a small but important find...

First off I searched all over AO and didn't find anything on this, so sorry in advance if by chance I missed a previous posting of this.

We all know that electronic security on a computer doesn't mean jack if your physical security is non-existant, or at least not up to par. I have my workstation at home set to lock out accounts after 3 unsuccessful login attempts. Unfortunately I somehow managed to mess up my password three times, and was logged out for a half hour. A friend of mine was sitting there and suggested this, to reboot, and change the bios clock. Its an amazingly simple idea, but it worked, allowing me to finish what ever I was doing at the moment. I would advise anyone with a computer in a public, semi-public, or even a private setting to set a very strong bios password, to prevent this circumvention of their operating systems security policies.

That is a very good idea, but..

If you set a very strong bios password on it, then anyone that wanted to use the computer would need to know the password. If that is the case, then they should have a valid user id on the computer too.

I don't think that physical security is all that important at home... I mean, everyone you let in you trust and if you are worrying about your family/roomates finding/snooping your files, just use encryption.

At work, this may be a different story... but you're just asking for a headache.

IMO: Bios passwords are really only good for laptops. Even then, I recommend encryption for sensitive files and the accounts to lockout like you said.

Even with the bios password set... there are so many ways around that...

Either way, good idea!

It really is a double edges sword when you think about it, but I guess it would really show its merits in a corporate setting, like on a server, that way some disgruntled employee wouldnt just override the policies. Or just for us paranoids ( as I am extremely paranoid ) who like to keep our private stuff very private.

Or, you could put it in a temperature-sensitive room with weight-sensitive floor panels, motion sensors, and lasers. The door should also be guarded by an M-16-wielding crazed ex-Marine who trusts no one - not even you. Oh, and don't forget the combination retinal scan + 18-digit alphanumeric security code - which changes ever 60 seconds - that is required to get the door open. There can't be any windows or other doors in the room. J/K! ;) Someone's been watching a little too much Mission Impossible, eh? Oh, and btw, I think the BIOS can be reset on many models by removing the CMOS battery, but that brings us back to the physical security thing.

Either way you look at it it's actually best to use a bios password. (and not give it to people you trust)

Why? because they can grant access to your computer in your part if a police conduct a search.....

t2k2 > actually no one can yank the cmos battery on my workstation, its got a padlock latch on on the case :) which reminds me, I need to get a good keyed lock for that sometime soon. actually my favoriate paranoia movie has got to be Conspiracy Theory!

tyger_claw > I never thought about the police search thing. Of course that would probably be because I hope to never be searched by the police, cause I try not to do anything too stupid to have to be put into that situation

Quote:

---

Either way you look at it it's actually best to use a bios password. (and not give it to people you trust) Why? because they can grant access to your computer in your part if a police conduct a search.....

---

lol
Now, we're assuming thats police these police have some brains...

Bios pws still won't protect you. You have to use encryption. You can encrypt it with blowfish, then encrypt it with something more lax encryption (like 128bit) if your really parinoid. I don't have time to get into trouble... so I don't think thats going to happen to me. Unless someone spoofs me or takes over my PCs... which is possible, but highly improbable.

t2k2 you left out the electro-statically charged mesh arount the computer area to prevent the picking up and viewing of emf by unfriendlys.

Another thing I got to thinking about... if you get locked out, you can only use that bios trick if the policy is on the local machine.

If you are logging into a network (domain), then they would need access to a domain controller... which someone will notice if it is taken down.

I just thought of the most useless, but guaranteed badguy proof physical security mecahnism. A canister of Thermite inside the case set to detonate and melt the entire machine, metal and all, after three invalid login attempts. Definately not a good idea to try to login to your machine while drunk, lest you turn it, along with your house, into a smoldering heap!