RE: security scenario

["s7726" <s7726 () yahoo com>]

If you set the bios pass you can simply disable the floppy and cd drives as
boot media. No this does not fix having the person open the case and reset
the bios, but I have seen a few cases (mostly from OEM) with places to put a
master lock so the case can't be opened without some hardware which would
almost definitely draw some attention - "Hey Jim what're the bolt cutters
for."

Gavin S.

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com]
Sent: Tuesday, January 28, 2003 1:40 PM
To: security-basics () securityfocus com
Subject: Re: security scenario


> From: Gene Cronk <gene () hacktek com>
> No CD Rom/Floppy in the server?  :-D

He specified workstation, but to answer your question I have a locking
server case to prevent unauthorized access.  In addition we're installing
cypherlocks on the server room door (can't afford a smartcard system right
now)  However, it would be pretty easy to remove the cd-rom and floppy from
the server once it is initially set up, and just do everything over the
network.

<bad humor>
    Of course then you have the situation where you're hanging upside down
in the dark trying to install a floppy drive while the sprinklers are going
and the power strips are shorting out so that you can use your ten year old
copy of emacs to try and repair the files that got corrupted by the bosses
son pushing his cookies through the fan grills and starting an electrical
fire, but I consider that an acceptable trade off.
</bad humor>

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"For Sys Admins paranoia isn't a mental health problem, its a marketable job
skill."

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail