How to break into a computer that is right at your fingertips

In this excerpt from Chapter 5 of The Little Black Book of Computer Security, author Joel Dubin illustrates the ease with which a hacker can bypass a BIOS password and break into a computer.

The essential tools for the physical hacker are the following:

• Phillips screwdriver
• KNOPPIX CD
• KNOPPIX boot floppy disk
• USB key (at least 256 MB)

To bypass a BIOS password, an attacker can use any of the following methods (screwdriver required):

• Removing the hard drive from the computer and placing it in another computer that has an accessible BIOS

• Moving the appropriate jumper on the motherboard to reset the BIOS settings to the factory defaults (if the jumper exists on that particular motherboard)

• Removing the CMOS battery from the motherboard and then putting it back in, which resets the BIOS settings to the factory defaults

If the BIOS is not password protected, the attacker doesn't even need a screwdriver. He or she can hack into a Windows- or Linux-based computer by using only two items: a KNOPPIX CD and a USB key. KNOPPIX is a Linux distribution that is available for free at knoppix.com and that can be burned onto a single CD. The attacker can boot KNOPPIX from the CD and then copy everything from the hard drive to the USB key. (If the BIOS has been set to disallow booting from the CD drive, the attacker needs only one additional item: a KNOPPIX boot floppy disk, which is available from the same site as the KNOPPIX CD.)

When finished, all the attacker needs to do is remove the KNOPPIX CD, the USB key, and the KNOPPIX boot floppy disk (if used) and then restart the computer. Windows or Linux will start, and no evidence that anyone ever tampered with the system will exist.

Read Chapter 5, Take care of physical security, to learn how to protect your desktops.

BROWSE BY TAG Password Management and Policy,   Enterprise Identity and Access Management,   Identity Management Technology and Strategy,   Alternative OS security: Mac, Linux, Unix, etc.,   Application and Platform Security,   Operating System Security,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Password Management and Policy Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Privileged account management critical to data security Making the case for enterprise IAM centralized access control How to prevent brute force webmail attacks Best practices for a privileged access policy to secure user accounts Mature SIMs do more than log aggregation and correlation PCI compliance requirement 2: Defaults Alternative OS security: Mac, Linux, Unix, etc. Machiavelli Mac OS X rootkit unveiled at Black Hat How secure is 'Platform as a Service (PaaS)?' Security comparison: Mac OS X vs. Windows Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary graphical password  (SearchSecurity.com) identity chaos  (SearchSecurity.com) logon  (SearchSecurity.com) masquerade  (SearchSecurity.com) OpenID  (WhatIs.com) salt  (SearchSecurity.com) session replay  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) TACACS  (SearchSecurity.com) war dialer  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary