Easy Server Security?

[lumpusmaximus]

The first line of defense for server security is physical access. If that is breached, someone can just drop in a boot CD and not have to worry about passwords. This sounds so simple, is there something Im missing? Just change the boot order in the BIOS so the hard disk is first then password protect the BIOS.

 

[58sniper]

Password protecting the BIOS brings up some other problems as well, such as remote rebooting of the server.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[jshurst]

Encrypt the entire drive?

BTW, if someone boots from a Live CD (like a linux cd) and your drive isn't encrypted then yes, they can mount the hard drive and look at whatever they want.

We have drive encryption on our laptop hard drives, but I also run into reboot problems. The drive decryption login comes up before anything else, so you can't remote into it, you must by physically at your computer so you can type in the password (surely there is some way to get around this though ;-) )

J

 

[58sniper]

Yep, we bitlock all laptop drives with a pin, and I bitlock all workstations without a pin, and also bitlock all USB drives, including thumbdrives. Gotta be careful these days.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[lumpusmaximus]

I new there must be a reason this wouldnt work - remove the CMOS battery and the BIOS is reset to factory defaults.