How likely is it that an enterprise will face a BIOS attack? Is it worth going to all the trouble to secure a network...
via the new NIST guidelines?
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
BIOS attacks have a long history, but have been greatly eclipsed by more general malware and attacks. The early PC BIOS attacks operated by changing the BIOS passwords in order to change the boot sequence on a PC and gain access to a computer, bypassing the installed operating system. These attacks required physical presence and many future attacks on BIOS will still require physical access.
There are attacks that could be performed remotely on the BIOS for which NIST is trying to prevent or minimize the effect with its BIOS security guidelines. New attacks on the BIOS could be launched by circumventing the security of the operating system. Given the number of different types of BIOS, future BIOS attacks may need to be targeted at specific BIOS iterations as mentioned in the NIST BIOS security guidelines. The next-generation UEFI BIOS has many new features like runtime services meant to enhance the overall computing experience, but these features could be used to attack the computer if they are not sufficiently secured. These BIOS attacks might be more difficult to recover from too, since the standard advice of reformatting the hard drive and reinstalling may not completely clean the system.
Securing BIOS is worth the trouble it takes to be included in general hardware drivers and software update programs. Enterprises should purchase hardware with BIOS versions that were developed using the NIST guidelines and then securely configure the BIOS. To accomplish this, a password should be set on the BIOS for making any changes, and the boot process should be set to a specific setting required by the system. A good example of a safe boot would be allowing a system to boot off of the internal hard drive. If your BIOS supports configuration changes while booted to the operating system, you could make these changes a part of a standard image. By using these settings, a securely configured computer, and installing signed BIOS updates when available as a part of a standard patch management cycle, the risk of future attacks to BIOS and their systems should be minimized.
Dig Deeper on Configuration Management Planning
Related Q&A from Nick Lewis
The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their ...continue reading
The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching ...continue reading
BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.