1 Do you think BadBIOS iswas real Why or why not 2 What does

1. Do you think BadBIOS is/was real? Why or why not?

2. What does it mean for a system to be “air-gapped”?

3. Are there any well-known methods ford efending against firmware attacks?

4. Do you consider the hardware you use on a daily basis to be secure? If so, what assurances do you have that your hardware is secure? If not, why?

Solution

1.Bad BIOS is a BIOS-level Trojan that can affect Windows, Macintosh, Linux and BSD systems.The BIOS (Basic Input / Output System) is the firmware that runs while a computer boots up. A BIOS attack infects the BIOS with malicious code and is persistent through reboots and attempts to reflash the firmware.

there is no unity among the security community about the existence of BadBIOS, it is an alleged advanced persistent threat reported by network security researcher Dragos Ruiu in October 2013^[1] with the ability to communicate between instances of itself across air gaps using ultrasonic communication between a computer\'s speakers and microphone.

there is no exact proof of its exsitence ,so i dont think it is real, while In December 2013 computer scientists Michael Hanspach and Michael Goetz released a paper to the Journal of Communication demonstrating the possibility of an acoustic mesh networking at a slow 20 bits per second using a set of speakers and microphones for ultrasonic communication in a fashion similar to BadBIOS\'s described abilities.

2.Air Gap- Anair gap, air wall orair gapping is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.The name arises from the technique of creating a network that is physically separated (with a conceptual air gap) from all other networks. The air gap may not be completely literal, as networks employing the use of dedicated cryptographic devices that can tunnel packets over untrusted networks while avoiding packet rate or size variation can be considered air gapped, as there is no ability for computers on opposite sides of the gap to communicate.

3.there are some methods though which we can defend against firmware attack as follows:-

Install endpoint security software on all endpoints.

Enable automatic OS updates, or download OS updates regularly, to keep operating
systems patched against known vulnerabilities.
Install patches from other software manufacturers as soon as they are distributed.
Encrypt important data and hard drives.
Eliminate mass phishing campaigns with secure gateway email fltering.

Implement sender identity verifcation to reduce the risk of cybercriminals being

mistaken for trusted parties.
Detect and eliminate malicious attachments with advanced anti-malware.
Scan URLs in email when received, and again when clicked.
Scan web trafc for malware when phishing leads the user on a multiclick journey to
infection.
Educate users on best practices in detecting and acting upon suspicious emails.
Implement data loss prevention to stop exfltration in the event of a breach.

4. yes ,hard ware i use on daily basis are secured,the assurances that i take to make it secure are as follows:-

a. From a security standpoint, the pieces of hardware that will help provide security are firewalls and routers.Firewalls come in two varieties: hardware and software. we can purchase a physical firewall device or run a firewall application. Many routers have firewall software built into them.

Firewalls act like filters. They help you monitor data traffic between your network and the Internet. If you detect unusual traffic, that\'s a potential sign that someone has compromised your home network\'s security. Most firewalls have several security settings to choose from. The most restrictive settings are generally the safest, but they also limit your options. Most firewalls will allow you to create a list of Web addresses that are off limits.

If you use a wireless router, you should make sure you set a password and enable encryption. Unprotected wireless networks are a bad idea. Most routers have either Wireless Encryption (WEP) or Wi-Fi Protected Access (WPA) encryption options. Some have both. WPA is more secure than WEP. Enabling encryption and choosing a strong router administrator password are two steps that will help keep your network secure.

b.all web services shut off, i.e. the computer shall not offer active web services

(e.g. printout, file division etc.) as a default setting. This means that no one else
will be able to benefit from services which the user does not know about or has not
deliberately turned on. The consequence of such services already being turned on
at delivery is, for example, that information in the computer is made available to
others for whom it is not intended, outside the user’s control.
c.web services which are robust and resistant to attacks; the services
activated must not be amenable to abuse or manipulation from the web. Otherwise
other web users can sabotage a computer from outside, from the web.

d.simple functions for activating web services and configuring
authorisation for those entitled to use them; failing this there will be a serious
risk of the user either not being able to use the services he wants to or of his
opening without control and making the computer accessible to others over whom
the user has no control.
e.the possibility of separating different users; security functions must be
viewed in relation to the applications and services used. If access limitations
cannot be based on an individual, i.e. adapted to allow a user to protect personal
information, then there is an obvious risk of different members of the family being
able to read or destroy each other’s information.

f.anti-virus programs with the possibility of automatic updating; otherwise
there is a serious risk of the computer becoming infected with a virus. New viruses
are being developed all the time, and anti-virus programs can only follow hard on
the heels of that development, they cannot really anticipate it. Virus attacks can
have a number of negative consequences, from completely wrecking the computer
to the user, for lack of protection, contributing towards the destruction of other
people’s information or computers.

g.applications which will not automatically and without prior warning
execute programs which have come in through the web; in this way it is
possible, for example, to prevent a program concealed in an e-mail letter sending
itself to all recipients in the user’s address book.

h.back-up functions; protective measures not with standing, it is possible for all
information and software in the computer to be lost, e.g. in the event of a hardware
fault, virus attack etc. If so, it is important to be able to repair the computer and
restore the information.

i. description (and references) so that, from the computer, a user can easily
access information about relevant IT security problems; a measure of this
kind will help to create greater awareness of risks and greater knowledge about
protection.