corporate IT policy and carry-on laptop ban: laptops with easily removable drives?
#31
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,620
Our policy has always been that people travel overseas with disposable, factory-fresh laptops. At the destination, VPN established, laptop is re-loaded from the server. Before heading to the airport, laptop connects back to the office, uploads any final changes, then laptop gets wiped to factory-spec.
How much this has changed.... I remember back in the day when we were most concerned with laptops getting stolen. Now we're most worried about governments, especially the U.S. government, stealing the data.
How much this has changed.... I remember back in the day when we were most concerned with laptops getting stolen. Now we're most worried about governments, especially the U.S. government, stealing the data.
#32
Join Date: May 2013
Posts: 916
Our policy has always been that people travel overseas with disposable, factory-fresh laptops. At the destination, VPN established, laptop is re-loaded from the server. Before heading to the airport, laptop connects back to the office, uploads any final changes, then laptop gets wiped to factory-spec.
How much this has changed.... I remember back in the day when we were most concerned with laptops getting stolen. Now we're most worried about governments, especially the U.S. government, stealing the data.
How much this has changed.... I remember back in the day when we were most concerned with laptops getting stolen. Now we're most worried about governments, especially the U.S. government, stealing the data.
I hear SSD cannot be completely wiped , anyone know for sure ?
#33
FlyerTalk Evangelist
Join Date: May 2002
Location: Pittsburgh
Programs: MR/SPG LT Titanium, AA LT PLT, UA SLV, Avis PreferredPlus
Posts: 31,005
There are many utilities/articles on how to wipe a SSD, and on quick read, none say "you really can't".
I suspect many folks don't know their laptops/notebooks are actually encrypted. Bitlocker is pretty unobtrusive.
I suspect many folks don't know their laptops/notebooks are actually encrypted. Bitlocker is pretty unobtrusive.
#34
Join Date: Mar 2005
Programs: BA, Virgin, Lufthansa
Posts: 183
It's complicated…
SSDs (and most modern spinning rust) has a mapping layer between the address the computer thinks it's writing to and where the data is actually stored.
In the case of SSDs, this allows data to be moved and storage locations to be remapped if there are bad cells etc.
Challenge becomes if a location has been remapped then normal write operations won't reach the original location.
There's a special operation supported by some drives to overcome this (http://www.kingston.com/en/community...l?ArticleId=10) but AFAIK simply deleting everything on the SSD won't achieve the same aim, and I'm not sure how good the implementations of HD sanitisation are.
SSDs (and most modern spinning rust) has a mapping layer between the address the computer thinks it's writing to and where the data is actually stored.
In the case of SSDs, this allows data to be moved and storage locations to be remapped if there are bad cells etc.
Challenge becomes if a location has been remapped then normal write operations won't reach the original location.
There's a special operation supported by some drives to overcome this (http://www.kingston.com/en/community...l?ArticleId=10) but AFAIK simply deleting everything on the SSD won't achieve the same aim, and I'm not sure how good the implementations of HD sanitisation are.
Last edited by dajdavies; Apr 5, 2017 at 1:39 pm
#35
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,620
We bring it back. Drives get wiped before getting to the airport. Keep in mind, these are "disposable" laptops, ie: junk. So none of ours have SSDs in them, just old HDDs we've ripped out of other computers. The additional benefit of it being a ratty-looking laptop is that sticky fingers are less likely to pinch them. They're also old/ratty enough that if need be, they can be left behind.
#37
Join Date: Apr 2000
Location: Wash DC
Posts: 95
I'm not in IT but I have to help a friend who might travel on these affected routes. He uses Outlook locally on his laptop from a PST (using a POP account). say he doesn't want to use gmail, etc, how can we keep his email sync'd between home and a new burner laptop? he is an individual, not using exchange or some other corporate solution. thanks
would you use office 365? tx
would you use office 365? tx
#38
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,156
I was travelling on an affected route on day 1 of the new rules.
Our IT departments advice was basically (only slight paraphrased) "Use bubble-wrap".
So... yeah...
Our IT departments advice was basically (only slight paraphrased) "Use bubble-wrap".
So... yeah...
#39
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Amusingly, some of the oldest storage mediums are the most reliably controlled for complete data wipes.
#40
Join Date: Jan 2007
Programs: No single airline or hotel chain is of much use to me anymore.
Posts: 3,279
#41
Join Date: Jan 2007
Programs: No single airline or hotel chain is of much use to me anymore.
Posts: 3,279
#42
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,156
They can, but the procedure for doing it is a little different than for HDDs. If you follow then incorrect procedure then it may be possible to recover a small amount of fragmented information even after they have been wiped. In most cases this is more theoretical than real, but depending on the security required from the data it can be a real issue.
If an SSD (or even HDD) supports encryption - even if that encryption isn't 'turned on' - then there's a very simple way to "erase" an SSD which is to trigger it creating new encryption keys. This doesn't wipe anything from the disk as such, but without the old encryption keys the data is completely unreadable. In 99+% of cases, this provides a perfect way of "erasing" an SSD.
(FWIW, this works even if encryption isn't 'enabled' on the drive, simply because encryption is *always* enabled on these drives - the data itself is always encryption, it's just down to whether the security layer around the key management is enabled or not, which is what changes when the 'enable' or disable encryption on the drive)
If an SSD (or even HDD) supports encryption - even if that encryption isn't 'turned on' - then there's a very simple way to "erase" an SSD which is to trigger it creating new encryption keys. This doesn't wipe anything from the disk as such, but without the old encryption keys the data is completely unreadable. In 99+% of cases, this provides a perfect way of "erasing" an SSD.
(FWIW, this works even if encryption isn't 'enabled' on the drive, simply because encryption is *always* enabled on these drives - the data itself is always encryption, it's just down to whether the security layer around the key management is enabled or not, which is what changes when the 'enable' or disable encryption on the drive)
#43
Join Date: Jan 2003
Location: Manchester, United Kingdom
Programs: Hilton Gold, Priority Club Blue, SPG Gold, Sofitel Gold, FB Ivory, BA Blue
Posts: 8,479
Our corporate IT mandates the laptop's hard disk is fully encrypted, and there's no specific rule about checking in or not. Ultimately, the safest way to protect corporate data is not to transport it over borders where there are other options (VPN, once you arrive, for example).
#45
Join Date: May 2003
Location: Cleveland, OH
Programs: UA-GS 1MM), Hertz Pres Circle, Starriott Titanium)
Posts: 1,966
Encrypted laptops certainly protect against third party theft, but the real danger with crossing borders is the "Unlock it or else" extortion employed by CBP. Encryption does nothing to protect against that. I guess the 4th amendment was the first to go.