| |
Floppy boot protection.
“Floppy boot protection” prevents a computer from being
started from a diskette, with subsequent access to the hard disk. It is one of the fundamental elements in a security system.
If
drive C: can be accessed after booting from a diskette, this represents a gaping hole in your security.
One
common misconception is that the BIOS can provide security. Most modern computers
allow the user to configure the BIOS so that the computer cannot be started
from drive A:. This feature only lasts as long as the computer's internal battery. If the power supply to the BIOS chip is interrupted,
all your settings are lost, and the BIOS will use its
default values the next time it starts. Furthermore, it
remains possible simply to move the hard disk to another computer whose BIOS
settings do allow drive A: booting. The master boot
sector is made up of a program and data. FDISK stores a standard
program, while the data varies according to how the hard disk is partitioned.
Some users allocate all disk space to drive C:, while others subdivide
the space into drives C: and D:. A program offering
‘Floppy boot protection’ must replace the Master Boot Program
with its own program, and encrypt the partition data. This prevents access
to the hard disk after an attempt is made to start the computer from a boot
diskette. When a boot diskette is used, only the following message is displayed:
Invalid drive C: A
large number of programs read partition data directly from the Master Boot Sector. The programs must be able to continue doing this even
with ‘Floppy boot protection’ installed. Most
access control programs are able to handle this situation. A good floppy boot protection system should also provide a
security function that prevents the hard disk from
being moved to another computer.
Security FAQ
Windows Privacy Tools - http//www.privacywindows.com
| |
