السبت، 6 فبراير 2016

Dell's BIOS Verification Technology Protects From BOOT Attacks

Dell's BIOS Verification Technology Protects From BOOT Attacks


Number of ways has been provided by the Intel and PC makers in order to protect computer BIOS, and all reside within computer system. Now the another way has been provided by the Dell to protect the BIOS from attacks and it doesn't rely on the PC integrity.


In Dell's BIOS verification it undergo certain steps like...
Comparing the BIOS image against Hash generated and with those also that are stored on Dell's servers. If we conduct the Test in Dell's cloud then only it will give greater assurance (postboot image not compromised).

Brett Hansen who is the executive director of data security solutions at Dell said "whenever the employees use the device there system would always be secure".

This functionality is available for only some devices like:

· For commercial PCs having 6th-generation Intel chip set, Dell Data Protection.
· For Dell Venue Pro tablets.
· For Endpoint Security Suite Enterprise license, which includes Latitude, Dell Precision, OptiPlex, and XPS PCs.

    As BIOS setting are execute before the OS and other security software uploads so if there would be any kind of attacks against that it would be difficult to detect.

    So many companies try to protect the BIOS from malicious code so its not only the Dell. If we come across another company then HP is having secure boot tools in their business PCs line. If we talk about processor side then Intel has added so many new features in latest chip sets.

    Intel Platform Protection Technology with Boot Guard provide so many preventive measures like:

    · It offers hardware-assisted authentication.
    · Protection against BIOS recovery attacks.
    · It also uses authenticated code module-based secure boot to verify the unknown BIOS and trusted before letting the machine boot.

      The SecureBoot which has been provided by the Microsoft uses Trusted Platform module that check signature of each boot software piece. It can includes firmware drivers and the operating system, before letting the PC boot so that they can ensure that malware would not load onto the PC. Hansen said that" Whatever the approach has been taken up by the Dell is totally different from the other companies". In real time also we can't performed hashing and comparison of BIOS against any trusted image. Dell computers with the Endpoint Suite and the BIOS verification technology will compare the SHA256 hash of the BIOS against the known good version created by Dell and stored on the servers belonging to Dell BIOS Lab. If there is an issue, Dell alerts the IT administrator.

      You might think that Dell's BIOS verification technology actually stop the device from booting but it's not so apart from this it just notifies admin of the issue and leaves it upto IT to do next.

      Many enterprises focus their efforts to detect and protect against advanced persistent threats and other targeted attacks on the network layer, but that doesn't mean the endpoint doesn't need its own defenses. A defense-in-depth approach means having multiple layers of protection in place to detect attacks like spear phishing and ransomware.

      For example, In November in a response to protect PCs from any kind of code execution attacks Dell integrated Cylance's artificial intelligence and machine learning technology into Dell Data Protection | Endpoint Security Suite. Cylance's technology can easily detect both targeted and zero-day attacks as it is relies on machine learning to identify attack code. Dell Data Protection | Endpoint Security Suite gives IT a single source to manage comprehensive encryption, advanced authentication, and malware protection.

      But it's not a time to worry about it because BIOS attacks are still not as widespread as other types of attacks, but it still need an action to be taken so that in future we might not face any kind of security issue regarding that.

      ليست هناك تعليقات:

      إرسال تعليق