Click here to Skip to main content
15,867,308 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
Hi to all,

here is my problem:

I'm working in high level security place, every one have physical access to my computer and it is OK if they do that in my OS! however if anyone used CD live OS that would be tragedy for me!
you must know that BIOS password doesn't help me...

how can i program my computer to not booting with CD live OS??? i don't want anyone could boot my PC with CD... how can i do this?

can i log the system? so i can see when someone log in with boot CD???

any suggestion would be helpful.

thanks
best regards

Karim
Posted
Updated 10-Jul-13 8:20am
v2
Comments
Richard MacCutchan 10-Jul-13 13:38pm    
Change the BIOS settings (see the startup display) and disable boot from CD. You will also need to set a password so no one can change the settings.
karimkarimkarim 10-Jul-13 13:47pm    
hi dear Richard, i know that, but there are simple way to aware that, such as removing battery
do you know any way to program it? i mean BIOS programing...
lewax00 10-Jul-13 14:07pm    
Trying to program your own BIOS or editing the existing one is a bad idea. If you make one mistake, your motherboard could be completely bricked. And for something this complex and delicate, if you have to ask how, then you aren't ready to do it. You're better off taking Richard's advice and just changing the settings, which should allow you to do what you want. As far as resetting the BIOS by removing the battery, if someone has physical access to your machine there's nothing you can do to stop them. They could just pull out your hard drive and put it in another computer and do whatever they want to it, same with any other piece of hardware.

If you want a better answer, why do you want to create this restriction? Maybe there's another way to accomplish your goal.
karimkarimkarim 10-Jul-13 14:12pm    
Thanks lewax00 for your time, i think you are right in every thing :)
karimkarimkarim 10-Jul-13 14:21pm    
can i log the system? so i can see when someone log in with boot CD??? i updated my question :)

Idea 1: Put the CD-ROM drive on a second computer and restrict physical access to that computer. It might be easier to prevent booting from network.

Idea 2: Put the CD-ROM drive in a locked enclosure. Only those who have the code or key would be able to use that drive.

Idea 3: Build some electronics to disconnect the drive when the computer is stopped and that is requires a program to run on the computer to reactivate it (maybe some electronics controlled by a serial port).

Idea 4: Copy any CD-ROM as image file (say ISO file) and put them on an hard drive accessible. Install a software to have access to those images. Once all needed images have been copied, you can remove the drive from the computer. Alternatively, you might copy the CD-ROM content instead and access it using file explorer.
 
Share this answer
 
Comments
karimkarimkarim 11-Jul-13 5:17am    
This the best solutions that i found, thanks a lot Philippe
one more question, 3rd idea was my ideal thought, any suggestion or references?
:)
Your "if anyone used CD live OS" and "I'm working in high level security place" seem to be in a striking controversy.

Probably, you are not working in a "high level security place", but you are working in a no-security place where management only pretends they use some security, which is much worse than no security at all.

Of course, not booting a publicly available computer from nothing but it's intended OS installed on the hard drive is a good idea. This is done by "boot options" in BIOS (if this is BIOS-based system, of course) and nowhere else. You can set a password on BIOS setup.

If you apply some elementary logic, you will understand that nothing else can prevent booting up a computer. If your disk is bypassed, how any software installed in this disk could possibly help?!

Even the BIOS protection can be easily overridden, as motherboards have a special jumper used to reset the flash-memory stored data and set factory defaults. How else? Don't you think that such thing as lost password should lead to throwing out of the whole motherboard? People designing motherboard are usually not that stupid.

You can take a completely different route. You can encrypt all your hard drives. In this case, no one can possibly access your data if loaded from a different media. This person could only damage or re-initialize/reformat your drives, but cannot access your drives leaving you unaware of that.

—SA
 
Share this answer
 
Comments
lewax00 10-Jul-13 14:47pm    
Encrypting the hard drive is no good if the user in question has the key of course. It's awfully difficult to secure a computer from it's primary user (if that is the asker's goal).
Sergey Alexandrovich Kryukov 10-Jul-13 14:56pm    
Of course. Good point.
—SA
Manfred Rudolf Bihy 10-Jul-13 14:54pm    
Agreed, drive encryption is probably the best way to go in this scenario. The place I work at uses BitLocker for drive encryption, but there should be others as well out there.
Cheers!
Sergey Alexandrovich Kryukov 10-Jul-13 14:55pm    
Sure. Thank you, Manfred.
—SA
karimkarimkarim 10-Jul-13 16:02pm    
dear Sergey,

USB is hardware blocked and removing CD drive is not a option!
It's hard to explain my job, I'd say that my job is secured but my PC is not!
However, even log time and date of boot from CD is most helpful.
thanks for your concern and attention.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900