hello and welcome to P C Security Intermediate Course.
In this video, I will continue talking about ways of protecting the PC harder in particular, it's going to be about protection component thick, firmer.
you remember that we had the story about hard drive, firmer being compromised and that it has been happening in the past by certain government agencies. And today
there are quite a lot off people out there who are also doing the same thing.
It's rather complicated because you actually need to know how to
right the firmer for hard drive, which is not. The simple thing requires
knowledge and then skill, but the way to do it. And now this. This is not something that you can just do. The harder manufacturers of hardware manufacturer have to give you these
but essentially you, you need to be ableto use the cryptographic firmer assigning, and usually if the hard drive manufacturer provides this feature, it's automatically on.
You need to be able to lock the diagnostic port on the hard drive
and you have to do the secure boot. So if you have all these three things
on and you got the brand new from the factory hard drive that has, you know, it's It's an intact plastic bag,
and you got it from a secure channel that you can be pretty sure that your hard drive will not in the future be,
uh, compromise with this kind of attack so hard drive firmer won't be compromised.
The second thing about you is B
is that you should, if it's possible, if it's feasible from the business process Point of view. Disable years be memory devices and bias.
So essentially you have to disallow on the bias level. If some of the plugs in USB flash memory sticking in there, nothing will happen because you're in country procedure. Bias will determine that this is memory. The wise in the
simply won't let it anymore.
Why? Because there are ways to, ah, attack the firmer off the USB controller by a mystic. Okay, it's really complicated, but it has been done in the past
then. The second thing is that if you have to allow people in the company to use USB sticks because business
then you should let them use only USB that have the right protection. So whenever they go outside the company,
turned the right protection on. So if, for example, your employees and you go somewhere and you collect some data on your USB, you should turn the white right protection off. So if somebody tries to compromise your USB,
it won't happen, at least not curing Kendrick procedure.
Of course, if you have to collect data and bring it back to the company than you cannot turn off the right protection.
But what you can do is to extend bit Locker to you is be so no direct right to the use. B will be possible,
and in the third level, you have to do so for protection that will scan the you is B immediately after it's being plugged into device and preventing anything from executing from that USB. But that's after protection that it's Windows,
and it won't do anything about low level hacks that happened below the U. S.
So with us be, my recommendation is don't lighted.
but the other things are also
Okay, so with graphic cards, as I mentioned, Firmer is a potential threat, and driver is a real threat, so I wouldn't bother at this point With graphic cards, there is nothing so far that any manufacturer graphic cards offers in terms of protection. If you have integrated the
graphics in your chips that you're much more much better protected, because
then any tempering with firmer off your graphics is actually handled through protection of bio. So if your biases protected, then pretty much you're safe.
And this is pretty much all about protecting the components of a PC. There is not much to it. There are no tools that actually protect you from these things,
and you have to simply be careful. So in this case, the prevention is much better approach than detection, which is almost impossible and then re mediation later. So better safe than sorry is the principle that I recommend for protecting your devices
fervor components for where
is especially has to be taken in consideration when device is going to be serviced.
This is a huge problem. This is usually outside the control. Whoever is,
uh, making these things, you know, happen inside the company in terms of I t. Security. So
you at least need to have a way to make sure that whenever they put in your PC's not
compromised and to establish some procedures which show you can make sure that they follow that. For example, when they have a hard drive in there in the broken PC and it's not broken, the it never is being placed in any other
BC For diagnostic purposes.
He just stays on the PC, so it might be more costly because sometimes the hard drive may be correct, but they will still replace it because they cannot do the diagnostics.
But it is a small price to pay compared Toa, for example, losing some sensitive daytime, then exposing your company to a loss. It
don't let me ask you which method is used to protect hard drive? Firmer?
Is it hard drive encryption?
Is it cryptographic firm assigning, or is it looking hard? Drive firmer
and the correct answer is cryptographic firm Assigning. Looking hard drive firmer is not the thing. You can lock diagnostic boards, but if you need to update hard right, firmer because it has failure, blocking it won't help you. So this is another thing to protect your firmer you
the better ways to to sign it. Cryptographic Lee.
So in this lesson, in the previous, when a lesson you have learned about the ways to protect your BC components
and the next lesson, I will be talking about physical PC protection.