Do I have to set another password in the CMOS setting to enhance the security of OS?

Discussion in 'Security Software' started by jone, Apr 19, 2005.

  1. jone

    jone Guest

    I have set a strong password in the account of user on my OS. Do I have to
    set a second password in the CMOS setting? Can
    two passwords enhance the security of OS?
     
    jone, Apr 19, 2005
    #1
    1. Advertisements

  2. jone

    andy smart Guest

    A cmos password will enhance the security of your machine, you could for
    example ensure that people can't change the boot order so that they boot
    from a floppy and go past your nice tidy OS security. Or a favourite
    here before we got round all the machines was to go into the BIOS and
    disable the hard drive.......

    We think it helps.

    Mind you the Internet is full of BIOS password cracking software!
     
    andy smart, Apr 19, 2005
    #2
    1. Advertisements

  3. However, it can be bypassed by anyone willing to open up the machine.

    --
    Frank Saunders, MS-MVP, IE/OE
    Please respond in Newsgroup only. Do not send email
    http://www.fjsmjs.com
    Protect your PC
    http://www.microsoft.com./athome/security/protect/default.aspx
    http://defendingyourmachine.blogspot.com/
     
    Frank Saunders, MS-MVP IE/OE, Apr 20, 2005
    #3
  4. jone

    andy smart Guest

    Indeed, but frankly if somebody has that level of physical access + time
    + inclination no level of security is going to defete them!
     
    andy smart, Apr 20, 2005
    #4
  5. True.

    --
    Frank Saunders, MS-MVP, IE/OE
    Please respond in Newsgroup only. Do not send email
    http://www.fjsmjs.com
    Protect your PC
    http://www.microsoft.com./athome/security/protect/default.aspx
    http://defendingyourmachine.blogspot.com/
     
    Frank Saunders, MS-MVP IE/OE, Apr 20, 2005
    #5
  6. Oh, I don't know...

    EFS would certainly be of great use there - as some of the posters here have
    found, there's essentially no way to crack it if you don't have the right
    credentials in hand. As such, you need to consider it as a measure that
    says "I would rather lose this copy of the data than have the wrong person
    access it" - the phrasing is deliberately intended to make you think about
    backing up EFS-protected files.

    Heading more towards either science fiction or military hardware, there are
    some devices that endeavour to be "tamper-proof" by destroying themselves
    when they detect that some physical attack is in progress.

    But yes, one of the "ten immutable laws" is that physical access beats
    everything. Physical access risks can be mitigated - through secure
    encryption, for instance, or by having such physical access monitored and
    logged through a security camera.

    Even using encryption is a kind of a gamble, though - today's encryption may
    be crackable with tomorrow's hardware or mathematics. Encryption is often
    described in terms of protecting data for longer than the time over which
    that data is valuable. If I can decrypt a file in six months, but the
    information in the file is only useful for three months, then the file is
    useless to me as an attacker.

    If an attacker can decrypt your credit card number in six months of
    attacking a file, though, the attacker will get some benefit.

    Alun.
    ~~~~
     
    Alun Jones [MSFT], Apr 20, 2005
    #6
  7. jone

    andy smart Guest

    Agreed indeed. There is also the trade off of how much effort the owner
    of the data is willing to go through in order to protect that data.
    Essentially the important thing is to remember that there is no perfect
    security. Also of course there is no point in having a strong password
    and a CMOS password and an encrypted file system and self-destruct if an
    attacker can either install a trojan or keylogger or just
    social-engineer their way in!
     
    andy smart, Apr 21, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.