Featured Research

from universities, journals, and other organizations

Protecting computers at start-up: New guidelines

Date:
December 21, 2011
Source:
National Institute of Standards and Technology (NIST)
Summary:
A new draft computer security publication provides guidance for vendors and security professionals as they work to protect personal computers as they start up.

A new draft computer security publication from the National Institute of Standards and Technology (NIST) provides guidance for vendors and security professionals as they work to protect personal computers as they start up.

Related Articles


The first software that runs when a computer is turned on is the "Basic Input/Output System" (BIOS). This fundamental system software initializes the hardware before the operating system starts. Since it works at such a low level, before other security protections are in place, unauthorized changes -- malicious or accidental -- to the BIOS can cause a significant security threat.

"Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization's systems or disrupt their operations," said Andrew Regenscheid, one of the authors of BIOS Integrity Measurement Guidelines (NIST Special Publication 800-155). In September, 2011, a security company discovered the first malware designed to infect the BIOS, called Mebromi. "We believe this is an emerging threat area," said Regenscheid. These developments underscore the importance of detecting changes to the BIOS code and configurations, and why monitoring BIOS integrity is an important element of security.

SP 800-155 explains the fundamentals of BIOS integrity measurement -- a way to determine if the BIOS has been modified -- and how to report any changes. The publication provides detailed guidelines to hardware and software vendors that develop products that can support secure BIOS integrity measurement mechanisms. It may also be of interest to organizations that are developing deployment strategies for these technologies.

This publication is the second in a series of BIOS documents. BIOS Protection Guidelines (NIST SP 800-147) was issued in April, 2011. It provides guidelines for computer manufacturers to build in features to secure the BIOS against unauthorized modifications. The detection mechanisms in SP 800-155 complement the protection mechanisms outlined in SP 800-147 to provide greater assurance of the security of the BIOS.

Copies of the publication can be downloaded from

http://csrc.nist.gov/publications/drafts/800-155/draft-SP800-155_Dec2011.pdf.

Story Source:

The above story is based on materials provided by National Institute of Standards and Technology (NIST). Note: Materials may be edited for content and length.


Cite This Page:

National Institute of Standards and Technology (NIST). "Protecting computers at start-up: New guidelines." ScienceDaily. ScienceDaily, 21 December 2011. <www.sciencedaily.com/releases/2011/12/111221105826.htm>.
National Institute of Standards and Technology (NIST). (2011, December 21). Protecting computers at start-up: New guidelines. ScienceDaily. Retrieved February 27, 2015 from www.sciencedaily.com/releases/2011/12/111221105826.htm
National Institute of Standards and Technology (NIST). "Protecting computers at start-up: New guidelines." ScienceDaily. www.sciencedaily.com/releases/2011/12/111221105826.htm (accessed February 27, 2015).

Share This


More From ScienceDaily



More Computers & Math News

Friday, February 27, 2015

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Lenovo Hack May Be Retaliation For 'Superfish' Vulnerability

Lenovo Hack May Be Retaliation For 'Superfish' Vulnerability

Newsy (Feb. 26, 2015) Lenovo&apos;s website was hacked by what appears to be the infamous Lizard Squad group. The attack seems to be related to Lenovo&apos;s "Superfish" controversy. Video provided by Newsy
Powered by NewsLook.com
Cyber Criminals Holding Phone and Computer Data to Ransom

Cyber Criminals Holding Phone and Computer Data to Ransom

AFP (Feb. 26, 2015) Computer and smartphone viruses are holding an increasing number of devices hostage using “ransomware.” Duration:02:21 Video provided by AFP
Powered by NewsLook.com
China Shuns Big Tech Names

China Shuns Big Tech Names

Reuters - Business Video Online (Feb. 26, 2015) The Chinese government has taken products from major tech firms off its purchase list in favour of smaller domestic players, but experts warn the plan may backfire making them open to security risks. Eve Johnson reports. Video provided by Reuters
Powered by NewsLook.com
Apple Reveals Potential Date For Apple Watch Reveal

Apple Reveals Potential Date For Apple Watch Reveal

Newsy (Feb. 26, 2015) The company sent out announcements for a March 9 media event with a simple message, "Spring forward." Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins