Jump to content

Physical Computer Security


darkjedicoder
 Share

Recommended Posts

With one of the recent episodes talking about Snubs' sisters computer getting the password changed (or added?) and a friend of mines roommates messed with her computer, other than a BIOS password, what are some best practices and security measures that everyone is using to prevent this sort of thing?

(Just thinking out loud)Steady state could be a good idea if you were going on vacation or something and didn't want your computer to be f'd up upon your return, but not necessarily practical for everyday use on you own machines.

I think this could also make a good segment for the show.

Thanks for your input!

Link to comment
Share on other sites

With one of the recent episodes talking about Snubs' sisters computer getting the password changed (or added?) and a friend of mines roommates messed with her computer, other than a BIOS password, what are some best practices and security measures that everyone is using to prevent this sort of thing?

(Just thinking out loud)Steady state could be a good idea if you were going on vacation or something and didn't want your computer to be f'd up upon your return, but not necessarily practical for everyday use on you own machines.

I think this could also make a good segment for the show.

Thanks for your input!

Steady state wouldn't prevent some one changing stuff if they booted from an alternative media. The only real defence against this attack is whole disk encryption.

Physical access = they have all access.

Some computers do have BIOS password-able boot selection menus, but if some one can get inside the computer, they can take the battery out and 5 seconds later that password is gone. If they are willing to got to the effort of opening the compute they might as well just plug the hard drive in to another computer and mess with it on that computer and you'd never knew it happened because the BIOS would still retain all it's settings including passwords (that is until you boot windows and find it messed up).

To reiterate: whole disk encryption is the only defence against this.

Link to comment
Share on other sites

Steady state wouldn't prevent some one changing stuff if they booted from an alternative media. The only real defence against this attack is whole disk encryption.

Physical access = they have all access.

Some computers do have BIOS password-able boot selection menus, but if some one can get inside the computer, they can take the battery out and 5 seconds later that password is gone. If they are willing to got to the effort of opening the compute they might as well just plug the hard drive in to another computer and mess with it on that computer and you'd never knew it happened because the BIOS would still retain all it's settings including passwords (that is until you boot windows and find it messed up).

To reiterate: whole disk encryption is the only defence against this.

But then again... http://en.wikipedia.org/wiki/Cold_boot_attack :P

Link to comment
Share on other sites

Physical access = they have all access.

This is all too true.

anyone with physical access and enough time will be able to get around anything so the answer is to do enough to make most people give up and move on to somthing else. Encrypting the drive will probably make it extreamly difficult but not entirly impossible. preventing physical accedd to the machine is helpfull too. spend some cash and build a PC storage case that is lockable. If you make it hard for them to even get at the machine most people will give up. again I say MOST.

In the case of Snubs' sister and her roomate, she probable would have been fine with making sure that the administrative account had a decent password to begin with and then used a power user or regular user account to actually do work on the computer. that way if she does leave it unlocked anyone who walks up to the machine will only be able to mess with the normal user account and she will still have the admin account to fix things. (in other words, only use the admin account for administering the computer and use the user account for actual day to day work.)

again it all depends on how knowlagable the people are that you are trying to protect against.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...