Hello! Did someone tried to put kernel and some startup staff on CD, and next set BIOS to boot from CD-ROM ? This should prevent intruder from changing kernel/bootscripts and i.e. checksum database. To prevent changes in CMOS, it is possible to put system disk with SCSI ID 2, or as slave on IDE. Most BIOSes dosen't allow boot from such devices, so even if intruder will change CMOS, computer will not start from faked kernel. JT.