UEFI Setup Demo

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

3 hours 35 minutes
Video Transcription
hello and welcome to P C Security Intermediate course.
In this video, I will do a short demo off how to do set up on in a few if I won one particular BC
and also about the methods to replicate that thing to other PC's. So,
uh, I'm using my HB elite book 840 g five PC because this is what I have And forgive me for poor quality of video. But if you know, this was
this is about you if I set up. So there is no way that I can run some kind of screen capital surely deal
software within the bias. So I had to recorded with my camera,
and you can see here that we are in the,
basically what you get when you press escape key on the boot sequence, and then we go to buy a set up,
and then you have a lot of things in security setting. So basically, you can enter bias administrator set up, which is the first I d thing I did. You see my hands typing it
And, uh, as every bias has every password, you have to enter twice just to make sure that you haven't typed something wrong. So this is the first step you do when you secure your PC. Then if you go here, you hear can define rules for ah,
on these
bayous passwords. You should of course, do it before you enter it. But I'm just showing you things that can be done. So you have some things about TPM. It's basically available. You can disable it, but then you cannot use any of these usual
security things that they're associating with.
TPM aan den. We have by a sure start, which is, as I mentioned before, HB specific things and you can do some things there.
So you see, this is a manual process. I will not go into details that everything you do, I would just mentioned some things a little bit later.
So you can you can change course that preference in the eye. And if you don't know what they're going to do, don't use them. If you have h beats pc, just ah take of the detail. Look in the in the health about setting of bias in the machines that have sure start on because
you can mess things up and then you have
problems making it work again. So
when you go to advanced, you can change things in, for example, how they're USB ports are you can disable on the left side of the PC or on the right side of the PC,
and then you have some other things within s so you can you can disable smartcard or tangible C type C boards. You can change the level of security on thunderbolt, which is
by default. No security. You can ramp it up.
Uh, and essentially,
there are quite a lot of things that you should do. Of course. What are you going to do? Really depends on what you actually need from your machine. Because if your bead for example, USB C ports, you cannot
you shouldn't disabled them. So this is something that you should consider in detail.
What happens next? Is that
imagine you are running the security in the company that here's that has a couple of thousands of PC, so you're definitely not going to have enough men of power for people to go through all of this. So what do you do? In that case,
they're every manufacturer has some kind of futility that helps you remotely set the bite. So you did it on one machine and you have what's a 800 of the same device ing deployed in your network?
So what do you do? You use that utility in a trice case? This utility is basically a utility that is ah, run from command mode. So
it's ah
by his configuration utility, and it has a command line and gets parameters. So, for example, in this case, we're going to just do the get confident, put it in the file,
and, uh,
it's going to be called conflict duct txt.
And then we run it, and then the
the utility runs, you see the opening in a separate command line
from the window.
And when it finishes, it will create a file called Conflict TXT in the same folder in which we had
this utility,
and then now you see that we have all the settings are in virus that you have seen already there, and I'm not going to go into details. So what you can do is you can just extracted those you need to change you
that there, for example, compared to the default state of the PC when it gets from the factory
and then you change these things. It's very simple. It's text line mode. So you you change just you put the Asterix instead of no to yes or whatever.
You make it work like that. And then you created file and then using the same utility and whatever tools, you administrators have to push some things. Basically, you should have the secure utility installed on every PC. Then you just push the file.
And when they're booted, next time it's it executes with the parameters that you have given it
and, uh,
E to
basically changes that by settings. And you can also do in these bios settings that push that it should rest R to restart the machine after the Trojan settings, mean
implemented change of settings and then when it restarts, then there actually there.
So this is how it works off course. There are other tools which allow you to do it through, um uh, some kind of visual interface, like, for example, in nature piece case, they have AH management liberation kit, which integrates in Microsoft. This is CM, which allows you to do all these things from one console
and other manufacturers like Dell and Lenovo, they have their own tools.
Now, if you look at the market HP, Dell and Lenovo Day, they pretty much owned the market. It's it's like 2/3 of the market share these three companies have, or something like that. So they are the most important buns. Other companies are not so much involved
in the business. BC So when you look at the business species, those that they're used solely for business than the HP Dell in low will they hold a much greater market share. I don't know the numbers, but I believe it's above 85%.
So when you when you look at these, it's essentially important what these three manufacturers have, and all of them have some way for administrators to remotely set up bias, which is the first step in setting up pieces security. So unless you have set the bias up and
unless you have some tools in which you can check the integrity or prevented the changes, Tobias,
then you don't have trusted heart. You don't have a trusted harder in the platform before you were on the OS,
so this is how you do it.
And in the next module, either there will be talk about the Texan, US
Up Next