[ale] SSH attempts

Rich Faulkner rfaulkner at 34thprs.org
Mon Sep 19 13:58:10 EDT 2011


I believe my ASUS A8N has a Phoenix BIOS that has this type of
functionality.  Our IBM chassis at XMSR had the same types of features.
BIOS level lock-out of boot access to specific devices is definitely a
handy tool to have.  Physical security of systems under lock and key is
vital.  Controlled access into server rooms and even access to the place
of business is also key.  At XM Satellite Radio we had controlled access
into all of the buildings, controlled access to the floors and
controlled access into engineering spaces.  The only problem is they
never change their passwords....go fig.....


On Mon, 2011-09-19 at 13:00 -0400, Michael B. Trausch wrote:

> On Mon, 2011-09-19 at 12:56 -0400, Bob Toxen wrote:
> > On Mon, Sep 19, 2011 at 12:30:45PM -0400, Michael B. Trausch wrote:
> > > On Mon, 2011-09-19 at 12:10 -0400, Bob Toxen wrote:
> > > > This is why it is critical to have both a bootloader (grub or
> > lilo)
> > > > password and also a BIOS password.  They can be set so that the
> > > > password is needed ONLY when booting other than the default device
> > > > (BIOS) or default kernel environment (bootloader). 
> > 
> > > I have seen that functionality in a bootloader, but never before in
> > a
> > > BIOS.  What systems come with a BIOS that has that feature, do you
> > know?
> > > That would be a nice feature to have.  Then again, I'm not sure that
> > it
> > > would matter: physical access means that you can wipe the BIOS
> > password,
> > > and then we're back at square one, being able to pwn the box.
> > EVERY i86 BIOS I have seen has this feature.  Boot into the BIOS and
> > go through the screens looking for an option to set the password,
> > sometimes called the "supervisor password".  Just don't forget it.
> > (Yes, it can be erased by those who know how.) 
> 
> On my systems, this simply prevents entering the BIOS.
> 
> It does not disable or password-protect the boot list feature, however.
> So, I'd still be interested if you know a BIOS that does that.
> 
> (I'd also be interested if you know about a secure BIOS that doesn't
> have the "feature" of being able to have its password wiped in 45
> seconds...)
> 
> 	--- Mike
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110919/18564e9d/attachment.html 


More information about the Ale mailing list