You could also consider adding power-on passwords to critical systems such as servers and laptops. It could be argued that every system is critical if it provides network access or contains sensitive information. (I haven't come across a computer that doesn't meet at least one of these criteria.) This could certainly add some administrative overhead, especially for remote users and servers stored in unmanaged offices or data centers that have to be rebooted occasionally. As I've shown here, adding BIOS passwords is not a foolproof measure, and they may just cause more trouble than they're worth, so proceed with caution. BIOS passwords do offer another layer of security that can buy you time or force an amateur hacker to give up. Bottom line, determine what's really at risk, how BIOS passwords would fit into your organization's culture and politics, and refer back to some alternate recommendations listed at the end of my laptop hacking guide.
BIOS password hacking
Home: Introduction
| ABOUT THE AUTHOR: |
|
Kevin Beaver, CISSP, is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Beaver has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, (Wiley) and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com. Copyright 2006 TechTarget |
This was first published in September 2008
Join the conversationComment
Share
Comments
Results
Contribute to the conversation