3.8.8. BIOS & UEFI Security

Learn how to increase the security of your system using configurable BIOS settings.

Passwords

Most manufacturers allow you to set a user password for signing into accounts. They also allow you to set an administrator password so that unauthorized users cannot edit BIOS settings. However, on older BIOS systems, the password can easily be cleared by removing the power from the CMOS chip. Attackers can use jumper cables to disconnect the CMOS battery from the CMOS chip, clearing it's contents. Newer UEFI chips are not typically vulnerable to this type of attack.

Drive Locking

Some manufacturers allow you to setup a drive password that is configured to the boot drive. On boot, as long as the user hasn't inputted the correct drive password, the system won't load into the OS. It's not vulnerable to jumper attacks since the password is actually an encrypted key saved on the drive itself.

Trusted Platform Modules

A TPM chip is a chip that can be installed on a motherboard to prevent drive moving. Drive moving is a technique the attackers use to gain access to files on your hard drive, simply by moving the drive from one computer to another. This is used to circumvent ACLs designed to block unauthorized access.

TPM chip provide cryptography functions that provide full support for asymmetric encryption. This is used to protect the keys that are used to lock the hard drive. Tools like Windows-BitLocker use the TPM chip. On boot, if the TPM chip is enabled, it will check a key or hash that was taken of the hardware and verify that the hardware hasn't changed. If it has, it will prevent the system from booting.

Applications installed on the system can also use the TPM chip for their cryptographic purposes.

Full-Disk Encryption

Some systems provide the option to encrypt the entire hard drive without the use of tools like Windows BitLocker. First, you have to setup your user and administrator passwords. Then, in your BIOS settings, you can create a security key that's used to encrypt all the contents of your hard drive. Make sure to export that key to somewhere save like a USB drive.

LoJack

Systems that are prone to being stolen, like notebooks, often have a feature called LoJack. Systems installed with LoJack have a chip that continuously contacts the LoJack headquarters server to update it with the systems geolocation, and to also check whether or not the it has been flagged as stolen.

Secure Boot

#III

#Aplus

1.1.7 Internal Components of a PC

1.1.10 Network & Server Cabinets

2.1.1 Safety Measures

2.1.4 ESD Protection

2.2.1 Environmental Concerns

2.2.2 Environmental Facts

2.2.3 Power Concerns

2.3.1 Professionalism

2.3.4 Change Management

2.5.1 Maintenance Practices

2.6.1 PC & Networking Tools Info

2.7.1 Troubleshooting

2.8.1 Ticketing Systems

2.8.7 Asset Management

3.1.1 Network Cables

3.1.4 Wiring Standards

3.10.1 CPU Troubleshooting

3.11.1 Expansion Buses & Slots

3.11.3 Install an Expansion Card

3.11.5 Video Cards

3.11.6 Capture Cards

3.11.7 Install a Video Card

3.12.1 Digital Audio

3.12.2 Sound Cards

3.12.4 Troubleshoot Speakers

3.12.6 Sound Card Connectors

3.13.1 System Cooling

3.14.1 The Power Supply

3.14.2 Power Supply Connectors

3.14.3 Troubleshooting Power Supplies

3.2.1 External Connectors

3.2.2 USB Standards

3.2.3 USB Connectors

3.2.4 USB Device Classifications

3.2.5 Peripheral & Video Cables

3.2.7 Internal Hard Drive Cables

3.3.1 Cases & Form Factors

3.3.3 Motherboard Components

3.3.5 Install a Motherboard

3.3.6 Replace a Motherboard

3.4.1 Motherboard Issues

3.5.1 DRAM Types

3.6.1 Memory Characteristics

3.6.6 Installing Memory Modules

3.7.1 Troubleshooting Memory

3.8.1 BIOS

3.8.2 The Boot Process

3.8.4 BIOS & UEFI Settings

3.8.5 Built in System Diagnostics

3.8.6 Flash the BIOS

3.8.8. BIOS & UEFI Security

3.9.1 Processor Concepts

3.9.5 Install a Processor

3.9.4 CPU Sockets

4.1.1 Operating Systems

5.1.1 Storage Device Types

5.4.1 Raid

5.4.2 JBOD

5.5.1 File Systems

5.8.1 Storage Optimization

5.8.2 Storage Troubleshooting

5.9.1 SSD Storage Issues

6.1.3 Windows 11 Installation Methods

6.3.1 Cloud Computing

6.4.1 Virtualization

7.6.1 Software Licensing

7.6.2 Digital Rights Management

7.7.1 Windows Virtual Memory

8.6.1 System Backups

9.1.2 Common Windows File Locations

9.3.1 Data Transmission Encryption

10.3.3 Projector Troubleshooting

10.3.1 Video Troubleshooting

11.1.1 Networking Basics

11.1.2 Network Types

11.2.1 Ports and Protocols

11.3.1 Device Addressing

11.4.13 Embedded Systems

11.4.14 Industrial Control Systems

11.4.7 Internet Appliances