PJML@ibma.nerc-wallingford.ac.uk (Pete Lucas) (04/25/91)
Andrew Turner (<ACT@csc.canberra.edu.au>) asks:- >To minimise and manage virusses at our institution I wish to prevent >PC's being booted off Drive A: and only permit booting off the Hard >Disk. This of course immediately presents a management problem of >what to do if the Hard Disk goes bad and I need to boot off a floppy. >So ideally any solution needs to address this situation. Two >possibilities spring to mind: > >a. Use of a ROM. This would sit in the appropriate address space and be > detected during the BIOS boot. The code would need to at least > prevent floppy boots and desirably check for a floppy with a particular > label and if detected permit the floppy boot. This would overcome the > problem of a clobbered hard disk. > >b. Use of hardware modifications connected to a key switch mounted on > the case which would be used to enable/disable floppy boots. On our > machines the keyboard lock could be used for this purpose. Both these options require modification to the PC. This may mean problems when it comes to getting your machines serviced, or when you want to sell them. Try explaining to the repair-shop or maintenance engineer the modifications you have made, then see him go pale as he wonders if these modifications are the reason for the fault..... A far easier way is what i have done; you can buy floppy-drive locks that simply fit into the drive slot and prevents anyone putting any diskettes in the slot. All you need to remove the thing (when you *need* to boot from or read a floppy) is a twist of the key. You could give 'trusted' users a copy of the key to their PC. These things are also far cheaper than any hardware/BIOS mods. are likely to be. Question is, what are your users going to be better at? Hardware hacking, or lock-picking......? Pete Lucas PJML@UK.AC.NWL.IA G6WBJ@GB7SDN.GBR.EU
padgett%tccslr.dnet@uvs1.orl.mmc.com (A. Padgett Peterson) (04/27/91)
>From: "Pete Lucas" <PJML@ibma.nerc-wallingford.ac.uk> >A far easier way is what i have done; you can buy floppy-drive locks >that simply fit into the drive slot and prevents anyone putting any >diskettes in the slot. If you can make the users use the keylock that is - most BSI infections occur from "accidental" floppy boots, not intruders. A more effective way is to simply unplug the floppy drive. A keylock just keeps unauthorized people out but someone must administrate it.