Manualshelf

BIOS-enabled security features in HP business notebooks - Technical white paper

ManualsBrandsHP ManualsDesktopsHP ProBook 4520s Notebook PC
123456789
2
Basics of security protection
A computer system is only as secure as its weakest component. Creating a secure system involves looking at all areas of
vulnerability and creating solutions to address each of those areas. A typical computer system stores sensitive data on a
local hard drive and may have access to network resources containing sensitive information. Therefore, the following
areas of vulnerability must be addressed:
User authenticationEnsuring that an unauthorized person does not access the computer
Data on local storageEnsuring that no one can access information simply by removing the hard drive from a secure
computer and inserting it into a nonsecure computer or by accessing data after a computer is disposed of
Device securityEnsuring that the computer does not boot using a device other than the primary hard drive, thereby
allowing access to sensitive information by completely bypassing the OS authentication
HP has devoted considerable resources to building security capabilities into the BIOS firmware of HP business
notebooks. This document explores the following capabilities:
Protection against unauthorized accessPreboot authentication
Data protectionDriveLock, Disk Sanitizer, and Secure Erase technology
Device securityBoot options and device control
HP integrates BIOS capabilities and the HP ProtectTools software, a rich set of security features that works in Windows
to enable enhanced security. This document discusses ProtectTools only as it interacts with the BIOS security
capabilities. For more information about the ProtectTools software, see the HP website.
Protection against unauthorized access
To help protect the computer from unauthorized access, HP adds preboot authentication to its business notebooks.
Preboot authentication is required immediately after turning on the computer and before the OS boots. Preboot
authentication also provides protection against attacks that take advantage of the ability to boot from a device other
than the primary hard drive.
Preboot authentication can be configured by using the BIOS setup or the ProtectTools software.
BIOS setupA user configures a password for authentication. At power-on, the system prompts the user for the
password and allows the boot process to continue if the correct password is entered. If the user configures the
preboot authentication password using the BIOS, the password is independent of the user’s Windows logon password
and does not allow the One-Step Logon process that is available in ProtectTools.
ProtectToolsPassword authentication or other biometric authentication, such as fingerprint or facial recognition, is
configured. This authentication enables the One-Step Logon process for preboot and Windows authentication.
If a strong password is chosen, password authentication is an effective way to enhance system security and help protect
a system against unauthorized access. To ensure that an authentication password cannot be easily guessed, create
passwords by adhering to established security guidelines, not by using personal information.
Preboot authentication using BIOS
On typical computers, the drawback to preboot authentication passwords is that a computer can have only one, so the
system is restricted to one user. However, HP has implemented a multiuser architecture in the notebook BIOS to solve
this issue.