What is Remote Lock?
Remote Lock enables administrators to remotely lock a device or system. Remote lock features are often part of security systems that address data breach risks introduced by “bring your own device” (BYOD) policies or security gaps in distributed companies. Remote Lock can consist of forcing a reboot, logging out current user sessions, or placing a firmware lock on the device.
DriveStrike explains Remote Lock
So let’s review the various types of lock in more detail, starting with the least aggressive form and working our way up to the most aggressive:
- Account Disablement – When a Remote Lock is executed for Windows and Linux devices, all sessions on the device are logged out, the device is rebooted, access to existing accounts is blocked and anyone with physical access must await a Remote Unlock before being able to use established credentials to log back in to the device.
- Forced-Logout – When forced-logout is executed, all sessions on the device are logged out and anyone with physical access is required to use established credentials to log back in to the device.
- Forced-Reboot – Forcing a reboot is a heavier-handed approach since any work not saved may be lost. If no additional security is in place, its result compares to forced-logout where all you need is the existing credentials to regain access. However, if you have a pre-boot passcode, BIOS security setup, or whole drive encryption enabled, a forced reboot can more securely protect data on the device.
- Remote Forced Passcode Reset – Resetting a passcode changes the device credentials, requiring a user to re-authenticate using the newly established credentials. This option is usually deployed when an employee is terminated or quits the company but fails to return company computing devices to preserve confidential company data while preventing access by the former insider. This approach also makes it clear to any former employee that tampering with the device is intentional and willful misconduct.
- Remote Firmware Lock – Is an excellent feature that requires a remotely defined PIN code to unlock the hard drive. In this scenario the device cannot be started without the special PIN code and often renders the hardware itself of no value to a thief. Apple computers employ this model and it is very effective, provided FileVault drive encryption is enabled. Without it, the firmware lock cannot protect data if the drive is removed and connected as an external drive.
DriveStrike Remote Lock by Operating System
- Windows – On Windows devices we recommend using remote lock when you are simply trying to ensure the device users are locked out, we do not yet offer the ability to remotely change the credentials on Windows devices. When remotely locking a Windows device DriveStrike disables all existing Windows users so if there are services being hosted on the device they will go down with the remote lock. The Windows device must be online to remotely unlock the device. If you have a pre-boot, BIOS security, or whole drive encryption deployed we suggest using our remote reboot option to generate an effective remote lock. Otherwise we suggest initiating a remote wipe for any suspected lost or stolen device.
- Mac – For macOS devices, a remote lock reboots the machine with a firmware passcode you specify when requesting the remote lock in DriveStrike. The only way you can use this machine moving forward is to enter your specified passcode – even if they replace the hard drive. That said, if the existing hard drive is not encrypted the data on that drive is NOT protected from being accessed if the attacker removes the drive and connects it to another computer as an external drive. We recommend initiating a remote wipe for any suspected lost or stolen device.
- iOS – On iPhones and iPads a remote lock will only logout the user and require that they enter the existing passcode – biometrics like fingerprints and facial recognition are not allowed until the user enters the existing passcode. We recommend initiating a remote wipe for any suspected lost or stolen iOS device.
- Android – On Android devices we recommend using remote lock when you are simply trying to ensure the device users are logged out, we can only offer the ability to remotely change the credentials on Android devices using API Level 23 or lower, this is not something we can control since Google is in charge of the available actions. We recommend initiating a remote wipe for any suspected lost or stolen device.
- Linux – On Linux devices we recommend using remote lock when you are simply trying to ensure the device users are locked out, we do offer the ability to remotely change the credentials on Linux devices. When remotely locking a Linux device DriveStrike blocks the device from booting to a point where credentials are available so if there are services being hosted on the device they will go down with the remote lock. The Linux device must be online to remotely unlock the device. If you have a pre-boot, BIOS security, or whole drive encryption deployed we suggest using our remote reboot option to generate an effective remote lock. Otherwise we suggest initiating a remote wipe for any suspected lost or stolen device.
When a remote lock command is executed, the lock command is triggered from a remote system endpoint or control panel.
Device lock is extremely useful when a device or system is being hijacked or an unauthorized access occurs allowing device administrators to easily initiate a device lock within the admin center. You may wonder what is remotely locate and is wipe or erase better? Many business personnel prefer an alternative when dealing with lost devices, known as a remote wipe (data destruction), where information is wiped on the device or system and the device must have software reinstalled or setup. Using remote lock (versus a wipe), those in charge of a system do not automatically lose all of their data but we suggest that a delete data operation is more prudent. Either one of these security features is extremely helpful, when a mobile device is stolen, or when administrators determine that a bad actor is stealing information through a USB flash drive or other resources.
Start Your Free 30 Day Trial
Each day brings new data security challenges, so your organization needs simple and wide-reaching solutions to combat those challenges. DriveStrike is here to help you protect your most critical data with premium quality endpoint security. Start a free trial with DriveStrike today, and contact us if you need any assistance. Our team is always ready to answer your questions.