Networking | Programming | Security | Linux | Computer Science | About

Securing the BIOS

The BIOS can be the victim of malicious attacks; for mischievous persons it can also act as the gateway to the rest of the system. Protect it! Or your computer just might not boot. Following are a few ways to do so:

Use a BIOS password

The password that blocks unwanted persons from gaining access to the BIOS is the supervisor password. Don’t confuse it with the user password (or power-on password) employed so that the BIOS can verify a user’s identity before accessing the operating system. Because BIOS passwords are relatively weak compared to other types of passwords, organizations often use one password for the BIOS on every computer in the network; in this scenario, there is all the more reason to change the password at regular intervals. Because most computers’ BIOS password can be cleared by opening the computer (and either removing the battery or changing the BIOS jumper), some organizations opt to use locking cables or a similar locking device that deters a person from opening the computer.

On a semi-related note, many laptops come equipped with drive lock technology; this might simply be referred to as an HDD password. If enabled, it prompts the user to enter a password for the hard drive when the computer is first booted. If the user of the computer doesn’t know the password for the hard drive, the drive locks and the OS does not boot. An 8-digit or similar hard drive ID usually associates the laptop with the hard drive installed. On most systems this password is clear by default, but if the password is set and forgotten, it can usually be reset within the BIOS. Some laptops come with documentation clearly stating the BIOS and drive lock passwords.

Flash the BIOS

Flashing describes the updating of the BIOS. By updating the BIOS to the latest version, you can avoid possible exploits and BIOS errors that might occur. All new motherboards issue at least one new BIOS version within the first six months of the motherboard’s release.

Configure the BIOS

Set up the BIOS to reduce the risk of infiltration. For example, change the BIOS boot order (boot device priority) so that it looks for a hard disk first and not any type of removable media. Also, if a company policy requires it, disable removable media including the floppy drives and eSATA and USB ports.

Published on Thu 22 March 2012 by Lydia Pilkington in Security with tag(s): bios