Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-48738-9
12345678910
1048
Understanding Physical Security
room is a hacker cannot boot off a bootable CD-ROM, which could bypass
the OS entirely. After a hacker bypasses the OS, he typically can bypass a
lot of the security by booting to a totally different OS.
You can apply enterprise security best practices to your home systems. For
example, to help secure your home system, you might want to prevent boot-
ing from a CD-ROM so that an unauthorized person cannot try to bypass
your Windows security.
BIOS settings
You can set a number of settings in your system BIOS to help control the
security of the system. Be sure to investigate the BIOS settings on your
system to see what security settings you can enable on the system. Here are
some popular BIOS/CMOS settings to aid in physical security:
Drive lock: Drive lock (a popular feature with laptops) is a hard disk
specification used to protect access to the drive. To protect access to
the drive, there are two drive lock passwords: a user password and
a master password. The user password is used by the user wanting
to access the system; the master password is used to reset the user
password if the user forgets the password. Do not confuse drive lock pass-
words that prevent booting from the drive with the general CMOS
passwords for the system. If the user password and master password
are forgotten or lost, the drive is useless.
Passwords: You can set a power-on password in CMOS to limit who can
use the system. If the power-on password is forgotten, it can typically
be erased via a jumper on the motherboard or by taking the battery off
the motherboard and putting it back in.
Intrusion detection: Most systems have intrusion detection features
that can be enabled through the BIOS that will notify you if the cover is
taken off the system. This is designed to alert you if someone opens the
cover and takes internal components.
TPM: The Trusted Platform Module (TPM) is a chip on computer hard-
ware used to store cryptography keys that are typically used to encrypt
data. A TPM chip can also be used to authenticate a device because it
contains a unique key that identifies the chip, or hardware device. Most
computers today have a TPM chip, and a number of software solutions
(such as Windows Vista Bit Locker) can use the TPM chip to encrypt
the contents of the drive.
Best practices
To protect your systems, follow these physical security best practices:
49_487389-bk09ch01.indd 104849_487389-bk09ch01.indd 1048 9/10/09 11:03 PM9/10/09 11:03 PM