Securing Trust - Compaq d330 - Desktop PC Manual

Thus, both the administrator and the user must trust the platform to be secure. The HP BIOS security
features work equally well to assure trust in the platform for both the user and the administrator. The
following table lists possible attacks on a computer and how the HP BIOS security features help
protect the system.
Computer Attacks
Attack
Subversion of OS security by booting
rogue OS.
Removal of Sensitive Data
Removal of hardware devices
Computer startup by unauthorized users
Virus threats on Master Boot Record
Attacks on BIOS Settings
Flash of rogue computer BIOS image

Securing trust

Each time the user turns on the computer, they need to know that the computer will function
predictably and reliably. The user also needs to know that no one has tampered with their sensitive
data. The system administrator wants to be assured that unauthorized changes are not made to the
computer configuration, even by individuals with user authorization.
The installed operating system (OS) probably provides some security functions designed for this
purpose, but is this enough? The installed operating system (OS) probably provides some security
functions designed for this purpose, but, as the next section describes, this is not enough.
BIOS Enabled Security Features
Removable media boot disable.
Network Service Boot —> Boot Source
Network Service Boot —> Disable
Boot Order —> Device Disable
DriveLock (for MultiBay HDD)
IDE/SATA controller —> Disable
USB port —> Disable
Power-on Password
I/O port —> disable
IDE/SATA controller —> Disable
DriveLock (for MultiBay HDD)
Diskette Write Protect
TPM support
Hoodlock Control
Power-on Password
User Smart Card
MBR Security
Setup Password
Administrator Smart Card
Setup Password
Administrator Smart Card
8