REQ: Computer Security Software Help

Discussion in 'Computer Security' started by Rick, Jan 29, 2005.

  1. Rick

    Rick Guest

    Does anyone know of a program to sort of lockout a person who tries to
    boot into my computer from a cd-rom or floppy disk?
     
    Rick, Jan 29, 2005
    #1
    1. Advertising

  2. Rick

    donnie Guest

    On Fri, 28 Jan 2005 22:32:57 -0500, Rick <> wrote:

    >Does anyone know of a program to sort of lockout a person who tries to
    >boot into my computer from a cd-rom or floppy disk?

    ##########################
    The first thing that occured to me is the boot sequence in the BIOS.
    Actually, that's the only thing.
    donnie.
     
    donnie, Jan 29, 2005
    #2
    1. Advertising

  3. Rick

    Rick Guest

    What I did was go into my BIOS and changed the boot priority so that I
    would boot into my hard drive first. Then from my BIOS, I enabled a
    password prompt to come up just before I select what OS I want to boot
    into (Safe Mode or Normal Mode) . It will only go pass that when the
    correct password is keyed in. I setup another password to boot into
    windows. Sounds like a winner to me I guess. Any opinions?


    On Sat, 29 Jan 2005 04:19:54 GMT, donnie <> wrote:

    >On Fri, 28 Jan 2005 22:32:57 -0500, Rick <> wrote:
    >
    >>Does anyone know of a program to sort of lockout a person who tries to
    >>boot into my computer from a cd-rom or floppy disk?

    >##########################
    >The first thing that occured to me is the boot sequence in the BIOS.
    >Actually, that's the only thing.
    >donnie.
     
    Rick, Jan 29, 2005
    #3
  4. Rick

    Apollo Guest

    "Rick" <> wrote in message
    news:...
    > What I did was go into my BIOS and changed the boot priority so
    > that I
    > would boot into my hard drive first. Then from my BIOS, I
    > enabled a
    > password prompt to come up just before I select what OS I want
    > to boot
    > into (Safe Mode or Normal Mode) . It will only go pass that when
    > the
    > correct password is keyed in. I setup another password to boot
    > into
    > windows. Sounds like a winner to me I guess. Any opinions?
    >
    >


    If someone has physical access nothing will stop them getting at
    your data.

    It's a 30 second job to reset the bios, so setting a password
    won't stop them, although you will know if someone has cleared
    your password protection.

    --
    Ian
     
    Apollo, Jan 29, 2005
    #4
  5. The only problem with this solution is that anyone who knows computers
    can short the BIOS to factory default. This allows the person to select
    the first boot device and boot your computer by any means he wants.

    If he boots with a CDROM, he has access to all, unless encryption is used.

    Scott

    Rick wrote:
    > What I did was go into my BIOS and changed the boot priority so that I
    > would boot into my hard drive first. Then from my BIOS, I enabled a
    > password prompt to come up just before I select what OS I want to boot
    > into (Safe Mode or Normal Mode) . It will only go pass that when the
    > correct password is keyed in. I setup another password to boot into
    > windows. Sounds like a winner to me I guess. Any opinions?
    >
    >
    > On Sat, 29 Jan 2005 04:19:54 GMT, donnie <> wrote:
    >
    >
    >>On Fri, 28 Jan 2005 22:32:57 -0500, Rick <> wrote:
    >>
    >>
    >>>Does anyone know of a program to sort of lockout a person who tries to
    >>>boot into my computer from a cd-rom or floppy disk?

    >>
    >>##########################
    >>The first thing that occured to me is the boot sequence in the BIOS.
    >>Actually, that's the only thing.
    >>donnie.

    >
    >
     
    Fred Flintstone, Jan 29, 2005
    #5
  6. Rick

    Rick Guest

    Can you elaborate on the encryption part a little? What kind of
    program would I need for that? The way I have it set up, a password
    would still be needed to access the boot menu.



    On Sat, 29 Jan 2005 08:24:10 -0500, Fred Flintstone
    <> wrote:

    >The only problem with this solution is that anyone who knows computers
    >can short the BIOS to factory default. This allows the person to select
    >the first boot device and boot your computer by any means he wants.
    >
    >If he boots with a CDROM, he has access to all, unless encryption is used.
    >
    >Scott
    >
    >Rick wrote:
    >> What I did was go into my BIOS and changed the boot priority so that I
    >> would boot into my hard drive first. Then from my BIOS, I enabled a
    >> password prompt to come up just before I select what OS I want to boot
    >> into (Safe Mode or Normal Mode) . It will only go pass that when the
    >> correct password is keyed in. I setup another password to boot into
    >> windows. Sounds like a winner to me I guess. Any opinions?
    >>
    >>
    >> On Sat, 29 Jan 2005 04:19:54 GMT, donnie <> wrote:
    >>
    >>
    >>>On Fri, 28 Jan 2005 22:32:57 -0500, Rick <> wrote:
    >>>
    >>>
    >>>>Does anyone know of a program to sort of lockout a person who tries to
    >>>>boot into my computer from a cd-rom or floppy disk?
    >>>
    >>>##########################
    >>>The first thing that occured to me is the boot sequence in the BIOS.
    >>>Actually, that's the only thing.
    >>>donnie.

    >>
    >>
     
    Rick, Jan 29, 2005
    #6
  7. Rick

    Rick Guest

    If a person has physical access to a computer, there is nothing that
    can be done? Taking that into acount,what can I do if the person only
    has access through a internet connection?


    On Sat, 29 Jan 2005 12:38:46 -0000, "Apollo"
    <ian_dunbar6@hot[un-munge-me]mail.com> wrote:

    >
    >"Rick" <> wrote in message
    >news:...
    >> What I did was go into my BIOS and changed the boot priority so
    >> that I
    >> would boot into my hard drive first. Then from my BIOS, I
    >> enabled a
    >> password prompt to come up just before I select what OS I want
    >> to boot
    >> into (Safe Mode or Normal Mode) . It will only go pass that when
    >> the
    >> correct password is keyed in. I setup another password to boot
    >> into
    >> windows. Sounds like a winner to me I guess. Any opinions?
    >>
    >>

    >
    >If someone has physical access nothing will stop them getting at
    >your data.
    >
    >It's a 30 second job to reset the bios, so setting a password
    >won't stop them, although you will know if someone has cleared
    >your password protection.
     
    Rick, Jan 29, 2005
    #7
  8. Rick

    Apollo Guest

    "Rick" <> wrote in message
    news:...
    > If a person has physical access to a computer, there is nothing
    > that
    > can be done? Taking that into acount,what can I do if the person
    > only
    > has access through a internet connection?
    >


    I'm confused now, I thought you wanted advice on how to prevent
    someone booting from cd/fd?

    By 'access through an internet connection', do you mean your pc is
    used to share a connection and you want to secure your pc from the
    other person's pc? If so, the easiest way is to buy a cheap
    router and configure it to allow access to the internet from both
    computers, but restrict access to your pc.

    Or did you mean something else entirely?

    --
    Ian
     
    Apollo, Jan 29, 2005
    #8
  9. Rick

    Apollo Guest

    "Rick" <> wrote in message
    news:...
    > Can you elaborate on the encryption part a little? What kind of
    > program would I need for that? The way I have it set up, a
    > password
    > would still be needed to access the boot menu.
    >
    >


    If I have physical access to your pc I can boot from a linux cd/fd
    and view/edit/copy/erase any of your stuff. The bios password
    protection may be good enough to keep young kids out, but that's
    about all.

    What Fred was suggesting is that if your stuff is
    private/sensitive you could encrypt it. I would still be able to
    copy/erase your files/partitions with physical access, but not be
    able to view the contents of your private stuff, (so long as the
    encryption is strong enough).

    Have a look at TrueCrypt 3.0a;
    http://truecrypt.sourceforge.net/
    It's free and if you read the docs and set it up correctly, it's
    extremely strong.

    --
    Ian
     
    Apollo, Jan 29, 2005
    #9
  10. Rick

    Rick Guest

    Sorry for the confusion, but what I have is a lone computer with a
    cable internet hookup and I don't want anyone having access to my
    computer or its data. You said or someone else said that there is
    pretty much nothing I can do if someone has physical access to my
    computer including the local police or the FEDS. So the only other
    thing I can defend against is internet access from an outside source.
    The thing is that is there a defense againest a person who only has
    access through software or media (cd-rom and/or floppy) and not
    physical access to the internal workings of my computer. By that I
    mean actually opening up the computer and taking out and reseting
    stuff.




    On Sat, 29 Jan 2005 18:25:00 -0000, "Apollo"
    <ian_dunbar6@hot[un-munge-me]mail.com> wrote:

    >
    >"Rick" <> wrote in message
    >news:...
    >> If a person has physical access to a computer, there is nothing
    >> that
    >> can be done? Taking that into acount,what can I do if the person
    >> only
    >> has access through a internet connection?
    >>

    >
    >I'm confused now, I thought you wanted advice on how to prevent
    >someone booting from cd/fd?
    >
    >By 'access through an internet connection', do you mean your pc is
    >used to share a connection and you want to secure your pc from the
    >other person's pc? If so, the easiest way is to buy a cheap
    >router and configure it to allow access to the internet from both
    >computers, but restrict access to your pc.
    >
    >Or did you mean something else entirely?
     
    Rick, Jan 29, 2005
    #10
  11. Rick

    Rick Guest

    Sorry for the confusion, but what I have is a lone computer with a
    cable internet hookup and I don't want anyone having access to my
    computer or its data. You said or someone else said that there is
    pretty much nothing I can do if someone has physical access to my
    computer including the local police or the FEDS. So the only other
    thing I can defend against is internet access from an outside source.
    The thing is that is there a defense againest a person who only has
    access through software or media (cd-rom and/or floppy) and not
    physical access to the internal workings of my computer. By that I
    mean actually opening up the computer and taking out and reseting
    stuff.




    On Sat, 29 Jan 2005 18:25:00 -0000, "Apollo"
    <ian_dunbar6@hot[un-munge-me]mail.com> wrote:

    >
    >"Rick" <> wrote in message
    >news:...
    >> If a person has physical access to a computer, there is nothing
    >> that
    >> can be done? Taking that into acount,what can I do if the person
    >> only
    >> has access through a internet connection?
    >>

    >
    >I'm confused now, I thought you wanted advice on how to prevent
    >someone booting from cd/fd?
    >
    >By 'access through an internet connection', do you mean your pc is
    >used to share a connection and you want to secure your pc from the
    >other person's pc? If so, the easiest way is to buy a cheap
    >router and configure it to allow access to the internet from both
    >computers, but restrict access to your pc.
    >
    >Or did you mean something else entirely?
     
    Rick, Jan 29, 2005
    #11
  12. You have many encryption options starting with Win XP's EFS (Encrypted
    File System). With files / folders encrypted this way, only the user who
    the files belong to can see them. The encryption is tied to the user's
    logon name and password.

    You also have various programs out there that will encrypt files and
    folders. Google works great for this.

    As for a password at the boot menu, With a Knoppix STD bootable CD, I
    can see every file on your hard disk including deleted files. I also
    have all kinds of tools to help crack passwords. Yes this needs good
    knowledge but even an amature with enough time and patience could get far.

    Good luck

    Scott


    Rick wrote:
    > Can you elaborate on the encryption part a little? What kind of
    > program would I need for that? The way I have it set up, a password
    > would still be needed to access the boot menu.
    >
    >
    >
    > On Sat, 29 Jan 2005 08:24:10 -0500, Fred Flintstone
    > <> wrote:
    >
    >
    >>The only problem with this solution is that anyone who knows computers
    >>can short the BIOS to factory default. This allows the person to select
    >>the first boot device and boot your computer by any means he wants.
    >>
    >>If he boots with a CDROM, he has access to all, unless encryption is used.
    >>
    >>Scott
    >>
    >>Rick wrote:
    >>
    >>>What I did was go into my BIOS and changed the boot priority so that I
    >>>would boot into my hard drive first. Then from my BIOS, I enabled a
    >>>password prompt to come up just before I select what OS I want to boot
    >>>into (Safe Mode or Normal Mode) . It will only go pass that when the
    >>>correct password is keyed in. I setup another password to boot into
    >>>windows. Sounds like a winner to me I guess. Any opinions?
    >>>
    >>>
    >>>On Sat, 29 Jan 2005 04:19:54 GMT, donnie <> wrote:
    >>>
    >>>
    >>>
    >>>>On Fri, 28 Jan 2005 22:32:57 -0500, Rick <> wrote:
    >>>>
    >>>>
    >>>>
    >>>>>Does anyone know of a program to sort of lockout a person who tries to
    >>>>>boot into my computer from a cd-rom or floppy disk?
    >>>>
    >>>>##########################
    >>>>The first thing that occured to me is the boot sequence in the BIOS.
    >>>>Actually, that's the only thing.
    >>>>donnie.
    >>>
    >>>

    >
     
    Fred Flintstone, Jan 29, 2005
    #12
  13. Rick

    nemo outis Guest

    In article <>, Rick
    <> wrote:
    >Does anyone know of a program to sort of lockout a person who tries to
    >boot into my computer from a cd-rom or floppy disk?



    The boot sequence can be set in the BIOS (e.g., HD before CD or
    even no CD). However, the BIOS is easy to reset on most
    computers if you have physical access. (It can be a bitch to
    reset the BIOS password on some laptops - e.g. IBM - although it
    is ultimately doable.)

    The only sure (software) protection against someone who has
    physical access to your computer is encryption, preferably OTFE
    encryption of the *entire* HD (makes it difficult to compromise
    the system in software, such as by keylogger and eliminates
    worries about software "leakage" of information). Hardware
    compromise (e.g., a hardware keylogger like keyghost, video,
    etc.) is still possible.

    I recommend full HD encryption together with tamper indication
    (numbered seals, etc.) on the box. Works best with laptops (no
    keyboard cable, etc.) but quite manageable even for desktops. Do
    not forget to seal things like printers, etc. as well.

    Sadly, tamper-proof seals aren't :) Although they're enough to
    stop low to middle-level amateurs. But a TLA can do some
    extaordinary things given enough time and access to the box (or
    even - unlikely though it may be - without access, through
    tempest, etc.).

    Regards,

    PS Popular OTFE full HD products include drivecrypt plus
    pack, safeboot solo (now discontinued), utimaco, winmagic,
    compusec, and others. All easy to use but care is need to not
    shoot yourself in the foot and render your data inaccessible
    (through error or stupidity, mostly, although hardware gllitches
    do sometimes happen). Backing up, for instance, rises from
    important to critical.

    PPS Container file/partition OTFE encryption of data is also
    a good - if less complete - solution. Truecrypt is excellent,
    open-source, and free, but there's also drivecrypt, bestcrypt,
    etc.

    PPPS Fully hardening a box with any form of network access -
    especially internet access - is problematic.
     
    nemo outis, Jan 29, 2005
    #13
  14. Rick

    nemo outis Guest

    In article <M5TKd.16940$>, Fred
    Flintstone <> wrote:
    >You have many encryption options starting with Win XP's EFS (Encrypted
    >File System). With files / folders encrypted this way, only the user who
    >the files belong to can see them. The encryption is tied to the user's
    >logon name and password.
    >
    >You also have various programs out there that will encrypt files and
    >folders. Google works great for this.
    >
    >As for a password at the boot menu, With a Knoppix STD bootable CD, I
    >can see every file on your hard disk including deleted files. I also
    >have all kinds of tools to help crack passwords. Yes this needs good
    >knowledge but even an amature with enough time and patience could get far.
    >
    >Good luck
    >
    >Scott
    >



    I would shy away from EFS, even discounting rumours it is
    backdoored.

    EFS is NOT OTFE and so leaves (deleted but recoverable) plaintext
    versions of encrypted files all over the place. Moreover it is
    easy to misconfigure it so that recovery by a third party is NOT
    prevented (in fact, it is that way by default!). Many newbies
    (and many not-so-newbies) will likely mismanage the process of
    rendering EFS non-recoverable by third parties - that or shut
    themselves out of their own files!

    In short, there are far better solutions (Truecrypt, for
    instance, is open-source, free, and OTFE).

    Regards,
     
    nemo outis, Jan 29, 2005
    #14
  15. I fully agree with you, I don't trust very much from Microsnuff to began
    with.

    There are many great products including many open source ones. Before
    anyone dives into encrypting files or complete disks, they should read
    up on all the risks and possible ways of losing their data before diving
    into it.

    Scott

    nemo outis wrote:
    > In article <M5TKd.16940$>, Fred
    > Flintstone <> wrote:
    >
    >>You have many encryption options starting with Win XP's EFS (Encrypted
    >>File System). With files / folders encrypted this way, only the user who
    >>the files belong to can see them. The encryption is tied to the user's
    >>logon name and password.
    >>
    >>You also have various programs out there that will encrypt files and
    >>folders. Google works great for this.



    >>
    >>As for a password at the boot menu, With a Knoppix STD bootable CD, I
    >>can see every file on your hard disk including deleted files. I also
    >>have all kinds of tools to help crack passwords. Yes this needs good
    >>knowledge but even an amature with enough time and patience could get far.
    >>
    >>Good luck
    >>
    >>Scott
    >>

    >
    >
    >
    > I would shy away from EFS, even discounting rumours it is
    > backdoored.
    >
    > EFS is NOT OTFE and so leaves (deleted but recoverable) plaintext
    > versions of encrypted files all over the place. Moreover it is
    > easy to misconfigure it so that recovery by a third party is NOT
    > prevented (in fact, it is that way by default!). Many newbies
    > (and many not-so-newbies) will likely mismanage the process of
    > rendering EFS non-recoverable by third parties - that or shut
    > themselves out of their own files!
    >
    > In short, there are far better solutions (Truecrypt, for
    > instance, is open-source, free, and OTFE).
    >
    > Regards,
    >
    >
     
    Fred Flintstone, Jan 29, 2005
    #15
  16. Rick

    Moe Trin Guest

    In article <>, Rick wrote:

    >What I did was go into my BIOS and changed the boot priority so that I
    >would boot into my hard drive first. Then from my BIOS, I enabled a
    >password prompt to come up just before I select what OS I want to boot
    >into (Safe Mode or Normal Mode) . It will only go pass that when the
    >correct password is keyed in. I setup another password to boot into
    >windows. Sounds like a winner to me I guess. Any opinions?


    Physical access beats five aces.

    Unless you can physically prevent ANYONE from opening the case and setting
    the jumper that resets the CMOS (see your motherboard manual), your software
    security is almost useless. All you would notice later is that the password
    no longer works (assuming it's not written on a sticky note pasted to the
    bottom of the keyboard - yes, I've seen people that dumb). And the way
    around that little problem is to simply yank the hard disk out of your
    computer, and put it into mine as a secondary/slave drive - I don't need
    to worry about puny efforts. You _could_ encrypt the disk, but how are
    you going to secure the encryption key? A sticky note pasted somewhere
    else?

    Old guy
     
    Moe Trin, Jan 30, 2005
    #16
  17. Rick

    nemo outis Guest

    In article <>,
    no.mail.accepted.sorry wrote:
    >In article <>, Rick wrote:
    >
    >>What I did was go into my BIOS and changed the boot priority so that I
    >>would boot into my hard drive first. Then from my BIOS, I enabled a
    >>password prompt to come up just before I select what OS I want to boot
    >>into (Safe Mode or Normal Mode) . It will only go pass that when the
    >>correct password is keyed in. I setup another password to boot into
    >>windows. Sounds like a winner to me I guess. Any opinions?

    >
    >Physical access beats five aces.
    >
    >Unless you can physically prevent ANYONE from opening the case and setting
    >the jumper that resets the CMOS (see your motherboard manual), your software
    >security is almost useless. All you would notice later is that the password
    >no longer works (assuming it's not written on a sticky note pasted to the
    >bottom of the keyboard - yes, I've seen people that dumb). And the way
    >around that little problem is to simply yank the hard disk out of your
    >computer, and put it into mine as a secondary/slave drive - I don't need
    >to worry about puny efforts. You _could_ encrypt the disk, but how are
    >you going to secure the encryption key? A sticky note pasted somewhere
    >else?
    >
    > Old guy



    Some full HD OTFE products do support passphrases (DCPP for
    instance). No need to memorize the actual key.

    An example passphrase (too short and lacking hardening by
    "messing with" the characters) might be, "A purple cow cavorts in
    a grotto of kumquat rinds." Even a much longer sentence would be
    very memorizable. Adding character hardening will greatly
    improve on the few bits per character of ordinary English
    (following Shannon, as low as 1.2 to 1.5 bits per character for
    ordinary prose - I suppose it will be slightly better for my
    nonsense phrases.) Or one can choose a longer sentence.

    As for character hardening I suggest a "semi-algorithmic" method
    as a mnemonic aid. Say two characters beween words, alternate
    numbers and punctuation characters following some keyboard
    pattern, and capitalize following, say, a Fibonacci series. Not
    random by any means but still effective.

    Regards,

    PS Shannon's original estimate for the entropy of English
    prose (around 2.5 bits/character) was higher than those from
    later studies.
     
    nemo outis, Jan 30, 2005
    #17
  18. Rick

    donnie Guest

    On Sat, 29 Jan 2005 18:32:22 -0600,
    (Moe Trin) wrote:

    >Unless you can physically prevent ANYONE from opening the case and setting
    >the jumper that resets the CMOS (see your motherboard manual), your software
    >security is almost useless.

    #########################
    There are special locks mad for that OR put the tower inside a locked
    box.
    donnie.
     
    donnie, Jan 30, 2005
    #18
  19. Rick

    Barney Guest

    Rick wrote:
    > Does anyone know of a program to sort of lockout a person who tries to
    > boot into my computer from a cd-rom or floppy disk?

    Change you BIOS settings to boot from your hd only and then set a BIOS
    password. Not totally secure but should do the job.
     
    Barney, Jan 30, 2005
    #19
  20. Rick

    Gladys Pump Guest

    On 2005-01-29, Fred Flintstone <> typed:
    > I fully agree with you, I don't trust very much from Microsnuff to began
    > with.


    Can we stop with the childish name-calling now please ? 'Microsnuff'. It
    just detracts from what is otherwise a good post.


    > There are many great products including many open source ones. Before
    > anyone dives into encrypting files or complete disks, they should read
    > up on all the risks and possible ways of losing their data before diving


    Sterling advice. It's all too easy, as I have been guilty of doing myself in
    the past, to just say "Try PGP/GPG", without mentioning the
    possible disastrous consequences of losing access to your own encrypted
    data.

    Backup, backup, then backup again all your access codes or keyrings *at a
    remote location* ie. *NOT* on the machine which contains the encrypted
    files. Also, very importantly, *TEST* whether or not you can successfully
    apply your backups. What if the only floppy or cdrom you saved your access
    codes/keyrings on became corrupt ? Or didn't write properly the first time ?

    Anyone who has ever lost important data knows how devastating that situation
    can be. Not just to other people, who may rely on that information, but the
    personal loss felt if you've spent many, many hours creating that data and
    lose all trace of it. It's even worse if it's your own fault.

    Backup the backups. *Test* the backups. Start again.

    The best quote I can think of to reinforce what I'm blathering on about is
    this : "Assume your hard-drive will fail today".

    Regards,

    Gladys.

    --
    Fortune says :

    Instead of getting married again, I'm going to find a woman I don't like and
    give her a house. - Lewis Grizzard.
     
    Gladys Pump, Jan 30, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bobbii
    Replies:
    8
    Views:
    3,923
    Bobbii
    Dec 2, 2004
  2. Guest
    Replies:
    1
    Views:
    390
  3. Goofy
    Replies:
    1
    Views:
    529
    Notan
    Sep 14, 2005
  4. Jim Watt
    Replies:
    0
    Views:
    632
    Jim Watt
    Apr 27, 2008
  5. Snoopy :-))

    Req: Help for Diagnostic Tools & Software TIA

    Snoopy :-)), Oct 5, 2007, in forum: A+ Certification
    Replies:
    3
    Views:
    1,510
    smackedass
    Oct 10, 2007
Loading...

Share This Page