Extra Security for a Windows 10 Laptop

DollyTheSheep

I run a few of my websites with Filezilla FTP and have other business documents on my laptop. It is not encrypted, but does have the usual bootup password prompt with my name.

How secure is this and can it be bypassed? (you used to be able to bypass this with Windows XP)

I have been using the laptop for over a year now, so not sure how that would affect. So just looking for some general security info, so I can try and answer the "What would happen if this got stolen?" question i often ponder...

Can it be remotely wiped? Like with Google Android?

Browntoa

https://www.top-password.com/knowledge/reset-windows-10-password-with-hirens-bootcd.html

Says you can still bypass windows 10 passwords.

Set boot password in bios or disable CD drive until you need it

Browntoa

And disable usb storage to prevent that avenue for password hacking

https://www.isumsoft.com/windows-10/how-to-disable-use-of-usb-storage-devices-in-windows-10.html

techquest

As Browntoa says, yes W10 pwd's can be bypassed and I use hirens, with ease, to get into machines I work on, particularly if I have forgotten to ask the owner for the pwd.

Bios pwd's can also be hacked, a more complex process, as the checksum, set by manufacturers, can give a clue that can be translated if you know where an how to look.

In reality the most ardent hacker can get into a machine if they have to. But generally at such level it involves, high end equipment, even down to replacing a bios chip if needs be, and lots of time.

The one thing that loads of users do is fail to back up the important files/documents to a device external to their computer, sometimes the most costly drop off ever.

But don't loose sleep over this, do as Browntoa suggests, but be sure to never forget the pwd you set in bios, else you could be paying someone shedloads to crack it for you.

Heedtheadvice

Best idea if you cannot use removeable drives (hardly a proposition for laptops) that can be securely stored is drive encryption. I am a bit out of date now but there used to be systems shere the encryption key could be held externally (cd or usb stick) so you need both together to access. Copies of that external key can be held securely in case of loss of primary held key.


Bear in mind that no system of security is absolutely risk free and the object ought to be to make it at a level of difficulty to be compromised according to the result if that risk materialises. Perhaps you need to do a risk assessment for your business?


You may conclude that you need a level of protection and perhaps more importantly a backup regime in case of faults or disasters!

techquest

Spot on Heedtheadvice. Its the one thing that gets generally overlooked and in most cases the data stored on it is worth far more than the computer is worth anytime. Folk seldom think I wonder what happens if my computer gets trashed for some technical reason.

And as you say, if your really concerned about the stuff on it then encryption of the data or disk a good call.

John_Gray

If you have Windows 10 Pro or above, you could look at Bitlocker. [as techquest hints at]
Not available in Windows 10 Home, though...

Slithery

If you don't encrypt your drive then 'physical access = root access'. Forget about BIOS passwords and disabling USB boot as an attacker can simply pull the drive and attach it to another machine.

My drive encryption on my laptop needs a USB key (kept on a lanyard) and a passphrase to unlock.

that

on the workstation in the firewall only allow access via ftp port from and to your server ip

use netcat and metasploit and scan your workstation ip for vulnerabilities

Worry about encryption viruses types too

Frozen_up_north

I use Veracrypt to create an encrypted folder on my laptop. Keeping a copy of the folder on a USB stick. I securely delete temporary files using Bleachbit.

https://www.veracrypt.fr/en/Home.html

https://www.bleachbit.org/