Homepage
Forum
Drivers
HMM
MTM
Feed
i would like some help setting up my bios for securtiy.
i went to the bios -- but that is where i got lost.
i looked around for instructions - nothing. i know there is something i just cannot find it.
thanks
setting up bios security for t61
setting up bios security for t61
WinXP Pro T61 Intel Core Duo@2.5Ghz, 4Ghz Ram, Apricorn 100Gigs USB External Hard Drive.
Well, there are few things you can do in the BIOS. The first is to set passwords. You have three different types of passwords to deal with:
1) Power-on: This is going to show up immediately after you power on the computer and prevent it from continuing to boot unless the correct password is entered. This password is fairly easy to remove for someone with a little motivation and knowledge.
2) Hard disk: This will prevent the hard disk from being accessed after power on unless the correct password is entered (otherwise it basically reads as all zeros). This will also prevent a boot disk (e.g. recovery disk, liveCD with password cracking utilities, etc.) from loading. Note: This does not encrypt or hide files on the disk, which is ok because the hard disk pw prevents the drive from even being accessed. The password will go with the drive (it's embedded into a chip in the drive itself), meaning that if the drive were stolen and placed in another machine, the hard drive would still need a password (even if the thief didn't have the option turned on his BIOS). Basically, you'll have to disassemble the drive to even begin to reset the password. I believe with some drives you can wipe the drive and then reset the password, but I'm not sure which drives.
3) Supervisor password (sometimes called a BIOS pw): The highest level password. If set, it will prevent the BIOS from being modified. Also, entering this password will allow you to change the hard disk and power on passwords. NOTE: Once set this password cannot be reset or recovered (although some companies claim they can for a fee with the use of proprietary software). The usual solution for dealing with a lost supervisor password is a complete replacement of the motherboard (read, not cheap!) which is usually not covered under warranty.
In my opinion, a combination of the power on and hard disk password will stop 99% of people (aka your common thief). The supervisor password makes some people a little nervous as it can't be reset or recovered, and we all know how easy it is to forget passwords. You'll have to use your judgement on that one. One thing to consider: setting the supervisor password not only prevents others from changing the BIOS, it prevents other from setting the supervisor password (there are horror stories of coworkers setting a supervisor pw to gibberish as a joke and then the laptop is basically a doorstop).
Other options:
User/User+Master
The hard disk password has two options: user-only and user+master. As I understand them, the user-only option allows a user to set a hard disk password and the user+master option allows someone like a sys. admin. to change the hard disk password if the user has forgotten it. With either option set the hard disk will require a password. For normal operation you can probably just do the user-only (I think there is an option that you can set so that user and master are the same, which is convenient but not as secure....and I may be incorrect about this option).
R&R
There is also the Rescue & Recovery password you can set to protect any backups you make using R&R.
Password/Passphrase
Basically this option lets change the flexibility of your password. The password option limits the password to 7 or 8 regular ASCII characters and is case insensitive. The passphrase options lets you use up to 64 (I think) characters and you have more options on the type of characters you can use (e.g. punctuation).]
Fingerprint reader
I forget where to set this option, but you can enable the fingerprint reader to work on boot. All this does is just use your fingerprint to submit the password (hard-disk or power-on) you've entered. More a convenience than security.
I think that basically sums up the password options you can set. It may seem like a lot but it really isn't too hard. I would say set a power on and hard disk password (user-only) to start with and see how you like it. I would recommend you set the supervisor as well, but write down the password and store it somewhere safe.
1) Power-on: This is going to show up immediately after you power on the computer and prevent it from continuing to boot unless the correct password is entered. This password is fairly easy to remove for someone with a little motivation and knowledge.
2) Hard disk: This will prevent the hard disk from being accessed after power on unless the correct password is entered (otherwise it basically reads as all zeros). This will also prevent a boot disk (e.g. recovery disk, liveCD with password cracking utilities, etc.) from loading. Note: This does not encrypt or hide files on the disk, which is ok because the hard disk pw prevents the drive from even being accessed. The password will go with the drive (it's embedded into a chip in the drive itself), meaning that if the drive were stolen and placed in another machine, the hard drive would still need a password (even if the thief didn't have the option turned on his BIOS). Basically, you'll have to disassemble the drive to even begin to reset the password. I believe with some drives you can wipe the drive and then reset the password, but I'm not sure which drives.
3) Supervisor password (sometimes called a BIOS pw): The highest level password. If set, it will prevent the BIOS from being modified. Also, entering this password will allow you to change the hard disk and power on passwords. NOTE: Once set this password cannot be reset or recovered (although some companies claim they can for a fee with the use of proprietary software). The usual solution for dealing with a lost supervisor password is a complete replacement of the motherboard (read, not cheap!) which is usually not covered under warranty.
In my opinion, a combination of the power on and hard disk password will stop 99% of people (aka your common thief). The supervisor password makes some people a little nervous as it can't be reset or recovered, and we all know how easy it is to forget passwords. You'll have to use your judgement on that one. One thing to consider: setting the supervisor password not only prevents others from changing the BIOS, it prevents other from setting the supervisor password (there are horror stories of coworkers setting a supervisor pw to gibberish as a joke and then the laptop is basically a doorstop).
Other options:
User/User+Master
The hard disk password has two options: user-only and user+master. As I understand them, the user-only option allows a user to set a hard disk password and the user+master option allows someone like a sys. admin. to change the hard disk password if the user has forgotten it. With either option set the hard disk will require a password. For normal operation you can probably just do the user-only (I think there is an option that you can set so that user and master are the same, which is convenient but not as secure....and I may be incorrect about this option).
R&R
There is also the Rescue & Recovery password you can set to protect any backups you make using R&R.
Password/Passphrase
Basically this option lets change the flexibility of your password. The password option limits the password to 7 or 8 regular ASCII characters and is case insensitive. The passphrase options lets you use up to 64 (I think) characters and you have more options on the type of characters you can use (e.g. punctuation).]
Fingerprint reader
I forget where to set this option, but you can enable the fingerprint reader to work on boot. All this does is just use your fingerprint to submit the password (hard-disk or power-on) you've entered. More a convenience than security.
I think that basically sums up the password options you can set. It may seem like a lot but it really isn't too hard. I would say set a power on and hard disk password (user-only) to start with and see how you like it. I would recommend you set the supervisor as well, but write down the password and store it somewhere safe.
W510: i7-820QM / 8GB 1066 RAM/ 1 GB NVIDIA Quadro FX 880M / 500GB 7200rpm / 15.6" HD 1080 / Arch Linux
I used to have CSS and both power-on and hdd passwords. However, after thinking long and hard, I realized that CSS was slowing down my computer, so I uninstalled it and only left the other two passwords. I still feel secure and the computer is faster.
I think that, like superego said (not that I am an expert), it's probably enough for most users, unless you have some very private data or national security stuff in our computer.
I think that, like superego said (not that I am an expert), it's probably enough for most users, unless you have some very private data or national security stuff in our computer.
X201 Pentium, 4 GB RAM, 320GB 7200RPM
T410 Core i5, 4 GB RAM, 500GB 7200RPM
X230 Core i5, 4 GB RAM, 500GB 7200RPM
T410 Core i5, 4 GB RAM, 500GB 7200RPM
X230 Core i5, 4 GB RAM, 500GB 7200RPM
-
- Similar Topics
- Replies
- Views
- Last post
-
-
How can I tell if my T60 running BIOS 2.27 already has the Zender SLIC2.1 no-whitelist BIOS?
by Muse » Fri Apr 21, 2017 2:42 pm » in ThinkPad T6x Series - 4 Replies
- 827 Views
-
Last post by axur-delmeria
Sun Apr 23, 2017 11:47 am
-
-
-
safe to flash T500 7VET94WW bios with whitelist bios for 6FET92WW
by TPFanatic » Wed Apr 26, 2017 7:35 pm » in ThinkPad T400/410/420 and T500/510/520 Series - 4 Replies
- 771 Views
-
Last post by TPFanatic
Thu Apr 27, 2017 6:28 pm
-
-
-
Recommendation for Wifi Card for T61 with Middleton bios?
by Akimitsui » Tue Apr 25, 2017 9:36 pm » in ThinkPad T6x Series - 3 Replies
- 741 Views
-
Last post by Akimitsui
Thu Apr 27, 2017 12:38 am
-
-
-
(Company + Individuals): Strategies to Mitigate Cyber Security Incidents
by RealBlackStuff » Tue Feb 07, 2017 9:40 am » in ** HOW TOs & FAQs ** - 1 Replies
- 752 Views
-
Last post by Digitalhorizons
Tue Feb 07, 2017 1:39 pm
-
Who is online
Users browsing this forum: No registered users and 12 guests