Re: BIOS and Hard Drive Passwords - Are they effective security approaches?
From: Gabriel Levi (gabi_at_dao2com.com)
Date: 06/09/03
- Next message: Dimitri Maziuk: "Re: PTR? what the heck is it?"
- Previous message: Walter Roberson: "Re: PTR? what the heck is it?"
- Next in thread: Jim Watt: "Re: BIOS and Hard Drive Passwords - Are they effective security approaches?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 09 Jun 2003 21:18:33 +0300
Doug Fox wrote:
> Are the benefits out-weighed the costs of deploying BIOS and/or Hard Drive
> passwords on laptops?
>
> People supports this idea claim that:
> It has one more layer of defense.
>
> People who do not support this idea claim that:
> If users forgot the BIOS passwords, the system could not boot up.
> It may increase the support costs.
> The BIOS passwords can be reset by a hardware technician in no time. If the
> "thief" is interested in data, he can remove the hard drive to another
> laptop.
> ??
>
> If the users forgot their harddrive passwords. The system could not boot
> up.
> It could increase the support costs.
> It could "fire" the motherboard. (?)
> ??
>
> A better approach is to use PGP to encrypt the disk, or folders containing
> sensitive information.
>
> Any comments/input are appreciated.
>
>
Background
BIOS, is a ROM chip, in accordance to every ROM memory chip in the
market today the BIOS also uses electricity to retain its definitions
(this is why the CMOS cloack "always" up-to-date)
Where does it take power from...cord?...generator? no....from a small
(usually 3V) battery....
So What......
So...if definitions (IDE, PCI, Cloack and yes also password) are retaind
using battery powersupply cuting this elec. will delete the definitios.
Realy ???? how???
1. Get access to the MotherBoard (it is mother board day)
2.Locate the battery. (will not be diff. marked with (+) and (-) and
have a XXV and look like battery.
3.Take a simple conductor (a copper wire will do the trick) short-circut
the plus (+) with the minus (-).
Avvvvwallla, all definitions erased, default setting will be placed
instead.
Those who knew this....good... thos who didnt...enjoy.
P.S Breaking HD password is not much harder, a simple diskedit tool with
access to MBR will do the trick.
Encryption....this is probably the best soltuion avaiable on the market
today.... try PGP...
Gabriel Levi
- Next message: Dimitri Maziuk: "Re: PTR? what the heck is it?"
- Previous message: Walter Roberson: "Re: PTR? what the heck is it?"
- Next in thread: Jim Watt: "Re: BIOS and Hard Drive Passwords - Are they effective security approaches?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
