Securing Basic Input Output System(BIOS)
b"
hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 17 today we are discussing about Securing the BIOS.What is the BIOS?Well, if you remember back to your CompTIA A plus studies,BIOS is a type of firmware which is software on a chip.The BIOS stands for the basic input output system..It's firmware that provides the computer's instructions for how it's going to accept input and send output.So anytime the motherboard is going to talk to a keyboard,a mouse, a network card, a hard drive,a video card, whatever it is,it has to have instructions on how to do that.That's what the BIOS provides.Now, most modern computers don't have a traditional or legacy BIOS anymore.Instead, they use a U-E-F-I, or UEFI,known as the Unified Extensible Firmware Interface,but it's essentially the same thing.It's just more of an updated and robust version of it.Throughout this lesson I'm going to refer to both of these as BIOS collectively instead of one or the other because for our purposes they're equivalent.Now, when your computer boots up, it loads the BIOS,and the BIOS tells it how it'sgoing to check the hard driveand figure out what the boot order is.Should it boot from the hard drive,the floppy disk, the CD,or the USB drive first?The BIOS controls that.Then, it's going to load the machine.Once it does that, it loads the operating system.And then, Windows is going to start taking over and be able to do a lot of the functions for the BIOS.The BIOS is very low level.As such, it only deals with very basic tasks.Once the operating system has loaded,it gives you a ton of additional capability to your computer.Now, how are we going to secure this computer?Well, when we're talking about securing the BIOS,we're talking about securing everything up to the point when Windows is loaded.The first thing we want to do is what's called flashing the BIOS.Flashing the BIOS is simply ensuring that it has the most up to date software on that chip.Because it's firmware, you have to do a process called flashing the BIOS to upgrade the BIOS.This allows you to remove what's currently on the chip and replace it with a newer, more updated version.Any time there's going to be a new update to the BIOS,the manufacturer releases it on their website.Generally, they'll give you a process that you can install it to a thumb drive,boot from that thumb drive,and then run a program to flash the BIOS.The next thing we want to do to help secure the BIOS is ensuring that you've set a BIOS password.This'll prevent anyone from being able to log into the BIOS and change the boot order or other settings without having this administrative password.You want to make sure that you're using a good long and strong password,just like you would for your Windows machine.But it should be one that's unique to your BIOS and not the same as your Windows machine.Next, you want to configure your BIOS's boot order.As you can see here on the screen,I've deselected the disk drive,the CD drive, and the USB drive.I only want to be able to boot from the internal hard disk and then from the network card.This helps me protect somebody from putting in a bootable distribution of a Linux CD or something like that and taking control of my computer.f I control the boot order,I control what's loaded.The fourth thing you can do to help secure your BIOS is disable any external ports and devices that you're not going to need.For example, do you still use a parallel port?Most people don't, and so you should disable it.The same thing happens with a serial port.No one really uses them anymore.We use USB, so you can disable it.You might have an onboard network card that you don't use.
"