[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Disable Booting from USB or CD When BIOS Doesn't Offer Option

Posted on 2010-09-15
16
Medium Priority
?
981 Views
Last Modified: 2013-11-09
Hi folks!

We have a large number of workstations in our organization that I have just discovered do not, apparently, have an option in the BIOS to disable booting from devices such as USB flash drives, floppy drives, or CD/DVD drives. You can take the devices out of the default boot order so that they are not tried automatically, but anyone can hit F11 to access the boot menu during start up and manually pick one, introducing several security risks.

The PC's in question are all Systemax PC's using the AMI BIOS v.2.061.

The users of these PC's absolutely must have the ability to use CD's and DVD's, as well as flash drives, in the computers, so simply removing or disabling the devices altogether is not an option.

Is there any way at all to prevent booting from devices other than the hard drive if the BIOS does not offer such an option?

Thanks!

- Ithizar
0
Comment
Question by:Ithizar
  • 5
  • 2
  • 2
  • +3
12 Comments
 
LVL 3

Expert Comment

by:Nyradel
ID: 33686081
Are you able to disable the startup prompt in the bios and password protect it?
0
 
LVL 9

Expert Comment

by:ken2421
ID: 33686282
Set the hard drive in bios to first boot device and password the bios.

Ken
0
 

Author Comment

by:Ithizar
ID: 33692147
Even with the hard drive set as the first boot device, the BIOS offers the option to press F11 during the startup process to access a boot menu, which then lets you choose any boot device you want. There is no option in the BIOS that I can find to disable the ability to access that boot menu.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 7

Expert Comment

by:harryhelp
ID: 33704939
Have you enabled any supervisor password available?
0
 

Author Comment

by:Ithizar
ID: 33705338
The only password options are either an admin password, which only prevents you from entering the BIOS setup, or to require a password on all startups, even startups from the hard drive.
0
 
LVL 7

Expert Comment

by:harryhelp
ID: 33705362
The only thing I can think of is speaking to Systemax, or looking for a BIOS update.
0
 

Author Comment

by:Ithizar
ID: 33705640
I've tried updating to the latest version of the AMI BIOS and, unfortunately, it didn't add the option. I guess we can try contacting Systemax or MSI (the motherboard manufacturer). I was hoping maybe there was some option I wasn't thinking of.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 33706225
Ithizar--From http://discussions.virtualdr.com/showthread.php?t=233730
"The option to disable booting from the USB device was present in the Bios, but it only appeared when the device itself was connected to the PC."
0
 

Author Comment

by:Ithizar
ID: 33719084
That may apply to USB flash drives, but the floppy drive and CD-ROM drive are always present, and there is no option to prevent booting from them that I can find.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 33719495
Ithizar--Well, at least I got one out of three. :)
0
 
LVL 10

Accepted Solution

by:
Prester John earned 2000 total points
ID: 33733965
The boot process is handled by the BIOS before anything else is loaded.

If there are no options in your current BIOS for regulating the boot options for CD/DVD or floppy then the only real option is to contact the motherboard manufacturer about a "security version" of the BIOS that has the option(s) to turn off/on booting from various hardware.

It's doubtful that this version exists, but it appears to be your only option with this motherboard.


0
 

Author Comment

by:Ithizar
ID: 33735386
That's kinda what I feared. Thanks everyone for your help!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question