\new_backups *.bkf E:\old_backups /R:0 /LOG+:E:status.txt /MOV /PURGE

Well I haven’t been able to move the .bkf files to the old backups folder due to some unknown reason. Task scheduler gives me status code “0xff”. Google searching has turned up little results. After a lot of testing, editing, and re-testing I figured out what the problem was. For some reason, even though my tasks are run using a special account I created just to run tasks, that special account can’t read the .bkf files once they are created due to EFS restrictions. I figured this out by adding the “/LOG+:E:status.txt” line to my batch file. This enables ROBOCOPY to dump a log file to “E:” under name “status.txt”. That text file stated “access is denied”. Once I figured out that my special account was restricted due to EFS I sovled the problem by exporting the EFS key used on the account that I created all of this in, logging in on the server using my scheduler account, and importing my EFS key. You can read on how to export your EFS key here: http://support.microsoft.com/kb/241201

New versions of ROBOCOPY allow you to use /EFSRAW but this is only for Vista and above and Server 2008; the /EFSRAW switch isn’t available in XP or Server 2003 so in order to have ROBOCOPY read your EFS’d files you have to import the EFS certificate into your user account. Now my task scheduler account can move .bkf files around without issue.

I came across a lot of threads during my Google search of folks having a similar problem that I’ve had. If you are using ROBOCOPY to copy your EFS files and aren’t having any success check that your account has the EFS certificate in your certificate store and is able to read your EFS’d files.

« Previous Entries