Prevent Boot From CD or Floppy

Posted on 2003-03-01
Medium Priority
Last Modified: 2010-04-11
I want to disallow booting from floppy or CD, is there a way to preventing  booting from a floppy or a CD apart from in the BIOS.  There are BIOS password cracking tools that will crack passwords and allow an intruder to gain access to the BIOS and alter the boot sequence.
Question by:abacosis

Expert Comment

ID: 8048186


you can disable the floppy in the bios and the cd-rom in the bios to.

Also you can disconnect the IDE cables from the drives to stop anyone trying to get access.

Better to remove access physically


Expert Comment

ID: 8048372
If you do leave the drive in the machine, you will also need to prevent the OS's bootloader from allowing someone at the console to boot from one of those devices.

How to do this depends on your operating system (and may be a non-issue on some).

I agree with motherboard, if you don't need the drives in there, take them out.

Author Comment

ID: 8048604
motherboard: Hehehehhehe :-) nice suggestion .. but I need access to the floppy and CD-ROM after the OS (win2k) boots up :-) ... wish I didn't need access to those things then I could just remove floppy and CD-ROM
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

LVL 51

Expert Comment

ID: 8048746
use another bootloader like lilo or grub, both have the possibility to use it's own password for each boot image

Author Comment

ID: 8049145
ahoffman: Tried lilo and set a password on the floppy image.

The bios password was cracked and the boot sequence changed to floppy ...

which caused the machine to boot from floppy first, since Lilo is loaded after the checks in the Bios, which includes boot sequence
LVL 51

Expert Comment

ID: 8049203
just put lilo on floppy, no bootloader on disk
then boot from this floppy always
This is security by obscurity, but otherwise you need physical protection of floppy and CD

Expert Comment

ID: 8050157
try changing your hardware profiles for the machine in win 2k. you can have 1 that will not use the cd rom and floppy or the one you currently have now.all you have to do is change them or it.

Expert Comment

ID: 8050810
If all the above don't help, I suggest you should get a motherboard with features to disable access to the BIOS through hardware jumper settings in the motherboard.

Author Comment

ID: 8052441
Thanks for your comments all you guys

But I guess there probably is no solution ...

Or maybe I could write a BIOS virus that will do the trick .. hehhehehe
LVL 33

Accepted Solution

Dave Howe earned 225 total points
ID: 8056217
Depending on how much money you wish to spend, you could try this.

1) verify your bios can't boot from usb devices
2) remove the current cdrom and floppy, replacing them with either usb cdrom/floppy connected internally to a usb port or board, or externals of the same type that you plug in at need. you could take the opportunity to upgrade to a superfloppy (100mb) and dvd while you are there.


replace the CDR with a "caddy" based swappable drive bay; that way your CDR bay can also be a removable hard drive and/or a superfloppy.

However, if you are facing someone who can crack the bios passwords, there is no stopping him from booting your HD somehow. perhaps a different approach might help - you could *encrypt* the hard drive using DriveCrypt Pluspack; that way, you have to type a cryptographically-secure (ie, uncrackable) password on boot or the hard drive is unreadable; it won't matter then what you boot from :)

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

A basic introduction to Website Security and the absolute minimal steps that anyone should take in order to protect against hostile intrusions. This is offered as a guide to getting started, not an exhaustive list of all precautions. Enjoy...
A discussion about Penetration Testing and the Tools used to help achieve this important task.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question