Protecting BIOS - first step toward security!

Protecting BIOS

Your computers BIOS (Basic Input/Output System) is the first program that is run when your computer starts. You can tell the BIOS to ask for a password when it starts, thus restricting access to your computer to anyone that does not know it.

BIOS password will prevent people from making changes to your BIOS settings. In BIOS you can define the boot order of hardware. This means you tell the computer to look for bootable data in a certain order (e.g. USB -> DVD -> HDD). After our Operating System of choice Debian is installed we want to only allow it to boot from hard disk and disallow booting from USB or DVD. Removing USB and DVD from the boot order will also speed up the boot process of your computer since he will not be checking these devices for bootable media.

BIOS password

Setting up BIOS password is a good security practice since it takes very little time to set up and it might stop an attacker as he will need a certain amount of time to get past the BIOS password.

To enter the BIOS setup program, also called CMOS setup: Turn on or reboot your computer. The screen will display a series of diagnostics and a memory check, press Delete, Esc, F1, or another key or key combination to enter the BIOS setup utility, you can always consult your motherboard manual for specifics.

When you do hit the right key at the right time, you’ll see a menu screen something like this:

 

BIOS screen

Once in the program, look for a security or password section;

Simply follow the on-screen prompts, enter the password (most BIOS’s are limited to eight characters).

Also while you are at it make sure to disable boot for any media other than your harddrive these settings are usually located under boot menu, save the new settings, and restart the system.

Now navigate back to the main menu and select SAVE & EXIT SETUP.

bios saving settings

bios saving settings

 

BIOS screen save & exit

Your machine will then reboot and you’ll be prompted for the password.

There are few bios versions, all of them are following same logic for the options available, you will notice that interfaces are different but configuring boot setup and password are straightforward.