Laptops present major security concerns

Dave Nelson, NASA's deputy chief information officer, is like most federal

managers when it comes to issuing agency employees laptops. Stolen data

and lost laptops top his list of concerns.

"We have a number of laptops, and we are very worried about them, especially

data loss with NASA files out there, outside of the network," he said.

Not only can someone steal the data off a laptop, but information security

managers must also worry about protecting files during the transmission

between the laptop and an agency's internal network.

Technology can solve these issues, but there is one thing that can never

be guaranteed. "There are information security risks, but we think they

are manageable with the right tools and technology," Nelson said. "We are

most concerned about loss and theft. Laptops are fairly attractive targets."

NASA uses data-theft detection tools and full data encryption to foil

would-be thieves and hackers. The space agency also is considering theft-deterrent

tools, he said. In general, such tools include locks that secure the laptop

to a desk and secure briefcases. NASA also has limited access to agency-issued

laptops to those who really need them, such as employees who travel frequently

and those who need to work at home.

The Cummings bill, which would give just about every government employee

a laptop, could make managing the risk a lot more complex for IT managers,

Nelson said. "There are all kinds of logistical and security issues there,"

he said.

Industry is devising security solutions, specifically for the home computer

user and mobile worker. The key: simplicity. Almost every firewall, intrusion

detection and virtual private network (VPN) vendor is making it much easier

for people with little technical knowledge to use the often-complex security

solutions.

"As one of my colleagues put it, he wanted to make sure even his mother

can use it," said Adi Ruppin, managing director for SofaWare, part of Check

Point Software Technologies Ltd.

SofaWare does not place firewalls or VPN software directly into laptops.

Instead, it places a security layer at the network connection within the

home, at the device that a digital subscriber line or cable modem hooks

into in the home. SofaWare works with the DSL or cable carriers to insert

Check Point software directly into the device so that any laptops or PCs

in use in the home do not need firewall or VPN software placed in the unit

itself.

Check Point, Nortel Networks Corp. and many other VPN companies also

have solutions that provide security to users who connect to an agency's

network from the outside.

Nortel is offering new features on its VPN, including several options

that make the connection process transparent to the user. One option will

launch, connect and terminate the secure session when the users open and

close their applications, said Sam Dews, a systems engineer for Nortel's

federal operations division.