Jump to content
|Topic||Stats||Last action by|
|Galaxy S5 sold 40 percent fewer units than Samsung predicted: WSJ||
|Obama Immigration Question!||
|Obama Is Damaging Hillary’s Chances||
|Formula 1 World Championship 2014 Season Discussion||
Posted 25 January 2013 - 17:33
Posted 25 January 2013 - 17:57
Posted 25 January 2013 - 18:52
Posted 25 January 2013 - 19:13
Posted 25 January 2013 - 19:23
Depends what the actual story is, which the OP barely gave details on. What I described helps mitigate. (BTW, you responded to my original message prior to a bit of editing)
To prevent offline attacks, the only real "solution" is to manage the machines with BitLocker, a TPM, and Network Unlock.
A BIOS System password is only effect against "some" computers with properly designed firmware. A large majority that I've encountered do not block the F12 (or equivalent) firmware/BIOS boot menus even if a System password is present, including some of Dell's business line machines. Only some actually require authentication if a system password is present. I have some Precision workstations that do intrusion detection great, but only a BIOS user password will prevent a user from calling on the boot menu (and of course block them from using the computer at all without support). I don't believe any vendor is 100% consistent across their motherboard models when it comes to securing its BIOS/Firmware boot menu.
Also, when properly managed, "BitLocker+TPM+Network Unlock" is the better solution than any firmware block or physical lockdown because it requires the end user actually have technical skills. They need to have successful online attacks before an offline attack becomes possible. At this point most failures will be the result of desktop mismanagement.
Obviously it’s a bit trickier on mobile systems, as Network Unlock likely becomes impossible and you have to replace it with +PIN/+USB.
Posted 25 January 2013 - 19:26
Posted 25 January 2013 - 19:41
Posted 25 January 2013 - 19:48
Posted 25 January 2013 - 20:46
A firmware password would be used to stop the booting off of cd/dvd so they cant boot up a password change dvd
Posted 25 January 2013 - 22:18
Posted 25 January 2013 - 23:29
Posted 26 January 2013 - 00:01
Posted 28 January 2013 - 14:44
Posted 29 January 2013 - 21:50
Posted 29 January 2013 - 22:09