Protecting Data Part 3
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
2 hours 39 minutes
welcome back, plus its security course. And in this video I'm going to continue what I have started in the previous one, and this is explanation how to make ideal PC protection. So you have seen in previous video how the standard the way of protecting PC today looks,
and I'm going now to talk about things that some
off the manufacturers event of PC Wenders do as an extra thing to protect their PC.
we no longer can have the assumption that our hardware is trustworthy
because the buyers might be compromised.
In order to prevent that from happening,
we can put a piece of hardware, a chip on a mother board.
Let's call it security model,
which can do multiple things, but it has to do at least two to make a lot of things function well.
So the first thing the security model has to do is to prevent any unauthorized writing rewriting of buyers. So three only way that you can do something with bias on the machine that has this kind of security model
is to do their legitimate bias or firmer upgrade off the device.
How it's done.
Basically, we never the security model the text that there is unauthorized
attempt to write into bias.
It will simply freeze the machine and signal to operating system. Before that, that there has something has happened so that you can intervene or it can just simply restart device.
The other thing is on the boot off the PC.
The security module can track the content of the bias to the golden copy of buyers that is stored not in standard flesh but in this security model.
And if there is any difference, it can rewrite the bias on the on the board with the Golden Copy, making sure that then the bias in the board is the good one and then the restart the machine.
So this is
what security model has to do.
Next step would be to have some piece of software that is also guarded by security model,
and this piece of software is basically checking if crucial security processes in your operating system like, for example, of anti Mellors after or anti virus after
is functioning. So if that process hasn't been stopped, why? Because some malware first thing they do is they stop anti malware software. They'll for Windows, stand they go into Windows 10 Security Center, see what is the current
software that is stated as anti mellower, and then they simply stop that process.
So Guardian Software has to restart that process, which is anti Melber.
If they noticed that it has been stopped
and the execution of the Guardian software itself
uh, told to security model so that it the functioning of that process is somehow being monitored from Harvard. I'm not going to go into details. I'm just telling you how these things work.
And final part off ideal PC protection would be
that that asset management software
can also check the status of bio settings of the PC.
Why? Because, for example, if the PC goes if it's broken and madame or has to replace them, then PC's taken to the Service Depot or service partner or service contractor.
They replaced the mother board, but they don't know how to put to the bias. Password and bias password is absolutely necessary thing to have
if you want to protect to the buyers from being misused. So uh,
that s it. Management's after should be able to at least report that now, suddenly we have a PC on the network that doesn't have bias passwords, for example, Set
and also even better, would be to force the change. So to implement the policy off bias passwords to the device. Why? Because bios passwords on all machines in one company are usually the same,
makes absolutely not no sense from management perspective, toe have them
the different in every PC so it can implement the bus password. Or if not, it can at least signal to the to whoever is in charge that this many pieces they don't have by his password there.
So this is how the ideal PC protection looks.
And in in the next video, you will be able to see a little bit more about protecting other types of data in your company.