Laptop Security


#1

Hi,

Am currently in the process of applying for a Lottery grant for the squadron, we are looking to purchase approximately 10 Laptops so the cadets can do there leadership courses etc… part of our application will include internet security, does anyone currently use a certain type of security they can recommend please and approx. cost per laptop/computer per year…

Thanks in Advance

Carl


#2

buy a Mac, turn on the firewall, enable stealth mode, keep it up to date.


#3

People may disagree, but I have found that the built in Windows 10 ‘Security Centre’ provides enough protection against threats.

At my squadron we also filter internet access so cadets (and staff!) can only access appropriate content. We use the service found here: https://signup.opendns.com/homefree/
It’s quite easy to set up if you know how to login to a router and once it’s been set you can forget about it.


#4

I agree that Windows 10 is fine without anything else. Of course you need to control Internet access, and the Cadets don’t get an admin level user name or names, but the two for club members at the gliding club haven’t had problems.


#5

I have to admit to using an iron key to keep stuff from the cadets on as a added security aid


#6

Sophos Home is a free solution paid for by commercial customers based on the fact that if home computers are protected then it will be easier to protect commercial networks.

https://home.sophos.com/en-us.aspx


#7

Bit of topic I know but problem is we are expected to follow MOD rules, on laptops we buy, on internet we put in and access mod sites via non secure access from buildings that in most cases are only used once or twice a week and therefore are at risk of break ins, I’m.luckly I have an armed guard, internet put in and paid for by RFCA but most dont


#8

Are you in a special environment?


#9

Avast is the best in my opinion. Also free.

Made by geeks for geeks.

In 9 years of using it, (touch wood) have never had ANY issues.


#10

I’m a fan of Avast.

I’ve been through Norton, Sophos, McAfee and others over the years - all seem to clog up lots of system resources. Avast has stayed pretty clean and bombproof and not presented me any issues.

I’m intrigued by the thought that we need to have MOD Rules on laptops?? Where has that come from??? And what are they??


#11

Built in security for Windows 10 and Mac should be enough so long as it is monitored and updated regularly.

Make sure you get something that is compatible with bitlocker disk encryption if going for Windows.

Physical security over night may also be a consideration so a laptop charger and security bay can be a useful addition for this type of grant.


#12

Not really necessary: you won’t be holding anything confidential on it anyway!


#13

I’d counter that with ‘you don’t intend to hold anything confidential on it’ but all it takes is a Cadet to use the laptop to download a TG form and to complete it on that laptop digitally before printing then not delete the file after.

Also, if the laptop is ever then re-purposed for admin use in the office it gives peace of mind.


#14

To keep things as simple as possible, assume each of these laptops will be lost, stolen, infected and hacked.

So the precautions to take are:

  • Install any of the numerous free AV packages or rely on Windows 10 protection.

  • Do not permit any of the laptops to connect to your internal admin network, only allow them to connect to the internet.

  • Create a full set of installation discs for each laptop (and remember to record the license details somewhere secure and always available - e.g. on Bader :slight_smile: ); so when a laptop is infected, etc. you can wipe it and start again with a fresh install.

  • Create one staff user account, one cadet user account and one admin account on each laptop (store the admin credentials for each laptop somewhere secure, etc…).

  • On your Acceptable Use Policy (that all your staff and cadets will read and sign) make it 100% clear that the laptops are NOT secure and that no personal information is to be stored on them; also that the laptops are not backed-up and anything saved on a laptop will be deleted without notice.

  • Spend your future parade nights sorting out laptop issues!

The problem with squadron laptops is that they will be used perhaps 2 or 3 hours a week; they spend the majority of their existence either sitting in a cold (possibly damp) cupboard or permanently on charge - and regardless of improvements in battery technology, it’s still not good for them.

At the moment, I’m looking at a Raspberry Pi solution - so a classroom with 10 or even 20 Pis is a very cheap solution; even if you factor in the cost of monitor, keyboard and mouse, it’s looking like a seriously good approach!

Also, if a Raspberry Pi gets infected or trashed, simply re-write the microSD (from the master copy that you’ve kept secure, etc,) and start again.

Perhaps this should come under the things that make me laugh or grind my gears topics because individual squadrons shouldn’t be re-inventing the wheel - there should be one simple IT set-up that can be rolled-out to every Squadron.


#15

Also, don’t leave it on a train.


#16

You (or Civ Com) can also apply via Tech Trust for free or discounted software including security packages and Office.


#17

Go for Chromebooks. Cheap, simple, can’t really install any additional bumpf, but fine for web browsing and basic slide deck building. Cadets don’t need any more than that.


#18

If you want to go all out and have Windows 10 Enterprise or Education, you can enable the Unified Write Filter to protect the C Drive. Then your users could do whatever they wanted, everything would disappear when it reboots.


#19

Also consider (and I strongly recommend) using a form of configuration management like Puppet.


#20

If you’re thinking about Pi’s then how about fractionally more expensive second user desktops. They can easily be installed with Linux the same way as the Pi’s and you get a bit more horsepower.

The built in firewall and whole disk encryption should keep the naughty people out.