[ale] SSH attempts
Greg Clifton
gccfof5 at gmail.com
Mon Sep 19 14:12:17 EDT 2011
Most commodity/desktop boards (& laptops) these days have a function key
(generally F5 or F8, IIRC) that allows you to select an alternate boot
device which IS inclusive of USB devices. Now whether [Supermicro] server
motherboards support a complete BIOS lockout I'll have to check on next
server I build at work. Interesting question!
Regarding BIOSes, Pheonix/Award are united these days so that pretty much
limits us to AMI and Phoenix. I don't know for a fact but suspect that one
or the other of these develop BIOSes for all but perhaps Intel and maybe HP
& Dell.
On Mon, Sep 19, 2011 at 1:58 PM, Rich Faulkner <rfaulkner at 34thprs.org>wrote:
> **
> I believe my ASUS A8N has a Phoenix BIOS that has this type of
> functionality. Our IBM chassis at XMSR had the same types of features.
> BIOS level lock-out of boot access to specific devices is definitely a handy
> tool to have. Physical security of systems under lock and key is vital.
> Controlled access into server rooms and even access to the place of business
> is also key. At XM Satellite Radio we had controlled access into all of the
> buildings, controlled access to the floors and controlled access into
> engineering spaces. The only problem is they never change their
> passwords....go fig.....
>
>
>
> On Mon, 2011-09-19 at 13:00 -0400, Michael B. Trausch wrote:
>
> On Mon, 2011-09-19 at 12:56 -0400, Bob Toxen wrote:
> > On Mon, Sep 19, 2011 at 12:30:45PM -0400, Michael B. Trausch wrote:
> > > On Mon, 2011-09-19 at 12:10 -0400, Bob Toxen wrote:
> > > > This is why it is critical to have both a bootloader (grub or
> > lilo)
> > > > password and also a BIOS password. They can be set so that the
> > > > password is needed ONLY when booting other than the default device
> > > > (BIOS) or default kernel environment (bootloader).
> >
> > > I have seen that functionality in a bootloader, but never before in
> > a
> > > BIOS. What systems come with a BIOS that has that feature, do you
> > know?
> > > That would be a nice feature to have. Then again, I'm not sure that
> > it
> > > would matter: physical access means that you can wipe the BIOS
> > password,
> > > and then we're back at square one, being able to pwn the box.
> > EVERY i86 BIOS I have seen has this feature. Boot into the BIOS and
> > go through the screens looking for an option to set the password,
> > sometimes called the "supervisor password". Just don't forget it.
> > (Yes, it can be erased by those who know how.)
>
> On my systems, this simply prevents entering the BIOS.
>
> It does not disable or password-protect the boot list feature, however.
> So, I'd still be interested if you know a BIOS that does that.
>
> (I'd also be interested if you know about a secure BIOS that doesn't
> have the "feature" of being able to have its password wiped in 45
> seconds...)
>
> --- Mike
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110919/e08c9e62/attachment.html
More information about the Ale
mailing list