Sentry 3.0 Documentation


Last Revised: April 2011

Copyright © 1998-2011 Fresh Software LLC

 Appendix A : Physical Security (Holistic Security)

Sentry provides foolproof lock-down security for your system. However, like any other program, it depends on the operating system to run. If a person wants to have access to your machine desperately enough, it is possible that they would find a way to bypass Sentry loading by modifying how your machine boots.

For maximum security, Fresh Software recommends you consider patching up your boot process:

 

Disable boot keys

Just before the Windows start-up screen, anybody can hit F8 or other keys to change how Windows loads. By doing this, an experienced (and determined) user can boot into Safe Mode (a mode where windows loads all default settings) and disable Sentry via the system registry.

We've included a utility that can allow you to disable any system boot keys that would allow an intruder to bypass Windows, and hence Sentry. Check "Boot Configuration Wizard" under the Sentry program group in your Start Menu. This utility only works on Windows 95, Windows 98, and Windows ME.

 

Disable a floppy boot

It's possible for someone to insert a floppy disk containing system files and a master boot record to bypass your main operating system. Commonly called a boot disk, this can pose a threat to your computer's refuge.

To disable starting your system with a boot disk, you need to enter your BIOS settings. Usually when you turn on your computer, you will see it counting memory, initializing hard drives and doing other system checks and startups. Watch closely. If you see a message on the screen that says something like "Hit F1 to enter setup", then hit the F1 key. Note that the key varies from system to system and BIOS to BIOS.

You're looking for your system "boot order", which can usually be found in the "Advanced" section of your BIOS options. Change it so that a hard drive boot (C:) has precedence a floppy boot (A:)

NOTE: Do this at your own risk. If you disable a floppy boot completely, you will not be able to use any "rescue disks" until you turn this option back on in the BIOS.

 

Password protect your BIOS

For the most protection possible, you can decide to set a BIOS password. By doing this, your system WILL NOT BOOT without first entering a password. An operating system will not be allowed to start, no settings will be able to be changed.

To set a BIOS password, enter the BIOS settings by hitting the setup key (see above). Look under the "Security" section of the settings.

NOTE: Please remember that YOUR SYSTEM WILL NOT BE ACCESSIBLE AT ALL if you forget your BIOS password. The only way to reset it is to open up your computer's case, find a jumper on your motherboard, and toggle it (if it comes down to this, consult your motherboard manual). Don't even consider setting a BIOS password if you have a bad memory!

 

Physically secure the PC

To prevent someone from opening the motherboard and resetting your BIOS, stealing your hard drive etc -- you could consider the use of actual locks to prevent the case from being opened or the computer from being stolen.  Many modern PC cases include locking features.