From b2bb418ec80bc4a32e5b7aa21738227f4c1b708b Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 22 May 2023 15:08:48 -0400 Subject: [PATCH] Create BIOS-best-practices.md --- linux-hardening/BIOS-best-practices.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 linux-hardening/BIOS-best-practices.md diff --git a/linux-hardening/BIOS-best-practices.md b/linux-hardening/BIOS-best-practices.md new file mode 100644 index 0000000..195871f --- /dev/null +++ b/linux-hardening/BIOS-best-practices.md @@ -0,0 +1,15 @@ +# BIOS and Security Settings + +BIOS, or Basic Input/Output System, is an essential part of a computer's operation, as it initiates the boot process and provides communication between the operating system and the hardware. As such, the security of the BIOS is critical to the overall security of the system. The following are some best practices for BIOS security: + +| Best Practice | Description | +|---------------|-------------| +| Set a Strong BIOS Password | Prevents unauthorized users from accessing and changing BIOS settings. | +| Enable Secure Boot | Only allows software with recognized signatures to boot, protecting against malicious code. | +| Disable Unnecessary Hardware | Reduces the attack surface by turning off unused hardware components, if supported by the BIOS. | +| Regularly Update BIOS Firmware | Fixes potential security vulnerabilities. Make sure to download updates directly from the manufacturer's website. | +| Enable BIOS/UEFI Firmware Intrusion Detection | Provides notification if BIOS settings have been changed, allowing detection of unauthorized modifications. | +| Use Full Disk Encryption (FDE) | Protects data on the hard drive by requiring a password to decrypt it. | +| Enable TPM (Trusted Platform Module) | A specialized chip that stores RSA encryption keys specific to the host system for hardware authentication. | +| Limit Physical Access | Prevents unauthorized BIOS access by securing physical systems in locked rooms or cases and using security cables. | +