From: NIST
The National Institute of Standards and Technology (NIST) is requesting comments on new draft guidelines for securing BIOS systems for server computers. BIOS—Basic Input/output System—is the first major software that runs when a computer starts up. Both obscure and fundamental, the BIOS has become a target for hackers.
Server manufacturers routinely update BIOS to fix bugs, patch vulnerabilities or support new hardware. However, while authorized updates to BIOS can improve functionality or security, unauthorized or malicious changes could be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization’s systems or disrupt their operations. BIOS attacks are an emerging threat area. In September, 2011, a security company discovered the first malware designed to infect the BIOS, called Mebromi.*
An important mechanism for protecting BIOS in servers is to secure the BIOS update process, guarding against unauthorized BIOS updates. NIST’s 2011 publication on BIOS security** provided instructions for protecting BIOS in desktops and laptops. The guidelines focused on the core principles of authenticating updates using digital signatures, BIOS integrity protection and “non-bypassibility” features that ensure that no mechanisms circumvent the BIOS protections.
BIOS Protection Guidelines for Servers addresses BIOS security in the varied architectures used by servers. “While laptop and desktop computers have largely converged on a single architecture for system BIOS, server class systems have a more diverse set of architectures, and more mechanisms for updating or modifying the system BIOS,” says author Andrew Regenscheid. In addition, many servers contain service processors that perform a variety of management functions that may include BIOS updates, and this document provides additional security guidelines for service processors.
Servers require more flexibility, according to Regenscheid, because in addition to having different architectures, they are almost always managed remotely. BIOS Protection Guidelines for Servers is written for server developers and information system security professionals responsible for server security, secure boot processes and hardware security modules. The draft publication BIOS Protections Guidelines for Servers, (NIST Special Publication 800-147B), is available at http://csrc.nist.gov/publications/drafts/800-147b/draft-sp800-147b_july2012.pdf. NIST requests comments on this draft by Sept. 14, 2012. Please email all comments to 800-147comments@nist.gov.
Elevate your cybersecurity career with our cutting-edge https://www.activedumpsnet.com/ECCouncil-dumps/312-50v12.html Exam Questions Answers [2023]. Designed by industry experts, our comprehensive guide ensures you’re fully prepared to conquer the latest exam challenges.
What sets us apart:
Updated Content: Stay ahead with the latest exam trends and techniques.
Realistic Practice: Simulate the exam environment with our meticulously crafted questions.
Expert Guidance: Benefit from insights shared by seasoned professionals.
Instant Results: Track your progress and identify areas for improvement.
24/7 Support: Our dedicated team is ready to assist you, anytime.
Don’t leave success to chance. Supercharge your career in cybersecurity with 312-50v12 Exam Questions Answers [2023] today!
In fact, it seems to me that it can use the necessary resources. So my friend decided to suggest me to buy vps with bitcoin that has helped me to get better server. I learned something from that that I didn’t really understand. I hope that eventually they will also learn something new from this feature.