RE: Secure Boot Manager

["Brent Gardner" <bgardner () iprocorp com>]

There are probably many options available in the *nix world but speaking as
a non-*nix literate admin I have had success using Smart Boot Manager
(btmgr.sourceforge.net).  It will allow you to set passwords for each
configured partition as well as a password to prevent changes to the boot
manager configuration.

You will of course need to set the BIOS to prevent booting from removable
media and then password protect the BIOS.

A determined hacker could remove the hard drive from the laptop to try to
access it in a separate machine.  Encryption would probably guard against
this.

As always, it's all a matter of how much time and money you want to spend.


Brent Gardner
Network Administrator
IPRO Tech, Inc.
www.iprocorp.com
602-324-4776


-----Original Message-----
From: Meidinger Christopher [mailto:christopher.meidinger () badenIT de]
Sent: Monday, June 30, 2003 4:45 AM
To: Security-Basics@Securityfocus. Com (E-Mail)
Cc: Meidinger Christopher
Subject: Secure Boot Manager


Hello List-Readers,

i have a question for you all, hopefully someone will have a great answer
for me.

Our company needs to securely seperate two partitions on several laptops.
This means we are looking to have two Windows Installations on one hard
drive, and have them be *entirely* invisible to one another, even if the
user has escalated privileges.

This involves keeping two secure networks seperated. I am less worried about
the actual data on the machines. If the user should do something to destroy
one of the partitions, that's ok, there just has to be a 0% chance that the
OS on the other partition can access it.

The best solution i have been able to come up with is:

1. encrypt the partitions - we will buy a commercial software so that the OS
itself and its entire partition can be encrypted.
2. use a boot manager to hide the partitions from one another so that the
user would have to actively un-hide them to attempt to mount them

Can anyone point out any obvious problems here, or does anyone have a
suggestion on how to do this better? I have no real reason to encrypt the
data except to make it inaccessible for the other OS, so i would prefer to
avoid the performance loss associated with encrypted file systems if
possible. I just haven't thought of another way to be 100% sure that neither
OS can access the partition of the other one.

Thanks in advance,

badenIT GmbH
System Support

Chris Meidinger
Tullastrasse 70
79108 Freiburg


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.

Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------