BIOS Security
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: BIOS Security

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    6

    BIOS Security

    If I wanted to set up a LAN where people could use computers, but I would lock the BIOS so that it would not allow for them to run boot disks and such for security purposes, would there be a way of someone working around it?

    Assuming I'm using a PhoenixBIOS 4.05, Windows NT, would there be scripts that would allow someone to extract the BIOS password and boot from a disk? Or maybe even use a master password. If so, what would these thing be. If there are master BIOS passwords there's obviously nothing I can do but for scripts, I could prevent them with custom virus detection.

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    134
    Yeah, pulling the battery off the motherboard would do it.
    Sysmin Sys73m47ic
    -The Hacker Pimps
    -Development Team {FuxorWRT}
    http://www.AntiOnline.com/sig.php?imageid=563

  3. #3
    Junior Member
    Join Date
    Oct 2003
    Posts
    6

    well

    Well, I already locked up the cast so it couldnt be opened, and if they do, I could see them do it from the head desk, so its not really an option. But when the computer screen is not facing me, I don't know what they are up to.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Some things to consider:

    - disable the floppy and cdrom drives. This will avoid a person being able to boot and use "scripts" to disable/alter the bios settings

    - use security screws on the cases. This will prevent someone from opening the case up and removing jumpers/batteries to wipe out the BIOS settings

    - if possible, lock the machines up in a secure setting. This along with the other two options will mitigate some of the risk of someone gaining physical access to the machine.

    No security system is perfect but making it harder helps.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    I'm with MsMittens on this one, if you're suppling them with a LAN to use - just don't allow the use of floppies and/or cdroms.

    It takes a little more of the person sitting at the head-desk's time, if you want to offer them the option of saving to a floppy/cd-rom just have a folder setup for them to save into and require them to ask the person to save it for them. (Ergo don't even have floppy drives or cdroms in any system except the one at the head-desk)...

    Likewise, if you want them to be able to install games to play - (big if their) - then require them to ask that person to do it for them. (For this occurance it maybe easier to just put some sort of lock over the fluppy/cd-roms that the head-desk person can unlock)...

    That'd be my suggestions...

    RRP

  6. #6
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    We have systems that have floppies, ZIP, CD-ROM, DVD, DVD +R and DVD -R, combos and whatnot. We secure the BIOS and set a specific boot order, HD then NIC (that way if some creative student blows away the hard drive, it will boot top the NIC and try to get a fresh image). When we get ready to re-image, we open the BIOS, add the DVD to the top of the boot order, then DeathDisk the systems (uses DelPart), and reboot.

    This allows the students to use the floppies, ZIPs, CD, DVD, even the USB thumb drives, without allowing them to boot from them.

    We prevent messing with the internals (BIOS reset jumpers and such) by locking the cases.

  7. #7
    Senior Member
    Join Date
    Feb 2003
    Posts
    193
    I assume you are using win2kpro. You can just create user accounts and restrict their access to almost anywhere you want inthe network. You can also change the bios settings by pressing del key or F8. So computer won't boot-up from cd or floppy drive. Why would someone wanna crack bios password anyway? They would go for the administrator password to get the whole control over the network.

  8. #8
    Senior Member
    Join Date
    Dec 2002
    Posts
    309
    http://www.techtv.com/screensavers/a...339621,00.html

    http://www.pwcrack.com/bios.shtml

    I therefore agree with MsMittens





    - disable the floppy and cdrom drives. This will avoid a person being able to boot and use "scripts" to disable/alter the bios settings

    - use security screws on the cases. This will prevent someone from opening the case up and removing jumpers/batteries to wipe out the BIOS settings

    - if possible, lock the machines up in a secure setting. This along with the other two options will mitigate some of the risk of someone gaining physical access to the machine.

    Dr _Evil

  9. #9
    Junior Member
    Join Date
    Oct 2003
    Posts
    6

    yeah

    but what worries me is that someone might be able to run a BIOS crackers from the Windows NT to reveal the BIOS password. Are there such tools?

  10. #10
    Junior Member
    Join Date
    Oct 2003
    Posts
    6

    ...

    such as?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •