How can we protect our bios from recovery softwares ?

BIOS Questions that don't belong in the other forums. Read them!
Post Reply
land1
New visitors - please read the rules.
Posts: 1
Joined: Sat Aug 14, 2010 9:12 pm

How can we protect our computer bios from BIOS password recovery softwares... If the cracker recover the bios password then he/she can use dvd-usb then open the windows administrator with again this kind of software...
edwin
The Hardware Archivist
Posts: 6286
Joined: Wed Mar 20, 2002 7:11 pm
Location: Netherlands
Contact:

fingerprint reader, password on the harddisk, physically making impossible to reach the system or store the sensitive data elsewhere, not on the local harddisk...
edwin/evasive

Do not assume anything

System error, strike any user to continue...
cp
BIOS Guru
Posts: 1914
Joined: Mon Oct 21, 2002 9:07 pm
Location: Germany

depends on what you want to protect: the hardware, the base installation (OS) or the data written to the drive.

first of all: BIOS passwords are a joke. if the attacker has physical access to the computer none of the inbuild security measures will help. even if you manage to keep someone from changing the boot order: what about someone taking the harddisk to another computer? why should someone use protected hardware? ;)

if you want to protect the hardware from being stolen make sure it is locked up. this is not a joke.

if you want to protect the base installation (OS and the like) use a read-only image that is unpacked into a RAM-drive. Linux does this every time it boots up: basic stuff is loaded into an initial RAM drive, then the root filesystem is mounted. there are root filesystems that are read-only, such as CramFS or SquashFS. if you reboot the machine every change will be lost and your OS will be like new again (those systems often have a small user writeable partition to allow saving files that will survive a reset).

if you want to protect the data written to the drive there is only one solution: encrypt the filesystem or the data written to the drive. if you don't know the password you can only destroy the data but you can't read it. so even if the harddrive is stolen and put into another computer the data can't be read until you enter the correct password. with truecrypt you can also create encrypted file-containers that can be mounted as virtual drives.

this list is far from being complete. you should share some more information on the use-case.
If you email me include [WIMSBIOS] in the subject.
Post Reply