000030712 - RSA Authentication Manager 8.1 BIOS hardening

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000030712
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition:  8.1
IssueChapter 2 (page 36) of the RSA Authentication Manager 8.1 Security Configuration Guide (revision 2) covers the BIOS hardening; however, it does not offer the steps to change the BIOS password.
ResolutionTo protect access to the BIOS, RSA recommends that an administrator change the pre-configured BIOS password to a strong password of their choice.
Plan:  Changing the BIOS password will require a reboot of the RSA SecurID Appliance so plan accordingly for an outage. Steps:
  1. Logon to the RSA SecurID Appliance with the rsaadmin account at the local console and enter the password for rsaadmin when prompted.  The password for this account was setup during the deployment of the SecurID Appliance and is unknown to RSA.
  2. To reboot the SecurID Appliance at the command line, use the command sudo reboot.
  3. On start up, the SecurID Appliance local console initially shows the RAID Controller BIOS version and RAID configuration information, as shown here:
User-added image

  1. On the next screen the administrator is given the option to press F2 to enter the setup.
User-added image

  1. Press F2 to enter the setup.
  2. You are prompted to enter a password.  For example:
User-added image

  1. After entering the BIOS password, the BIOS menu is shown:
User-added image 

  1. Use the arrow keys on the keyboard to navigate the BIOS menu and select Security.  For example:
User-added image

  1. Select Set Administrator Password.
  2. Enter the current password for the BIOS..
User-added image

  1. Create a new BIOS password:
User-added image

  1. Confirm the new BIOS password:
User-added image

You may get the following warning if the password is not considered to be strong enough; however, the weak password is still accepted.

User-added image

CAUTION: Use a strong password to ensure security and store the new BIOS password in a secure place. 

  1. After the BIOS password change, navigate the BIOS menu and select Exit.  For example:
User-added image

  1. Select Save Changes and Exit.
  2. When prompted select Yes to save the configuration and exit.
User-added image

  1. The SecurID Appliance will then go through a reboot sequence.