cyber-security-resources/linux-hardening/BIOS-best-practices.md

16 lines
1.5 KiB
Markdown
Raw Permalink Normal View History

2023-05-22 15:08:48 -04:00
# BIOS and Security Settings
BIOS, or Basic Input/Output System, is an essential part of a computer's operation, as it initiates the boot process and provides communication between the operating system and the hardware. As such, the security of the BIOS is critical to the overall security of the system. The following are some best practices for BIOS security:
| Best Practice | Description |
|---------------|-------------|
| Set a Strong BIOS Password | Prevents unauthorized users from accessing and changing BIOS settings. |
| Enable Secure Boot | Only allows software with recognized signatures to boot, protecting against malicious code. |
| Disable Unnecessary Hardware | Reduces the attack surface by turning off unused hardware components, if supported by the BIOS. |
| Regularly Update BIOS Firmware | Fixes potential security vulnerabilities. Make sure to download updates directly from the manufacturer's website. |
| Enable BIOS/UEFI Firmware Intrusion Detection | Provides notification if BIOS settings have been changed, allowing detection of unauthorized modifications. |
| Use Full Disk Encryption (FDE) | Protects data on the hard drive by requiring a password to decrypt it. |
| Enable TPM (Trusted Platform Module) | A specialized chip that stores RSA encryption keys specific to the host system for hardware authentication. |
| Limit Physical Access | Prevents unauthorized BIOS access by securing physical systems in locked rooms or cases and using security cables. |