I want a Model 22 HDD Hard Drive Disintegrator

Here at Microsoft we have an active internal discussion group where most security-minded folk hang out. The topic of data destruction came up recently, it’s actually a lot more difficult than most people think. CIPHER /W and SDELETE do a reasonable job, but they aren’t perfect: the paper One big file is not enough: a…

10

Protect your data: everything else is just plumbing

Take a few moments and indulge in a thought exercise with me. Consider your company’s complete collection of information processing assets—all the computers, the networks they’re connected to, the applications you use, and the data and information you manipulate. Which of those is the most valuable? Which—if it suddenly and tragically disappeared tomorrow—would jeopardize your…

7

BitLocker command line interface

Last week at TechEd Europe I showed the BitLocker command-line interface. At other TechEds I’ve mentioned it but didn’t show it. The CLI provides full control over BitLocker, including enabling it on any NTFS volume on the system (the Control Panel UI displays only the volume containing the operating system). To run it: Open an elevated command prompt…

15

Why administrative passwords will never be like nuclear missile launchers

During the past few months many people have lamented that Windows lacks a nuclear missile style control option for administrator passwords. Surely you’ve read about or seen photographs of missile silos where two operators, separated by a distance greater than the span of a single human’s arms, must each simultaneously turn a key in a…

11

Domain controller security: it starts at layer zero

Recently I seem to have had the same conversation over and over again, in places as far apart as Jakarta, Winnipeg, and Berlin. The question is usually worded like this: “What happens if someone steals one of my domain controllers?” There is, essentially, only one correct answer, which is this: “You flatten and rebuild the…

8

New column -- The case of the stolen laptop

Seems like once a week I hear from someone worried about stolen laptops — or, worse, just joined the ranks of laptop theft victimhood. The best way to stay out of that club is to keep the thing with you at all times, or leave it in your hotel room when you don’t want to carry…

2