school needs help stopping hackers - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
Thread Tools Display Modes
Old 10-05-2005, 01:54 PM   #1 (permalink)
Newb Techie
Join Date: Sep 2004
Posts: 37
Default school needs help stopping hackers

i work as a math teacher (90%) and computer guy (10%) at a school and on our computers we are using windows XP which is run from another company on a network. in order to access the computers you must login and your own password. i'm sure you know the login screen. without this you cannot access anything OR so i thought.
kids have been getting into the computers, reseting the BIOS passwords, putting in Power Up passwords and such, one kid even installed a totally different version of windows. this is a problem and i would like to know a technical solution on 1) how to stop the kids from doing this and 2) how are they able to do this?
i'm no hacker / cracker and only work on the computers at the school 2 hours a week so i don't have a lot of time to deal with these problems in depth.
can someone out there please help me?

liquidmonkey is offline  
Old 10-05-2005, 02:08 PM   #2 (permalink)
True Techie
Join Date: Oct 2005
Posts: 191
Send a message via AIM to PhillipBelcher Send a message via Yahoo to PhillipBelcher

First of all, Your are obviously on a network, which version of windows server are you using? Secondly, who handles the Active Directory side of it? You should be able to change the user setting through the Group Policy(GPO). As far as the bios setting are conserned, i would go through and set the passwords for the bios, maybe even a power on password, limiting the bios setting that they can fiddle with. Please provide a little more information on the server systems you are running on, and how the groups are set. Thanks

PhillipBelcher is offline  
Old 10-06-2005, 06:38 PM   #3 (permalink)
Super Techie
Join Date: Nov 2003
Posts: 415

its easy, make the punishment for getting caught hacking school computers expulsion, problem solved especially after the first one caught is gone, lol. seriously tho, did the computers start with bios passwords or did the kids just go in and set one because there never was one. the only way i kno to reset one is to take the battery out but i doubt the kids r actually taking the pc apart, i dunno havent looked into it before. if there was never bios passwords then ur not trying very hard. i would set the bios passwords and take the cd and floppy drives out of the boot order. that will at least stop them from installing other windows copies unless they r actually resetting the passwords in which case i dunno
Fear is nothing but the anticipation of pain, be it physical, mental, spiritual or emotional.
Athlon XP 2200+ oc\'ed @ 1.93ghz
MSI ms-6738
768mb ddr2100
Nvidia mx420 :(
60gig maxtor 7200rpm
Dual boot with Mandrake 10.0 and Win XP Pro sp2
neversleeps is offline  
Old 10-06-2005, 07:21 PM   #4 (permalink)
Master Techie
Join Date: Oct 2003
Posts: 2,258

If you can also provide information on what the actual machine are, that would help too. What os are they, what brand are they. Different vendors provide different levels of security on the bios so depending on a few things, we can give you more specific information.
The following applies to XP and Win2k only, so if your using win98, then it's not going to work the same...

On the secuirty of the OS, make them all users. Don't grant them admin access. That will stop them from being able to load any programs on the machine that effect the machine level of the OS.
Somthing that works really well, is applying the Secure workstation template. This is a security setting template that takes the machine and adjusts the default settings to use a much tighter set of rights. additionally, if you do have an active directory setup, applying group policy restrictions is a very simple way to stop them dead in their tracks. if you want to get into it, just ask... many people know a lot about it...

Best wishes..
Inaris is offline  
Old 10-06-2005, 08:36 PM   #5 (permalink)
Monster Techie
Join Date: May 2004
Location: USA
Posts: 1,178

Originally posted by neversleeps
its easy, make the punishment for getting caught hacking school computers expulsion...
My school (local community college) will call the police, if you were to do that :P Then again, it's not often anyone is that bored...

As everyone has said, you probably didn't have a BIOS password set, thus easy access to add a well as setting the boot device to "CD-ROM"--enabling them to install an O/S.

So...merely set a BIOS password, change the first boot device to the HD with your Windows on it, and *disable* all other boot devices.

Also, a common problem with schools is there is no Admin password set--whoever sets the computers up is not very careful in that case--so check that.

And last of all, ensure "Safe mode" is disabled...!

PS: You only work 20 hrs per week?! (10% = 2 hrs) Sweet!
Vormund is offline  
Old 10-06-2005, 08:40 PM   #6 (permalink)
Wizard Techie
Join Date: Jun 2005
Posts: 3,339

No we don't know what the log on screen looks like depends on what you use please don't tell me you are using just XP and you are using another product such as Netware right?. I also am having a hard time figuring out how students are bypassing the bios password (suprised F2 isn't disabled). Do you even have a bios password by default?
<form action=\"\" method=\"get\">
<input type=\"text\" name=\"search\"> <input type=\"submit\" name=\"submit\" value=\"Search TF before you post!\"></form>
Vista Discussion | 64 Bit Discussion |Microsoft Homepage | Yo Linux | Paul Thurrott | Fire Fox | Thunder Bird | Image Shack | Photo Bucket | Put File | Anti-Spyware | MS Anti-Spyware | Trillian | Anti-Virus | On Line Virus Scan
Tyler1989 is offline  
Old 10-06-2005, 08:50 PM   #7 (permalink)
Master Techie
Join Date: Feb 2004
Posts: 2,172
Send a message via AIM to Win2kpatcher

I would agree before you can even attempt to lock down windows you must prevent them from accessing the BIOS first. Put a power on password for the BIOS this way anytime a machine is powered off manually a administrator or teacher would have to enter this.

Then assuming the PC's are on 24/7 you can lock down the machines with a policy. Be sure to remove all options for "reboot and shutdown" both on start menu items and the CTR-ALT-DEL menu.
Win2kpatcher is offline  
Old 10-07-2005, 03:46 PM   #8 (permalink)
Chillin Techie
Join Date: Nov 2004
Location: USA
Posts: 11,861

it's easy to disable a bios password (short the memory cap). give the adminstrator in safe mode a password. a lot of people can't get past that
The Ultimate Hard Drive Utility PowerMax 4.23. (It now has the ability to clean a Boot Sector virus on the quick erase option.)
The best browser Netscape 8
Have you accidently delete something? Look here (trial. the better one) and here(free)
EricB is offline  
Old 10-07-2005, 05:23 PM   #9 (permalink)
Systems Engineer
Crysalis's Avatar
Join Date: Dec 2004
Location: United States
Posts: 1,675
Send a message via AIM to Crysalis

I would also suggest a program called DeepFreeze. It is sold in mass licenses for schools, and it would be a GREAT investment. Basically, what you do is you set up your computer exactly how you want it, then you install DeepFreeze and configure it. Once its configured, the computer will matter what... boot the EXACT SAME WAY as it did when you configured the deepfreeze software.

Lets say you put some files on the computer. The you shut it down. When it starts up, those files are gone. Say you change every setting possible... when you restart, it will be back to normal without question. The software is password protected and cannot be changed or even opened until that password is entered. If there is a password, it should be random letters and numbers... nothing that makes sense (that way brute-force cracking programs can't get it). If it has any kind of word that is in a normal dictionary, it will pick it up and let the "hacker" in.

As for them getting into BIOS, you should have set your own BIOS
passwords or do as ericB suggested.

You should also look into some sort of lock software. My college has it on every computer where unless you figure out the password (thats if you can even find the way to get to the box to type it in), depending on what the "tech" set it to, you can lock certain features such as settings. You can disable the start menu and make it so that they can't bring it back up by blocking them from changing settings. If you did that, then you could just make shortcuts on the desktop of all the programs the students will ever use. You could also lock the ctrl-alt-delete function. You could set it so that unless you know the password, you can't use ctrl-alt-delete to access the task manager. Libraries use this software... its actually pretty cool. I can "hack" it, but thats only because i know how it all works (there are ways of getting around some things, but not very much...not anything useful). If you dont, then you can be locked up pretty well.

Do some research on how to lock computers and software that is capable of what you need. The stuff is definitely out there. DeepFreeze would be a very good choice.
I have a computer with stuff in it.
Crysalis is offline  
Old 10-24-2005, 01:40 PM   #10 (permalink)
Newb Techie
Join Date: Sep 2004
Posts: 37

thank you for all the great replied everyone, very much appreciated!!
been talking to our network supplier and the way to go is BIOS passwords for all the schools in our group as well as HDD being the only boot device.
i'll check into the 'deepfreeze' program for sure, it sounds great!!
thanks again!!

liquidmonkey is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 12:15 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.