Hacker News new | past | comments | ask | show | jobs | submit login

"Use a bios password" ... and don't reboot your server when running in a remote server room?



You should use a bios password to stop bios settings being changed. I doubt they mean at boot.


Security recommendations must be understood and modified (even ignored) as the environment requires.

If you're in an environment where security is very important, then having to send someone on-site to reboot a server may be reasonable. Or maybe your data center is staffed. Or maybe you have an IP-KVM, so you can access the console remotely.

Alternatively, most BIOSes I've seen have both a supervisor and user password, or similar: one disallows access to the BIOS setup, the other restricts booting. You could set only the one that disallows setup access.


KVM over IP. Type your BIOS password right in.


Thanks! I did not know about this. But doesn't this create extra security issues?


Yes, you do have to take the KVM over IP device's security into account, like any other remote service you expose. It's the same set of problems you face with securing your other encrypted remote login (SSH) with similar solutions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: