Timothy
Parker Consulting Incorporated
|
|
|
|
E-Z
Lock: Protecting your laptop Laptops
are ubiquitous: practically every business user has one.
Laptops are also stolen a lot: one in four will disappear this year, many
from airports. Up to now, the only
way to protect the data on your hard drive was to encrypt important information,
a time-consuming process. Other
than leaving your laptop chained to a desk, all you could do was hide it among
your carry bags and hope no one noticed. While
no device can prevent a laptop from being stolen, you can protect access to the
data on it a little better now, thanks to E-Z Lock.
Manufactured
by E-Z Lock PC Inc, E-Z Lock is a PC Card that plugs into your laptop. The E-Z
Lock card by itself prevents access to the laptop. The card is unlocked by inserting a smart card, a credit-card
sized plastic card with an embedded chip in the plastic.
The system administrator programs the card to allow access to the laptop,
then hands it off to the user. The
PC Card resides in the laptop permanently, requiring the smart card to be
inserted for operation. The user
requires a password when booting the machine with the smart card inserted into
the PC Card. When travelling, you simply keep the smart card in your wallet or
luggage away from the laptop. Without the smart card and password, your laptop
is just a hunk of plastic: the hard drive cannot be booted or read without
disassembling the entire machine. E-Z
Lock is available in Windows 95/98 and Windows NT versions, as well as NetWare
and some UNIX variants. (We tested
it on a laptop running beta 3 of Windows 2000 and it worked perfectly there,
too). Desktop versions of E-Z Lock
are available, too, but the primary market is going to be laptops. For desktop
users, a serial port version of the reader is available.
Even more useful is a Keytronics keyboard with the smart card reader
built in. Installing
and configuring E-Z Lock is simple. The
software creates an administrator login which is used to encode the smart card
for user access. The administrator creates a user profile for the laptop user,
then encodes the smart card and a password for that user. The administrator also
has the ability to limit access to specific applications through the user
profile software. For example, if
your laptop is used by more than one user, you can encode each user to limit
access to some applications (such as Internet access, accounting files,
sensitive material, and so on). A
neat feature of E-Z Lock is that it doesn’t disable a machine completely if
you don’t want it to. For
example, if you are using your laptop or desktop as a print server and want to
leave it running, you can remove the smart card preventing all access to the
machine through the mouse or keyboard. However, passthrough networking functions
such as network printing and shared directories are still available to other
network users. Working
with the E-Z Lock software was simple and self-explanatory.
When setting up smart cards for a number of users, a single administrator
card writer can be maintained with profiles of all the users.
Our laptops, once equipped with E-Z Lock, were as secure as we could hope
for. Casual attempts to boot
without the smart card are foiled immediately.
If you leave the smart card in the PC Card by accident or design, the
password is still required for access. If three wrong password codes are entered
in sequence during the login process, the entire card is locked out and requires
the administrator to reset it. We tried in vain to bypass E-Z Lock using a
variety of techniques such as modifying the BIOS, booting from floppies, and
trying to spoof over the network. E-Z Lock resisted all our attempts.
Considering
the almost negligible overhead E-Z Lock imposes on a user (inserting a card and
typing a password), as well as the small size and no impact on the system once
running, E-Z Lock is easily the best security system we have seen for laptops
and desktops. It functioned
flawlessly throughout our tests. Even
better was the knowledge that when travelling, while our laptop may not be safe
from prying hands, all the data on the disk drive was. That peace of mind is worth the price of E-Z Lock by itself. E-Z
Lock PC Inc |
|
Send mail to
tparker@tpci.com with
questions or comments about this web site.
|