Time
3 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Transcription

00:00
hello and welcome to P C Security Intermediate Course.
00:04
In this video, I will continue talking about ways of protecting the PC harder in particular, it's going to be about protection component thick, firmer.
00:14
So we
00:15
you remember that we had the story about hard drive, firmer being compromised and that it has been happening in the past by certain government agencies. And today
00:28
there are quite a lot off people out there who are also doing the same thing.
00:34
It's rather complicated because you actually need to know how to
00:38
right the firmer for hard drive, which is not. The simple thing requires
00:43
huge amount of
00:46
knowledge and then skill, but the way to do it. And now this. This is not something that you can just do. The harder manufacturers of hardware manufacturer have to give you these
00:59
futures,
01:00
but essentially you, you need to be ableto use the cryptographic firmer assigning, and usually if the hard drive manufacturer provides this feature, it's automatically on.
01:12
You need to be able to lock the diagnostic port on the hard drive
01:19
and you have to do the secure boot. So if you have all these three things
01:23
on and you got the brand new from the factory hard drive that has, you know, it's It's an intact plastic bag,
01:32
and you got it from a secure channel that you can be pretty sure that your hard drive will not in the future be,
01:40
uh, compromise with this kind of attack so hard drive firmer won't be compromised.
01:48
The second thing about you is B
01:49
is that you should, if it's possible, if it's feasible from the business process Point of view. Disable years be memory devices and bias.
02:00
So essentially you have to disallow on the bias level. If some of the plugs in USB flash memory sticking in there, nothing will happen because you're in country procedure. Bias will determine that this is memory. The wise in the
02:19
simply won't let it anymore.
02:21
Access to the PC
02:23
Why? Because there are ways to, ah, attack the firmer off the USB controller by a mystic. Okay, it's really complicated, but it has been done in the past
02:37
then. The second thing is that if you have to allow people in the company to use USB sticks because business
02:45
requires it,
02:46
then you should let them use only USB that have the right protection. So whenever they go outside the company,
02:54
you should
02:55
turned the right protection on. So if, for example, your employees and you go somewhere and you collect some data on your USB, you should turn the white right protection off. So if somebody tries to compromise your USB,
03:08
it won't happen, at least not curing Kendrick procedure.
03:13
Of course, if you have to collect data and bring it back to the company than you cannot turn off the right protection.
03:21
But what you can do is to extend bit Locker to you is be so no direct right to the use. B will be possible,
03:29
and in the third level, you have to do so for protection that will scan the you is B immediately after it's being plugged into device and preventing anything from executing from that USB. But that's after protection that it's Windows,
03:45
and it won't do anything about low level hacks that happened below the U. S.
03:51
So with us be, my recommendation is don't lighted.
03:57
He used the toll,
03:59
but the other things are also
04:01
somehow
04:03
acceptable.
04:05
Okay, so with graphic cards, as I mentioned, Firmer is a potential threat, and driver is a real threat, so I wouldn't bother at this point With graphic cards, there is nothing so far that any manufacturer graphic cards offers in terms of protection. If you have integrated the
04:21
graphics in your chips that you're much more much better protected, because
04:27
then any tempering with firmer off your graphics is actually handled through protection of bio. So if your biases protected, then pretty much you're safe.
04:39
And this is pretty much all about protecting the components of a PC. There is not much to it. There are no tools that actually protect you from these things,
04:47
and you have to simply be careful. So in this case, the prevention is much better approach than detection, which is almost impossible and then re mediation later. So better safe than sorry is the principle that I recommend for protecting your devices
05:05
fervor components for where
05:09
is especially has to be taken in consideration when device is going to be serviced.
05:15
This is a huge problem. This is usually outside the control. Whoever is,
05:19
uh, making these things, you know, happen inside the company in terms of I t. Security. So
05:29
you at least need to have a way to make sure that whenever they put in your PC's not
05:36
compromised and to establish some procedures which show you can make sure that they follow that. For example, when they have a hard drive in there in the broken PC and it's not broken, the it never is being placed in any other
05:55
BC For diagnostic purposes.
05:58
He just stays on the PC, so it might be more costly because sometimes the hard drive may be correct, but they will still replace it because they cannot do the diagnostics.
06:09
But it is a small price to pay compared Toa, for example, losing some sensitive daytime, then exposing your company to a loss. It
06:18
don't let me ask you which method is used to protect hard drive? Firmer?
06:24
Is it hard drive encryption?
06:27
Is it cryptographic firm assigning, or is it looking hard? Drive firmer
06:32
and the correct answer is cryptographic firm Assigning. Looking hard drive firmer is not the thing. You can lock diagnostic boards, but if you need to update hard right, firmer because it has failure, blocking it won't help you. So this is another thing to protect your firmer you
06:53
the better ways to to sign it. Cryptographic Lee.
06:56
So in this lesson, in the previous, when a lesson you have learned about the ways to protect your BC components
07:02
and the next lesson, I will be talking about physical PC protection.

Up Next

Intermediate PC Security

The Intermediate PC Security course will teach students about endpoint protection. Students will learn fundamental information about PC Security and common attack vectors.

Instructed By

Instructor Profile Image
Milan Cetic
IT Security Consultant
Instructor