From owner-freebsd-stable Mon Jul 3 20:43:54 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id 4CE6237BAD0 for ; Mon, 3 Jul 2000 20:43:51 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.0.0.2]) by mostgraveconcern.com (8.9.3/8.9.3) with SMTP id UAA39405; Mon, 3 Jul 2000 20:43:40 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Message-ID: <0d8b01bfe56a$0c01c580$0200000a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: "Andrew Johns" Cc: Subject: Re: securing the boot process (again?!?) Date: Mon, 3 Jul 2000 20:43:38 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >> Doesn't your computer have a BIOS password? These are typically invoked >> *before* the BIOS tries to boot off any disk... > >Unfortunately BIOS passwords can be disabled on the motherboard in a matter >of minutes (for most motherboards that I know of). Even Dell laptops (don't >know about their desktops/servers) have a master password that Dell will give >you if you call them, provided you give them some details first. Looks like there's not really much you can do if you can't physically secure the machine. Even all the other tricks, boot only from hard drive, setting the delay to '0', are pointless if someone can get inside the hardware case, change jumpers, get into the BIOS and turn on boot from floppy and then boot from a floppy. On the other hand, if someone has the opportunity to do all that, they might as well just steal the whole box... Moral of the story: either secure the machine in a location where malicious users can't get to it or take the consequences. --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message