physical security

How to Make a USB Thumb Drive Laptop Theft Alarm

Picture this: Someone tries to steal your laptop off your desk and as soon as they pull the plug from the wall, your latpop emits a screaming siren that won’t quit until your password is entered to unlock the laptop and disable the alarm.

There’s another scenario: You take one of your old USB thumb drives (maybe the one you used to make an anti virus bootable scanner) attach a chain to it and secure it to your desk; if someone tries to move your laptop, unplugging the USB thumb drive in the process, the alarm goes off.

This is possible because of an interesting piece of software called “LAlarm.” It’s free for personal use and there’s a nominal fee for commercial use. Download LAlarm from this link: http://www.lalarm.com/en/index.htm.

I tested this software by installing it on my Dell laptop. It works. You simply install the software, configure the options you want and restart your laptop. To set the alarm, you just press Windows key + L to lock the workstation. If anyone pulls the plug or removes the thumb drive, the alarm sounds.

There’s much more to the software than just an alarm. You can set the software to destroy your data in selected folders in the event of a theft. You can also set zones based on IP addresses and cause an alarm to sound if the IP address changes.

The theft alarm is not affected by the system volume control setting–it’s screaming loud no matter how you have your volume set.

It’s a very cool tool.

Security Maxims of a Different Breed

Search for “computer security maxims” on any of the top three search engines (Google, Yahoo, Bing) and my articles mostly dominate the results. So I was quite surprised that Security Now Episode #215, entitled “Security Maxims,” gave no mention whatsoever of my contributions to this subject over the past three years. Guess I’ll have to take that up with Steve and Leo. To be fair about it, though, the maxims that Steve talked about in the episode, composed by Roger G. Johnston, Ph.D., CPP of Argonne National Laboratory, Nuclear Engineering Division, are related to “…physical security and nuclear safeguards.” However, according to Johnston, “They probably also have considerable applicability to cyber security.” Many of them are also amusing.

Take this one for instance:

So We’re In Agreement Maxim: If you’re happy with your security, so are the bad guys.

Or this one:

Schneier’s Maxim #1 (Don’t Wet Your Pants Maxim): The more excited people are about a given security technology, the less they understand (1) that technology and (2) their own security problems.
Comment: From security guru Bruce Schneier.

How about this?

Byrne’s Law: In any electrical circuit, appliances and wiring will burn out to protect the fuses.

In all, there are more than 60 maxims listed. You can download a PDF of “Security Maxims” if you want to see more. I highly recommend you read them. You may learn something new. Like I did.

Now, I’m out of here. Have to go fire off an email to Steve and Leo…

Comments? Let me know what you think.

“I guess I forgot to lock the door.”

Physical security is something we often take for granted, but it can be just as important as cyber security. One of my clients recently called to say that some suspicious files had suddenly appeared on one of their servers. Naturally, I investigated, but I couldn’t find any breach in the firewall or any indication in the IDS logs that the network had been hacked from outside.

After spending a couple of hours digging around in the server logs, I finally dug into the registry and found that the files had apparently come from a USB device that had been plugged into the server around 9:30 pm on the day in question. Since only three people have access to the servers–myself, the IT Manager and the Controller–and none of us were guilty, I had to suspect that someone had gained unauthorized access to the server room.

Sure enough, the IT Manager recalled leaving early on an emergency the day of the incident and with a sheepish grin told me, “I guess I forgot to lock the door.”

We now have an electronic combination lock on the door and only the three of us have the code. The door automatically locks itself three seconds after it’s opened, so “forgetting” isn’t an option.

Lesson learned. Fortunately, the files were benign.