Prevent Boot From CD or Floppy

Posted on 2003-03-01
Medium Priority
Last Modified: 2010-04-11
I want to disallow booting from floppy or CD, is there a way to preventing  booting from a floppy or a CD apart from in the BIOS.  There are BIOS password cracking tools that will crack passwords and allow an intruder to gain access to the BIOS and alter the boot sequence.
Question by:abacosis
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8048186


you can disable the floppy in the bios and the cd-rom in the bios to.

Also you can disconnect the IDE cables from the drives to stop anyone trying to get access.

Better to remove access physically


Expert Comment

ID: 8048372
If you do leave the drive in the machine, you will also need to prevent the OS's bootloader from allowing someone at the console to boot from one of those devices.

How to do this depends on your operating system (and may be a non-issue on some).

I agree with motherboard, if you don't need the drives in there, take them out.

Author Comment

ID: 8048604
motherboard: Hehehehhehe :-) nice suggestion .. but I need access to the floppy and CD-ROM after the OS (win2k) boots up :-) ... wish I didn't need access to those things then I could just remove floppy and CD-ROM
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

LVL 51

Expert Comment

ID: 8048746
use another bootloader like lilo or grub, both have the possibility to use it's own password for each boot image

Author Comment

ID: 8049145
ahoffman: Tried lilo and set a password on the floppy image.

The bios password was cracked and the boot sequence changed to floppy ...

which caused the machine to boot from floppy first, since Lilo is loaded after the checks in the Bios, which includes boot sequence
LVL 51

Expert Comment

ID: 8049203
just put lilo on floppy, no bootloader on disk
then boot from this floppy always
This is security by obscurity, but otherwise you need physical protection of floppy and CD

Expert Comment

ID: 8050157
try changing your hardware profiles for the machine in win 2k. you can have 1 that will not use the cd rom and floppy or the one you currently have now.all you have to do is change them or it.

Expert Comment

ID: 8050810
If all the above don't help, I suggest you should get a motherboard with features to disable access to the BIOS through hardware jumper settings in the motherboard.

Author Comment

ID: 8052441
Thanks for your comments all you guys

But I guess there probably is no solution ...

Or maybe I could write a BIOS virus that will do the trick .. hehhehehe
LVL 33

Accepted Solution

Dave Howe earned 225 total points
ID: 8056217
Depending on how much money you wish to spend, you could try this.

1) verify your bios can't boot from usb devices
2) remove the current cdrom and floppy, replacing them with either usb cdrom/floppy connected internally to a usb port or board, or externals of the same type that you plug in at need. you could take the opportunity to upgrade to a superfloppy (100mb) and dvd while you are there.


replace the CDR with a "caddy" based swappable drive bay; that way your CDR bay can also be a removable hard drive and/or a superfloppy.

However, if you are facing someone who can crack the bios passwords, there is no stopping him from booting your HD somehow. perhaps a different approach might help - you could *encrypt* the hard drive using DriveCrypt Pluspack; that way, you have to type a cryptographically-secure (ie, uncrackable) password on boot or the hard drive is unreadable; it won't matter then what you boot from :)

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question