What is Pre-Boot Authentication (PBA)? Pre-boot authentication is the process of validating user login credentials before unlocking contents of the hard drive. For a computer used by users, this means when turning on a computer, the user will immediately be prompted with a request for their username and password (or Token/Smartcard if 2 factor is required) before the computer’s operating system comes on line.
For servers in datacenters, this can be a challenge as there is no operator or administrator readily available to authenticate at PBA. The solution is Network Pre-Boot Authentication. Similar to regular PBA, authentication is still required when servers are powered on. Instead of relying on administers or security modules such as TPMs on the local machine, an external server is used as an authenticator to authorize boot up requests.
Benefits of Network Pre-Boot Authentication
The reason that Pre-Boot Network Authentication is so valuable for Server security is because it thwarts many of the most common attack vectors for infiltrating common operating system security.
A popular attack vector widely known amongst cyber-security professionals and hackers (both skilled and unskilled) is the weakness of passwords. Attacks such as password guessing, cracking, resetting, stolen passwords, etc. … can be used to attack the credentials used at PBA. Furthermore, if the server is stolen, it would give attackers unlimited tries at cracking the password. With Pre-Boot Network Authentication, weakness of the password is removed from the authentication process and is replaced by a much stronger server authentication mechanism.
In the case of when the entire server core is stolen and TPM only is used for PBA authentication; the server will continue to allow boot up as the TPM is still present. This will open up many attack vectors that the server operating system might be vulnerable to.
Pre-Boot Network Authentication would prevent these issues from occurring because only the authenticating server can authorize boot up requests. Approved devices can be updated dynamically and if the server rejects the boot up request or if the machine is stolen and cannot reach the authenticating server, then none of the drives will unlock, completely neutralizing this common and pervasive attack vector.
Another value Pre-Boot Network Authentication brings is the support of automation and do not require someone to enter credentials at PBA. This is ideal for datacenters as most servers are managed and/or controlled through some kind of automation; utilizing Network PBA will be a seamless integration without additional overhead in resources while providing the required security.
At the end of the day Pre-Boot Network Authentication likely won’t solve all of your company’s security concerns, however as the use of laptops and portable computing devices grows more and more prevalent the risk of losing a computer, or having one stolen is only going to increase. Having a Network Pre-Boot Authentication system established will prevent an attackers from accessing one of your company’s servers and gaining access to any sensitive data that’s contained within.
WinMagic – Your Trusted Source for Data Encryption Solutions
Are you looking for ways to safeguard your company’s most valuable asset? Contact WinMagic today at 1-888-879-5879. WinMagic has been helping customers secure data through encryption since 1997.
Our products have won several awards, and we have five million clients in over 80 countries. Find out how our data encryption solutions can work for you and your business by speaking with a customer service representative.
