13.5 - BIOS/UEFI Security - Terms/Notes

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Lo-jack

A mechanism used to secure systems that are vulnerable to theft.

Chassis intrusion detection

A motherboard feature that helps you identify when a system case has been opened.

Trusted Platform Module (TPM)

A special chip on the motherboard that generates and stores cryptographic keys.

How does chassis intrusion detection help to secure the BIOS?

Prevent someone from resetting the BIOS by either using the CLR_CMOS jumper, or removing the CMOS battery, or any other mechanical means of resetting the BIOS, at least prevent them from doing it without you knowing about it.

Which UEFI security feature prevents the system from booting an operating system without a valid digital signature?

Secure Boot

Drive locking

Setting a password on the system hard disk.

Which UEFI security feature ensures that firmware updates for the motherboard do not contain malware?

Signature enforcement

Drive Locking

Some motherboards allow you to set a password on the system hard disk. This practice is sometimes referred to as drive locking. - When set, the password must be given at system startup or the disk cannot be used. - There are two different passwords: user and master. - Set the password(s) by using the motherboard's BIOS/UEFI configuration program. - Passwords are saved on the hard disk itself. - You cannot read the passwords from the disk. - You cannot move the drive to another system to access the disk without the password (the password moves with the disk).You cannot format the disk to remove the passwords. - If you forget the user password, use the master password to access the drive. If you do not know either password, you cannot access any data on the drive. - Most drive locking systems allow a limited number of incorrect password attempts. After that time, you must restart the system to try entering additional passwords. - Some systems ship with a default master password already set. However, these passwords (if they exist) are not publicly available and cannot be obtained from disk manufacturers.

What is the function of the TPM? Where is the TPM chip located?

The TPM is a chip on the motherboard, that provides cryptographic services, like making public/privavte keys, and can help you keep your hard disk secure eveen if it moves to another system.

How does a hard disk password differ from a BIOS/UEFI password? What happens to the hard disk password if the disk is moved to another system?

The password isn't on a chip on the motherboard, but is instead encrypted on the disk itself, so you can't remove it and go on your merry way. If you move it to another system, it will remain locked.

What is the difference between a user password and an administrator password in the BIOS/UEFI configuration?

User password is a password that must be provided for the system to boot. The administrator password is required if you want to make changes in the BIOS/UEFI settings.

Passwords

You can configure passwords in the BIOS/UEFI configuration to control access to the system. - If set, the administrator password (sometimes called the supervisor or setup password) requires the user to authenticate in order to enter the setup program to make changes to BIOS/UEFI configuration. - If set, the user password (sometimes called the system or power on password) requires the user to authenticate in order to boot the operating system. Usually, the administrator password can also be used to start the system. - BIOS/UEFI passwords offer only a limited degree of protection. - Passwords can typically be cleared by removing the motherboard battery or setting a motherboard jumper. - If you have set an administrator password and then find the password is no longer set, you know that someone has tampered with the system. - Use a chassis lock to prevent users from opening the case to reset passwords.

How can BIOS/UEFI passwords be circumvented on some systems?

You can use a jumper in the CLR_CMOS plug, which removes power from the CMOS, resetting the BIOS config.


Ensembles d'études connexes

Chapter 1-6 Strategic Management

View Set

Chapter 5- Upper Extremity Part #1 ANATOMY

View Set

Intercultural Exploration of Families (test)

View Set

Molecular Biochem Test 2 Chp 6-8

View Set

ch 37 Vascular Disorders (PAD, VTE, Raynaud's)

View Set