For example, security pros who deal with offensive security often have a great familiarity with bootable Linux LiveCDs, like Backtrack, that are designed for pentesting. If they can get access to an internal system, then they can reboot the box, boot from the Backtrack CD and it's game over. How many sysadmins, helpdesk technicians, or desktop support folks do you know that have all of their users' workstations locked down to prevent booting from anything but the local hard drive?
I won't even take a guess at that last question because I know it will be skewed based on my experience in an academic environment -- a place where only the most paranoid lock there machines down to the BIOS level, and even then, that doesn't extend out to their users. I'm curious how many of you out there have detailed build procedures for you workstation that includes adding an administrator password to the BIOS to prevent modification and restrict boot devices to the hard drive only.
Leave a comment here or e-mail me directly with your experiences in locking workstations down physically and if you've had users try to thwart those measures with tools like the Offline NT Password & Registry Editor to gain access to the local Administrator account. As there is more and more talk about insider threats due to the economy, issues like these may come to light in more and more IT shops.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.