there is a power failure; the machine is able to recover with the keyboard lock still in place.

1.8.3.1 Privileged-Access Password

Because the power-on and keyboard passwords can be defeated by deactivating the battery inside the system, another level of password protection is provided. This security feature is called the privileged-access password. It provides a much higher level of security. The privileged-access password restricts access to system programs, prevents the IPL source and sequence from being changed, and effectively deters unauthorized modifications to the hardware. Also, if a forced entry is detected by the tamper-evident cover switch, the

privileged-access password (if it has been set) must be used in order to make the system operational again.

The privileged-access password is stored in a special type of read only memory called flash EEPROM. EEPROM is an acronym for electrically erasable programmable read only memory.

Systems are shipped with the privileged-access password disabled. To set this password, a jumper on the system board must be moved in order to put the system in the change state. Once this password is set, it cannot be overridden or removed by an unauthorized person.

Attention - Forgotten Password

If the administrator misplaces or forgets the privileged-access password, the system board will have to be replaced. There is no way to reset a forgotten privileged-access password.

1.8.4 Secure Removable Media

An optional 2.88MB diskette drive with security features is available for all IBM PC Server systems. The diskette drive is a 3.5-inch, one-inch high drive with media sense capability for the standard diskette capacities of 720KB, 1.44 MB, and 2.88MB. It can read and write data up to a formatted capacity of 2.88MB, while maintaining read and write capability with 720KB and 1.44MB diskette drives.

A control signal has been added to the diskette interface that supports LOCK, UNLOCK, and EJECT commands issued by the operating system. If the privileged-access password is not set, the diskette is unlocked during POST. If the password is set, the boot process does not unlock the diskette drive unless it is the designated IPL source. In this case, the LOCK and UNLOCK state is controlled by an operating system utility. For SCSI devices, there is a proposed standard UNLOCK command. In this case, the operating system will control the LOCK command if the privileged-access password is set. Access to the unlocking function with specific user authorization can be controlled by secured system software.

In the event of power loss, the system retains its state (secured or unsecured) independent of the state of the battery. A diskette can be inserted in the drive, but it cannot be removed if the power is off. When the drive is turned on and locked, the media cannot be inserted or removed.

36NetWare Integration Guide

Page 51
Image 51
IBM SG24-4576-00 manual Secure Removable Media, Privileged-Access Password