Mobile computing and communications devices, such as Laptops, tablets and Smartphones are massively
adopted by large organisations and SMEs for their portability, functionality, and usability.
If these devices are lost or stolen, it is vital that the interception of such a device cannot present a risk of
data leakage or unauthorised access to corporate network resources.
A Lost or Stolen Laptop Assessment is a test to determine how much information can be gained from a
mislaid laptop, which ranges from almost nothing, (which would be very unusual), right up to all the information
held locally, including details to achieve remote access
A Lost or Stolen Laptop assessment is usually based on a typical user’s laptop bag, including all the information that would typically be in the same bag as the laptop.
The scope is something that can be discussed over a review call and subject to different client requirements. The best test is to simulate a real-world scenario, rather than to analyse a laptop that has been separated from its owner, had its post-it notes removed, notebooks retained and anything else which would aid an attacker in trying to gain access to the device itself and onwards to the corporate network.
The following high-level areas are analysed in this assessment:
• Insecure storage or logging of passwords
• Cached or unlocked credentials
• Missing Security patches
• Boot process analysis
• Device/Disk Encryption
• Password brute force attack/ weak password policies
• Sensitive data disclosure
• Information Leakage •
Local Security Policy Circumvention Analysis and Exploitation
The assessment commences, analysing the findings and attempts made, where safe and permitted, to exploit any vulnerabilities discovered.
If access is gained to the laptop, attempts will be made to access key systems on the internal network.
Reporting The assessment is documented in a simple, easily digestible, format.
Lost or Stolen Laptop
How far can an attacker get if you mislay a company laptop?
Nowhere?, on to the device itself?, or right into the heart of your