Compaq nc6000 HP ProtectTools Security Manager - Page 6

With BIOS Configuration for HP ProtectTools, authorized users can: • Manage power-on user and administrator passwords • Configure pre-boot authentication features such as Smart Cards, Power-on Passwords, and Drivelock • Enable/Disable hardware features such as CD-ROM boot. • Configuring boot options including disabling the ability to boot to drives other than the primary hard drive Table 2 - BIOS Configuration for HP ProtectTools Features and Benefits Feature Benefit Works with HP ProtectTools Security Manager User interface is fully integrated into the HP ProtectTools Security Manager. Provides access to BIOS security and configuration features from within the operating system Provides an easier to use alternative to the pre-boot BIOS configuration utility known as F10 Setup. Enhanced security feature set that take advantage of other HP ProtectTools supported security technologies such as Smart Cards and TPM embedded security chips Provides better protection against unauthorized access to the PC through features that help protect the system from the moment power is turned on. TPM embedded security chip pre-boot authentication requires that users securely authenticate to the chip prior to allowing the system to boot, which helps protect against attacks that exploit the ability to boot to alternative operating system environments. TPM embedded security chip enhanced Drivelock protects a hard drive from unauthorized access even if removed from a system without requiring the user to remember any additional passwords beyond the TPM embedded security chip user pass phrase. Working with Smart Card Security for HP ProtectTools, pre-boot Smart Card authentication requires users to present their Smart Card prior to allowing the system to boot. Enabling access to BIOS security configuration from within the HP ProtectTools Security Manager creates an integrated security solution and enables authorized users to control every aspect of security management from a single application with a common user interface. The following table describes the key BIOS security features2 that become accessible from the HP ProtectTools Security Manager using the BIOS Configuration Module. Table 3 - Key BIOS security features made accessible by the BIOS Configuration Module Feature Description Benefit TPM embedded security chip preboot authentication Utilizes the TPM embedded security chip for user authentication. Users need to input the basic user key pass phrase Helps protects against unauthorized access to the PC by preventing access to the computer by booting from a device other than the primary hard drive. Provides security benefits similar to a power-on password; however, by allowing the user to use their TPM embedded security chip pass phrase, users are not required to remember an additional password. TPM embedded security chip enhanced Drivelock Requires a user to authenticate to the TPM embedded security chip before a Drivelock protected hard drive can be accessed. A separate Drivelock password is not required. Drivelock helps protect a hard drive from unauthorized access even if physically removed from a system. Allows very strong, random Drivelock passwords to be automatically set in a way that is completely transparent to users (does not require the user to remember another password) Ties a hard drive to a specific system with a specific TPM embedded security chip, preventing other systems from accessing the hard drive if it is physically removed from the original system. 2 Pre-boot authentication features are available on select platforms. Refer to platform specific specifications for more details. 6