Securing Systems through BIOS
When securing systems, your first security concern is physical access. This involves ensuring that critical systems, such as servers, are in locked rooms that are not accessible to unauthorized users. Physically securing systems could also involve changing some of the CMOS settings, such as boot device order, power-on password, and CMOS password.
Changing these settings in CMOS is different for each type of system, but the first thing you have to do is enter CMOS. Normally, you press Delete, F1, F2, or F10 when the system is booting.
After the system is booted, you will find the following settings in the CMOS setup program to help secure the system:
- BIOS Password: Usually found in the security section of CMOS, you can set a power-on password (also known as a user password), which is a password that anyone who wants to use the system must type. You may also set a admin password, which is a password that must be known by anyone who wants to change CMOS settings.
- Boot Devices: In CMOS, you can control what devices the computer can boot from. Most computers today can boot from CD-ROM, floppy disk, hard disk, network, and USB removable drives. It is important to understand that if you allow a computer to boot from CD-ROM, it is possible that a hacker can boot from a CD and bypass all security enforced by your operating system.
- Intrusion Detection: Most systems today have an intrusion detection option that will notify you if the computer case has been opened. This is important because instead of stealing the actual computer, a person could take the RAM or hard drive out of the computer, which is easier to hide in a duffle bag. Make sure that the intrusion detection option is enabled, and also be sure to lock the computer cases so they cannot be removed easily.