Jump to content
|Topic||Stats||Last action by|
|[NSFW] Hatred (Video Game): Is This Too Far?||
|PS4 and Xbox One resolution / frame rate discussion||
|MxNitro 220.127.116.110 Alpha||
|Which city do you live in...||
|Apple Releases iOS 8.1 With Apple Pay Support, SMS Relay, Camera Roll, and More||
Posted 25 January 2013 - 17:33
Posted 25 January 2013 - 17:57
Posted 25 January 2013 - 18:52
Posted 25 January 2013 - 19:13
Posted 25 January 2013 - 19:23
Depends what the actual story is, which the OP barely gave details on. What I described helps mitigate. (BTW, you responded to my original message prior to a bit of editing)
To prevent offline attacks, the only real "solution" is to manage the machines with BitLocker, a TPM, and Network Unlock.
A BIOS System password is only effect against "some" computers with properly designed firmware. A large majority that I've encountered do not block the F12 (or equivalent) firmware/BIOS boot menus even if a System password is present, including some of Dell's business line machines. Only some actually require authentication if a system password is present. I have some Precision workstations that do intrusion detection great, but only a BIOS user password will prevent a user from calling on the boot menu (and of course block them from using the computer at all without support). I don't believe any vendor is 100% consistent across their motherboard models when it comes to securing its BIOS/Firmware boot menu.
Also, when properly managed, "BitLocker+TPM+Network Unlock" is the better solution than any firmware block or physical lockdown because it requires the end user actually have technical skills. They need to have successful online attacks before an offline attack becomes possible. At this point most failures will be the result of desktop mismanagement.
Obviously it’s a bit trickier on mobile systems, as Network Unlock likely becomes impossible and you have to replace it with +PIN/+USB.
Posted 25 January 2013 - 19:26
Posted 25 January 2013 - 19:41
Posted 25 January 2013 - 19:48
Posted 25 January 2013 - 20:46
A firmware password would be used to stop the booting off of cd/dvd so they cant boot up a password change dvd
Posted 25 January 2013 - 22:18
Posted 25 January 2013 - 23:29
Posted 26 January 2013 - 00:01
Posted 28 January 2013 - 14:44
Posted 29 January 2013 - 21:50
Posted 29 January 2013 - 22:09