HP 1 year Notebook Tracking and Recovery Service UL724E
This service provides Computer Theft Recovery, Data Protection and Secure IT Asset Management. The product is centrally managed by your IT department, and designed for customers with remote and mobile users. In the area of computer theft, the product deters theft, minimises computer drift and recovers stolen computers. If your computer is stolen, the Recovery Team works with law enforcement to track and recover it. The remote data deletion function (“Data Delete”) enables customers to remotely delete sensitive data on target computers that have been stolen or lost. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease. For IT asset management, this new service gives IT staff visibility to up to 100% of their connected computer assets, including the 40% of computer assets that Gartner Group says are unaccounted for at any given point in time.
This service tracks the location of your computer using a small and undetectable software agent (“Computrace Agent”), enabling the computer to report its location to the confidential and secure Monitoring Centre each day it connects to the Internet. As well as collecting location data, the Computrace Agent also collects user, hardware and software information to help you track and manage your remote assets. You can also set up a Data Delete request so that sensitive data on a stolen or missing computer is deleted the next time the computer calls in to the Monitoring Centre.
Users (typically IT departments) are able to view various asset management modules via the online Customer Centre website (“Customer Centre”). These modules (or reports) allow IT to better enable their organisation in the area of IT Asset Management.
The service is more than just software – it’s like having your own security team watching over your computer. Here’s how it works:
Click here to find out.
The Computrace Agent is extremely difficult to remove. The HP Tracking and Recovery service incorporates a self-healing technology that we call “persistence”, which essentially rebuilds the agent software installation even if the agent service is deleted by conventional means.
The self-healing function is not resident within the file system and is more difficult to detect and remove than “normal” software. The persistent and self-healing portion of the software is difficult to remove because it is stealthy. The software is normally removed only by an authorised user with the correct password. The self-healing feature will repair the service installation in newly formatted and installed operating systems as well as freshly imaged systems. This “persistent” design is maximized in laptops with the persistence module in the firmware.
There are two levels of persistence for the Computrace agent. The highest level of persistence occurs when the persistent module is embedded into the firmware of the computer. In this solution, there is no additional hardware or software configuration needed for the agent to be persistent.
The Computrace Agent is very difficult to detect. The Computrace software runs as a non-descript service, and is not listed as an application. As well, the product does not show up on the programs menu listing or as a system tray icon.
The Computrace agent has a very small footprint, requiring less than 100KB of disk space.
Computrace agent communications require very little bandwidth and should have a negligible effect on your network traffic. A typical agent call requires less than 200KB of bandwidth.
The Computrace agent is installed via a standard MSI and can be deployed using traditional software deployment tools or via imaging. The install of the Computrace agent also activates the self-healing capability in the BIOS (see the ‘”Can the Computrace Agent be removed?” section above).
The call frequency is typically set to once daily and is automatically reset to call every 15 minutes after a computer has been reported stolen or lost.
Yes. The goal is as close to zero-configuration as possible. In some configurations, older versions of the Computrace agent require the user to permit Internet access the first time it attempted to contact the Monitoring Center. Newer versions of our agent enhance the zero-configuration paradigm so that this first connection permission is not required.
Yes. Computrace will work over a dial-up connection or with any Internet connection (e.g., cable, DSL, wireless).
The remote data deletion function (“Data Delete”) of HP Tracking and Recovery service enables customers to remotely delete sensitive data on target computers that have been stolen or lost. If your computer goes missing, you can set up a Data Delete request so that sensitive data on the computer is deleted the next time the computer calls in to the Monitoring Center. It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease.
In order to use the Data Delete service, customers first sign a Pre-Authorization agreement. Customers who wish to use the data delete service must nominate a member of their own staff and complete a signed document to authorize control of this feature.
When a computer is lost or stolen, or when it’s ready to be disposed of or returned to a leasing company, and you wish to delete data on the remote computer, you can initiate Data Delete as follows:
No. The data is not recoverable. The Data Delete operation uses an algorithm that far exceeds the recommendations documented by the United States National Institute of Standards and Technology. For further details, see NIST Special Publication 800-88: Guidelines for Media Sanitization: Recommendations of the National Institute of Standards and Technology, referenced here. The "NIST 800-88" document provides the specifications for wiping disk storage to guarantee that all data previously contained on that magnetic media is permanently erased. When most computers delete a file, the computer does not actually remove the contents of the file but rather simply unlinks the file from the file directory system, leaving the contents of the file in the disk sectors. This data will remain there until the operating system re-uses the same sectors when writing new data. Until the old data is overwritten (which may take months or even longer) it can be recovered by programs that read disk sectors directly, such as forensic software. In addition, even if a sector is overwritten, the phenomenon of data remanence (the residual physical representation of data that has been in some way erased) can make deleted data forensically recoverable. In order to be sure that a file has been deleted properly, it is necessary to overwrite the data sectors of that file. It is not sufficient to erase or format the drive, as there are numerous tools available to recover “lost” data on disk drives.
This specification requires that every single location on a magnetic media device is written to three individual times, first by writing a fixed value (0x00) once, then its complement value (0xff) once, and finally random values once. The used Data Delete algorithm exceeds this standard by overwriting the data 7 times (rather than 3) and by performing additional operations. The algorithm:
No. There are no software-only solutions that adhere to this standard, as it requires physical destruction of the media by disintegrating, incinerating, pulverizing, shredding or melting the disk drive.
The Data Delete service is currently offered with 3 levels of Data Delete:
The Data Delete service (and the Computrace Agent) is currently offered on the 32-bit versions of Windows 2000, XP, Windows Server 2003 and all 32 and 64 bit editions of Windows Vista, and on Mac OSX10.2, 10.3 and 10.4. It is not supported on Windows ME, 98 or 95. Furthermore, the computer must be running Computrace Agent version 804 or above.
No. Data Delete will only run on local hard drives.
Data Delete will delete multiple partitions depending on which level of Data Delete is selected.
The Data Delete process creates an audit log verifying which files have been deleted. This audit log will be uploaded to the Monitoring Server and will be available within the Customer Center.
A number of checks and balances have been put in place to ensure only those personnel whom the Corporation authorizes are entitled to request the Data Delete service. Firstly, the signing officers of the company specify, in the Data Delete pre-authorization agreement, the Administrator-level Customer Center users (“Data Delete Administrators”) who are authorized to request a Data Delete. Secondly, these Data Delete Administrators are provided with a physical RSA SecurID® token, or receive an Authorization Code by e-mail for each Data Delete operation. Finally, the Data Delete administrator's email address must not have been changed in the preceding 72 hours. This last restriction applies only to accounts using emailed authorization codes. To initiate the Data Delete from Customer Center, the Data Delete Administrator logs in, launches the Request Data Delete screen, selects the computer and Data Delete options, enters either the value on the RSA SecurID® token display (which changes every 60 seconds) or their Authorization Code, and then reenters their Customer Center password to validate the Data Delete request. To sum up, the following safeguards are in place to prevent unauthorized Data Delete requests being performed:
If all the above conditions are satisfied, Data Delete will be set to run for that computer on the next Computrace Agent call. In addition to these safeguards, an email is sent to the signing officers on the Pre-Authorisation agreement when a Data Delete is requested, launched and completed.
No. HP cannot run Data Delete as it requires both a Data Delete RSA SecurID® token or a requested Authorization Code, which only the customer possesses, and a login/password.
Yes. The process is as follows:
Currently no, but the reality is that the vast majority of stolen computers find their way back onto the Internet fairly quickly, so Data Delete can usually be activated.
Internal theft accounts for up to 70% of all laptop thefts. In such a scenario, the user will know all the passwords and will not need to reinstall the operating system. When an operating system is reinstalled, on the other hand, the sensitive data has not been fully removed and there are many widely available tools that can be used to recover the data.
Data Delete will remove the data to Department of Defence and NATO specifications, ensuring the data can not be recovered. Also, performing a Data Delete on a stolen computer also provides the customer with an audit of what files have been deleted. This verification is very important in terms of regulatory compliance.
Not necessarily. To many organisations, protecting the sensitive data on the computer is more important than recovering the actual computer. Data Delete will provide this data level protection even after a common thief reinstalls an operating system.
The time it takes to perform a Data Delete varies according to the amount of data to be deleted and the speed of the computer. Typically, a Data Delete can take anywhere from 2 minutes to 10 hours.
Once the Data Delete process has begun, it can’t be stopped. If a computer is rebooted during this time, the Data Delete process will continue where it left off. If Data Delete has been scheduled on a stolen computer, but has not yet been initiated, you can cancel the Data Delete process from the Customer Center.
Encryption is a good start, but it does not address all aspects of data protection. Gartner Group estimates that 70% of corporate computer crime in North America occurs as a result of “inside jobs”. In this scenario, encryption offers little protection as the employee will have access to the encryption keys and hence the data. HP Tracking and Recovery service, on the other hand, provides the customer with an audit log of exactly which sensitive data has been deleted. This allows customers to verify that the sensitive data has been removed from the stolen laptop which is very important for regulatory compliance.
Computers that have the Computrace agent embedded in the firmware should have no compatibility issues with encryption products.
HP Tracking and Recovery service is fully compatible with all file-level encryption products.
Locks and cables are somewhat effective as a visible deterrent to external theft, but in practice, cables can very easily be ripped out of a secured laptop with a good, strong tug – with no tools necessary. Further, cables act as no deterrent whatsoever to the majority of laptop theft, which is committed by internal employees, who possess keys to the cable locks. As well, locks and cables do not offer protection for remote and mobile users as the lock will not be in use when the user is travelling, for example.
Asset tags have proven to be an ineffective theft deterrent: the tag is simply removed by the thief after the computer is stolen.
RFID requires that the assets RFID tag be within close proximity to an RFID reader. These readers are expensive and require significant resources to implement. Also, once a laptop is removed from close proximity to a reader it can not be tracked.
If the Computrace agent is unable to connect to the Monitoring Center during its regularly scheduled time, it will attempt to call every 15 minutes until successful.
The Monitoring Center can only be accessed via client-initiated Computrace agent communications. Access requires two-way authentication ensuring only valid Computrace agents can access the server. All agent communications are encrypted with RC4 128-bit encryption. All customers’call statistics and asset tracking data is logically partitioned into separate accounts. Access to this data via the Customer Centre requires user authentication on a secure login page requiring a username and password. Authorzsation is handled via user profile setup. Admin users have the ability to restrict power and guest users to groups of Electronic Serial Numbers (ESNs).
The Computrace agent has the ability to gather the following four categories of information, which are primarily data points to allow us to recover lost or stolen computers and to provide asset management of your computers: