Discussion on:
View:
Show:
What do you consider to be your biggest internal security threats? Is locking down the BIOS standard operating procedure for your organization?
Locking the BIOS it's very important and should be part of the process of settings up every new computer in an organization. But, there is still one risk and is that a user could open the computer and reset the BIOS. So if it's really important for the organization to avoid any risk associate with an unlocked BIOS the computer case should be lock as well.
But it can also start a lot of problems as well. Like never accessing that machine ever again, if the user dissapears from the picture for some reason. Or, someone thinks they need to access that computer, and locks it up forever. There must be an established policy that keeps the password hard copied somewhere safe. It's one strategy, but just one. Physical security is still the best over-all route. IMHO (and experence) -d
while it is a deterrent for thieves (mainly NB) it does little to protect the data as removing the drive gives access (unless encrypted).
For Orgs using 2k/XP then it is a good start to lock the BIOS, if someone snags it they likely need to buy a new MB. Encryption on anyones system that has confidential data is also a good start. Physical security is another good one, however end user training and responsibility just as important.
A computer can be rebuilt/replaced, however, often the data cannot, or it may be too pricey. For these reasons good backups are needed. If a company does not provide backup SW for critical systems, it is asking for disaster.
For security purposes all of these come into play to create a well guarded system. Make the system as hard to obtain data as possible for lost/stolen equipment. Put a power scheme for those that refuse to lock their system (OS) when they walk away, and make sure that everyone locks (physical) at their desk and while away.
of course, even the most educated users will still miss some of these steps often enough, so they need to be reminded periodically as well.
For Orgs using 2k/XP then it is a good start to lock the BIOS, if someone snags it they likely need to buy a new MB. Encryption on anyones system that has confidential data is also a good start. Physical security is another good one, however end user training and responsibility just as important.
A computer can be rebuilt/replaced, however, often the data cannot, or it may be too pricey. For these reasons good backups are needed. If a company does not provide backup SW for critical systems, it is asking for disaster.
For security purposes all of these come into play to create a well guarded system. Make the system as hard to obtain data as possible for lost/stolen equipment. Put a power scheme for those that refuse to lock their system (OS) when they walk away, and make sure that everyone locks (physical) at their desk and while away.
of course, even the most educated users will still miss some of these steps often enough, so they need to be reminded periodically as well.
It's a multi-facited solution, with tiers of security to ensure anything close to "Secure". And you're also right, it needs to be re-enforced regularly. I have at times, found myself careless as well. 
It was those (now) older NBs that I was thinking of when I mentioned bye-bye for ever. They were good though, I kind of wish it was still that way. (There's still a lot in use BTW) With the disk encryption we have the same situation however. I can't understand how many times idiots don't do anything, and "loose" Data. 
Shoot 'em. 
-d
It was those (now) older NBs that I was thinking of when I mentioned bye-bye for ever. They were good though, I kind of wish it was still that way. (There's still a lot in use BTW) With the disk encryption we have the same situation however. I can't understand how many times idiots don't do anything, and "loose" Data. Shoot 'em. -d 
While this is almost as simple to bypass as it is to implement, it is still a neccessary step to tightening overall security. IT isn't foolproof or absolutely certain, but it does help.
do not allow a 'bypass' for these. You may need to replace the MB to get it working again. And in some cases the HDD holds part of the key, so even the HDD is useless if put in a different system.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
