http://orbit.virtualcomputer.com/forums/ Join the discussion en Thu, 09 Feb 2012 10:46:46 +0000 http://orbit.virtualcomputer.com/forums/topic/remote-kill-of-a-lost-pc#post-31 Fri, 21 Aug 2009 18:09:33 +0000 Evan Karp 31@http://orbit.virtualcomputer.com/forums/ <p>[Admin Note: This is an archived thread from the old Virtual Computer Forums.]</p> <p>Perhaps I missed this during the demo but there's been a lot of discussion on the VC blog and such concerning the ability to kill a remote PC when it goes missing. I've been thinking about it for awhile and I am wondering if this ability is a bit overstated.</p> <p>We operate in a large healthcare environment and as you can imagine deal with a large amount of data that adheres to HIPAA and more importantly the NYS Data Breach Notification Act. As a result we've gone through steps to make sure all notebooks and desktops are covered by a full disk encryption package. As part of that process we investigated the ability to render a stolen machine useless. This same process was also an issue with our handheld devices as a vast majority of physicians are utilizing their Blackberries, Windows Mobile, and Palm devices. One of the major features touted was the ability to remotely wipe/lock a device (ie. from the BES, WM Device Admin, and the encryption package we chose). </p> <p>The two primary options for securing a lost device were either through an active communications channel where the device would check in and receive a wipe command before the thief could make use of the device or by implementing a check-in requirement which would render a device useless after X days/weeks, etc. </p> <p>The problem with a check-in is that during that time period the device is susceptible to hacking attempts. Obviously the workaround is to have the device go into complete lockdown if X login attempts are unsuccessful. The reality of that option is we found that users are too stupid to understand this problem and when faced with a forgotten password (or their num lock key turned off) they would routinely "brick" their machines. We went so far as to set the threshold to 30 failed logins and still received a high enough percentage of failures that it was decided it was too much of a hassle. Especially when a high ranking executive managed to kill his notebook while on a business trip in China.</p> <p>The problem with sending a remote wipe command to a device is that it actually needs to be on a network to communicate before this will function. For the average theft this might prove useful, however we've had a multitude of stolen devices that never again checked back in with our systems. This could be because the device was destroyed when it was lost or it could be that the thieves simply hard reset the device thus destroying the data on it. Either way the bottom line is that the device never phoned home again and therefore we had no ability to remotely wipe it. I would imagine that this is even more difficult in a notebook scenario.</p> <p>In our case I don't believe we are facing a willful effort to compromise our data by individuals outside of our organization. Therefore I am sure that most thefts are those of opportunity and not those seeking to gain access to patient information, etc. Because of this we do feel adequately protected (well, the people who make the financial and operational decisions feel that way) and so we have these features although they are rarely used. </p> <p>I guess my question is that in the average environment will highlighting this feature really prove useful to the marketing of NxTop? I am sure it sounds great as those features did when various security companies were courting us to use their software, but the practicality of the feature was quickly realized in our environment. Of course as I said in the beginning perhaps I missed some cool new way VC is implementing this feature and my entire diatribe can be forgotten.</p> <p>Just trying to generate a little discussion :-)</p> <p>[Admin Note: Originally posted by randyf25] </p>