|
Introduction
|
Once
you have a Windows security program installed and working, you must use some
method to prevent booting from a floppy disk. Ignoring this step can put
your computer at risk of a virus infection, and reduce the effectiveness of
your computer's security. There are a
number of methods to prevent booting from a floppy disk from physical disk
locks to purchased security programs. But the simplest solution is to use
the security that is already built into your computer by enabling the
computer's CMOS security features.
The
CMOS is a storage area on your computer where information is retained even when
the power is turned off. Important information is stored here about your computer,
and is accessed by a special CMOS setup program.
Typically,
pressing the <DEL> key, or another special key sequence is required to
access the CMOS setup program. This key is entered before Windows starts. Watch
your screen carefully when the computer is first turned on for information on
accessing the CMOS setup program (such as "Press F2 to access Setup). You
should consult your computer's manual for specific information on using the
CMOS setup program.
For
Public Access computers you should:
1.
Enable your computer's setup password to prevent someone
from accessing the computer's CMOS settings. An incorrect setting in this
critical area of the computer can make the computer non-operative.
2.
Disable booting from the "A:"
floppy disk drive. This is done by setting your computer's boot sequence. If the
computer cannot be set to boot only from the hard disk, then you should enable
the boot password feature so only
people with the password can start the computer.
|
CMOS Passwords
|
Most
computers provide some type of password protection in the CMOS set up
parameters. This is an effective way to prevent unauthorized booting or
starting of the computer. Once set, a password is required before the computer
will start, either from the hard disk or from a diskette. For example, if
a patron presses the computer's RESET button in an attempt to reboot the
computer, a password will be required.
To
enter a CMOS password, start the CMOS program (check your computer's manual for
instructions), look for a "Security" or "Password" menu
item and enter a password for the computer. Resist the temptation to create an
easy password. Use passwords that are unique to the
computer (don't use passwords used on other computers), and use a combination
of upper and lower-case characters, numbers, and words that can't be easily
guessed by watching the keyboard.
Typically,
two passwords may be set in the CMOS setup - one for booting the computer, and
another to access the CMOS setup parameters. This allows the boot password's
use to start the computer, but prevents using that password to change CMOS
settings, which include the boot password itself; only the CMOS setup password may be
used to change the boot password. Thus, the library staff can have access to
the boot password, but only the administrator has access to the CMOS password.
Note:
Some computers, such as Compaq, only have a power-on password.
Rebooting/restarting the computer without turning off the power first may
bypass the password, rendering the password security useless. In this
case it is important that other means are used to prevent booting from a
diskette, such as setting the boot sequence.
|
Prevent booting from a Floppy Disk
|
An
additional built-in security feature of most computers is the ability to force
the computer to always boot from the hard disk, even if a floppy disk is in the
disk drive. Some purchased security
programs include a feature to "lock the hard disk" or to
"prevent booting from a floppy diskette." Using such software
to lock the hard disk and prevent booting can give a false sense of security.
Typically, purchased security software can provide protection for the hard disk
from access using DOS or Windows, but the computer can still be booted by using
a floppy diskette. This means that a virus could be installed on the hard disk
even with the security software in place.
Use
your computer's built in security to prevent booting from a diskette. You
will need to check your computer's manual on the procedure to do so (as each
computer is different), but typically you can either disable the A:
drive's boot ability, or set the computer's boot sequence from A:-C: to C:-A:,
that is, boot from the hard disk first. It is important that you disable
booting from a floppy diskette to prevent virus infections.
Once
you disable booting from a floppy diskette using the computer's CMOS settings,
make sure you enable either the setup
password or boot
password to prevent someone from accessing the CMOS and enabling booting.
You computer will be unprotected if the computer is booted via the floppy
diskette. If you cannot disable booting
from the floppy diskette drive on your computer, make sure you enable the boot password, and instruct the staff to check the A:
drive for diskettes before entering the password that allows
the computer to boot. This will reduce the chance of a boot virus being
installed from a infected diskette.
There
are other ways of preventing booting from the floppy disk, of course.
Simply locking the computer's box in a locked closet, or using a hardware
diskette lock will work.
|
Warnings
|
Ask
your computer's supplier how to remove the password in the event the password
is lost. Some computers require that you remove a battery or a clock chip,
others that you short out a jumper, flip a switch on the mother board, and on
others you simply press a special key combination. If you need to boot from a floppy disk (for
example to recover from a disk crash) you will need to access the CMOS
setup program to enable booting from diskettes. Remember that there may
be two passwords -- one used to boot the computer, and another to access the
CMOS setup program.
0 Comments