Means
Aiding and Abetting
Asset Control
Bluetooth
Bring Your Own Device (BYOD)
Clipboard
FTP Servers
Installed Software
Media Capture
Network Attached Storage
Physical Disk Access
Printing
Privileged Access
Removable Media
Screenshots
SMB File Sharing
SSH Servers
System Startup Firmware Access
Unrestricted Software Installation
Unrevoked Access
Web Access
- ID: ME016
- Created: 25th May 2024
- Updated: 24th July 2024
- Platforms: Windows, Linux, MacOS
- Contributor: The ITM Team
System Startup Firmware Access
A subject has the ability to access the system startup firmware of a target system.
Subsections
| ID | Name | Description |
|---|---|---|
| ME016.001 | Target Disk Mode Access | A subject has the ability to put the target system into “Target Disk Mode” (MacOS). |
Prevention
| ID | Name | Description |
|---|---|---|
| PV031 | Bootloader Password | First stage bootloaders such as BIOS (Basic Input/Output System) and UEFI (Unified Extensible Firmware Interface) or second stage bootloaders such as GNU GRUB (GNU GRand Unified Bootloader) and iBoot, generally provide the ability to configure a bootloader password as a security measure. This password restricts access to the computer’s firmware settings and, in some cases, the boot process.
When a bootloader password is set, it is stored in a non-volatile memory within the firmware. Upon powering on the system (and the bootloader settings being selected) the bootloader prompts the user to enter the password before allowing access to the firmware settings, thereby preventing unauthorized users from altering system settings or booting from unauthorized devices. |
| PV002 | Restrict Access to Administrative Privileges | The Principle of Least Privilege should be enforced, and period reviews of permissions conducted to ensure that accounts have the minimum level of access required to complete duties as per their role. |