I was too chicken to try the smart card/ MIGHTY BOLT (lol) feature. The absolutely irrevocable nature of it means they implemented it right though. Trying to secure the windoze login doesn't help. I have this handy little linux boot floppy that has a utility to blank the administrator password in hte registry. Handy administrative tool, that. (Only needed it once so far...)
That's why I haven't used it here. Too chicken However, I think you nailed it when you say they got it right.
Hey. Missed this thread. D'oh! I'm a little confused as to the nature of the smartard reader. I inderstand the PC won't post, but if his brother is such a sneaky so-and-so, would it still be possible for him to take the HD off the mobo and read it as a slave on his own pc? Oh, and RandomMonkley, check this out: SECURITY IS A PLACE CALLED E-BAY Thought you might find it useful. These are a quite tricky to break into
oooooooooooo ive never seen those before!!!!! but ive got a Antec plusview1000 server case, its quite big doubt it would fit!!
Soz WireFrame ill tell you my little story of woe, lol........... Basically im making effectivly a file server.... which will contain all the setup cds etc.... but because we own a Bed and Breakfast theres always different people coming into our house...... What im afraid of is people nickin all my data, or using my computer..... What i planned to do was totally secure the thing so that nobody could use it, its going to be bolted to the desk, which will be an a** to take away. And then i have my little brother who is a sneaky little bum, and i dont want any unauthrorised access to the unit.... this would mean i didnt want the bios overriden, such as bios passwords ect..... Windows passwords are a sinch to get past anyway, and my brother is a computer boffin. knows all the tricks We came up with the conclusion that maybe using a smart card would be good, because the system couldnt even be posted without the card being inserted this would be perfect
To minimize the possability of the hdd being removed, use security screws to attach the case and stash the security screw driver somewhere safe.
I was too lazy to read the entire post, but see if you can get an authenekey from www.authenex.com. then write something in your autoexec or your boot loader for xp that says "hey key are you there?" - "yep" - "which key are you" - "ascx123123gh123h1" - "sweet ass! its windows time!!!"
That's pretty much what this Soyo smart card thing is, except it works on the bios level instead of the os.
well just catch the topic today, read all the posts... well you have a real problem there... to have a pc totally secure is VERY difficult... but and if there was no PC? what i'm thinking about is something like a hidden PC, for example you put you computer on a wardrobe (thats a stranger place to put a computer), or something, the problem is that you need to get the cables to here some way it can't be seen... Well this is just a idea I just had.
Another option would be to use a removeable hard drive rack. Just remove the drive when you are not using it. But the smart card would be easier, but not cheaper. What kind of screws are these? Torx or something different?
is it possible to run a computer without a power switch at all? (or must just use a jumper thing instead of a switch). if so, since you said it's gonna be a file server, you could install a wake on lan nic card and the only way to turn it on would be through another computer on your network.........
you would have to make a momentary jumper... it connects for a second and disconnects. On shutdown it will connect for 5 seconds to turn it off.
this is more passive but for like 100 $ you can get an Ok security cam and vcr or something... then you got proof. I would just duct tape my computer wickedly then even if they got in I would know...
You could use a magnetic type switch (they are a bit pricey I think) and a small 1cm disk magnet on the side of the case (furthest away from magnetically sensitive elctronics.
Auto tracking mini-orbital lance, set to motion track, with a warning on the door. Btw what's really on the drive that he wants so bad?
The recurring feature of this thread is, computer security is all well and good but if someone has physical access to the computer, and they are good enough, they can access the computer. All you can do is hope to stay one step ahead. padlocks are fine untill your bro/intruder learns to pick locks. Most software security is, as people have said, bypassed relativly easily. Most hardware security is strong untill a work around is found. The card idea is good but as you said he could remove the HD. I think at one stage samsung made a "secure" laptop. If I remember correctly it had a fingerprint scanner and a seperate hardware keypad to turn the hard disc on. Again I am sure that both of these could be bypassed but if you keep raising the stakes he should eventually decide it is not worth it.... OTOH you could just get him his own computer Rod
mmm how to stop ANYONE getting at your computer... is v hard as many people have said... my vote goes for putting your pc inside a gun cabinate with lots of 'You can take my gun from my cold dead fingers' 'Guns dont kill people, I do' type bumper stickers all over it, stick a bunch of 140 dB alarms set to a door switch (with a kill switch hidden round back) and may be some smoke granades and flash bangs just to really put them off..... or as other people have mentined, if its a file server go for wireless, hide it under the floor boards with no visable wires going to it. Oh and just to keep him occupied get another case that just has your rf transmitters in for mouse and keyboard and monitor (actually not sure if you can get them for monitors) then weld it closed.... if nothing else it will keep him distr\acted for a while or you are REALLY adventurous build a hidden james bond type office, where you bed turns over in to a desk etc, but if you do that you also have to have a glowing world map on the wall for no apparenty reason