Friday, May 27, 2005

BIOS password in Servers

Keywords: Administration tip These days I am involved into one of the most challenging projects of my career. It has been a tremendous learning experience. One very small but significant thing that I learnt today is - Don't attempt protecting the servers with a BIOS password. Well, this may sound strange as we always think adding a password to the BIOS adds one more level of security. Well not really. Any person who can gain physical access to the server can get rid of that password. Besides, adding the password to the BIOS means, you cannot boot the system remotely. Now this is a big setback. Rather you would like everyone to work on the server remotely and no one to have physical access to it. There would be a lot of people who will think otherwise. Logic would be - No physical access, no software access. Well, that can work in smaller organizations with a few servers and one or two administrators. But in case of large organizations and dozens of admins, that approach is not practical. The bottomline is: If you want your servers to be accessed remotely, don't add a password to the BIOS.

1 comment:

Arjun Bahree said...

Depends on the BIOS that you flash in.
For higend servers, BIOS flashing is done prior to server installs. In BSL though you wont see that lot, but you can circumvent the remote login problem due to BIOS with a Net Stub Flash Kindle that shall let you do that.