PowerOn Protector System
Manages (and scales) security on devices for your network.
What is the flow that PowerOn Protector follows in order to secure the BIOS?
Use case: Correct operation
- PowerOn Protector is properly connected to 2 USB ports
- The operator or support engineer makes a change that is correct or the ATM receives an update that requires a system reboot.
- The computer restarts correctly (in other words, the engineer restarts properly Windows) and the PowerOn Protector agent detects that Windows has successfully terminated by sending this information through the USB port to the PowerOn Protector microcomputer.
- PowerOn Protector detects that the system has been restarted, verifies that Windows has been restarted correctly and authorized.
- PowerOn Protector requires the BIOS password through an encrypted HTTP-SOAP request (SSL) a web server that in turn will consult an application where the BIOS passwords of the different secured equipment will be stored. This functionality is optional, because the password can be stored on the same device.
- The password is gotten through the same secure means (SSL) or read it from the internal memory (depending of the configuration).
- Using the USB port, PowerOn Protector takes control of the start of the secured computer and correctly enters the login password for the BIOS.
- The computer boots correctly and the operator never knew the BIOS password.
- The BIOS has been secured.
Use case: Intrusion Attempt
- PowerOn Protector is properly connected to two USB ports.
- An attacker or intruder (normally the same support engineer of ATM) wants to attack via PXE or boot the computer from a location that is not the hard disk, making use of a USB memory or external medium.
- The intruder sends a reset, power off and power on directly from the cabinet or simply cuts power voltage target machine and tries to start it again directly from the cabinet (pushing the power on button).
- When the computer is on, PowerOn Protector detects the boot, the password screen is displayed.
- PowerOn Protector asks in its internal database, which was the last known status of the protected equipment. As Windows was not properly shut down, PowerOn Protector does not enter the password and, depending on the BIOS version, blocks the entry of the password using the standard input.
- The intruder can not start the secured device because it does not know the password. The computer is secured until it is unlocked using the PowerOn Protector graphical interface.
- There is not enough time to execute more actions, the BIOS of the ATM has been secured.
Software & Applications
- Linux Ubuntu Server Modified – Base 16.04.x
- PowerOn Protector Stack Code
- PowerOn Control Libraries application services – PoP V1.6 (python, c++ based)
- Local Hostnames and name resolving
- Python Engine
- NTP service
- SNMP service
- Config Manager Service
- MySql Server
- Apache 6.2.2