No way to secure a system completely by means of software?

  • Thread starter Thread starter Eckhardt Newger
  • Start date Start date
E

Eckhardt Newger

Ok, first step is clear: How to avoid an unauthorized person to enter
the system? No auto-logon, password required to logon, strong passwords.

Second, how to avoid someone using boot diskettes or boot cd,
installing a new system, and then accesses from there my original
system? Disabling boot from floppy or cd in the bios, securing the bios
by a setup password should do this.

But then, how to disable that somone flashes the bios, resets it do
defaults, and then goes ahead? I've no idea how to do hinder that.

Any help welcome.

Eckhardt Newger
 
You can't. Without physical security there is no security. Now there are various
degrees of physical security. Possibly a sturdy computer case with an alarm that
locks access to the drive bays, power switch, and the inside may be adequate. File
encryption can also secure data as long as the encryption keys are not on the
computer or otherwise available and clear text remnants of the data/keys have been
scrubbed from the disk. --- Steve
 
Hello Steve,

I somehow exspected that response. I have PGP on my system, but so far
only the most critical data are being encrypted (pins, passwords, login
data, etc.). Indeed, I could encrypt everything except system and user
data that are needed to boot the system. To me that appears to be a
rather brute method, I hoped to learn a more sophisticated one. And
Kensington lock ony protects from theft, am I right?

Eckhardt newger
 
Eckhardt Newger said:
Hello Steve,

I somehow exspected that response. I have PGP on my system, but so far
only the most critical data are being encrypted (pins, passwords, login
data, etc.). Indeed, I could encrypt everything except system and user
data that are needed to boot the system. To me that appears to be a
rather brute method, I hoped to learn a more sophisticated one.
Click to expand...

You could try something like this:
http://www.safeboot.com/
This product requires a password at boot time and encrypts/decrypts
everything on the fly - No need for user intervention. Each time you get an
incorrect password the time between allowing subsequent passwords doubles.

I recall reading of a notebook manufacturer building hardware encryption into
the motherboard, but I can't remember which one off the top of my head.
And
Kensington lock ony protects from theft, am I right?
Click to expand...

Not really. It's a deterent - That's all.

Andy.
 
Hello Andrew,

thanx for the link. I'll try it out. looks promising.

Eckhardt Newger
Newsbeitrag --

[Formerly appended fullquote was nuked by morver,
the versatile morphing server.]
 
Ok, first step is clear: How to avoid an unauthorized person to enter
the system? No auto-logon, password required to logon, strong passwords.

Second, how to avoid someone using boot diskettes or boot cd,
installing a new system, and then accesses from there my original
system? Disabling boot from floppy or cd in the bios, securing the bios
by a setup password should do this.

But then, how to disable that somone flashes the bios, resets it do
defaults, and then goes ahead? I've no idea how to do hinder that.
Click to expand...

Door locks.

Jeff
 
I am not familiar with that lock, but if it is a physical device that is all it is
goof for. If data is that valuable, they will take a SawzAll to your computer to get
the hard drive and try to extract the data at their convenience. Encryption with the
lack of the private decryption keys is the only way to protect the data then. ---
Steve
 
Back
Top