> That wasn't a rhetorical question. Why bother locking your door? > Any intruder worth his weight in salt can circumvent such a simple > security mechanism with ease. [...] > Out of X number of would-be intruders, only a small fraction of those would, > under most circumstances, have the balls and the time to dismantle the server > without being noticed; versus all those who would (perhaps even out of sheer [...] > Fact is... I would _rather_ force that rare motivated and prepared intruder > into taking down the box... sheesh, at least I'd be alerted that something > went wrong rather quickly. Versus having some ghost in the shell merrily have > his way with the system for a period of time. > > It's weird, it seems so obvious. Passwords help with security. Anyone who > relies on them too heavily is being foolish; but regardless - they're most > certainly a useful and proven preventative measure to a vast majority of > likely potential situations. > > > Once you have physical access to the machine, it's yours > > anyway. Just boot the Plan 9 CD and mount the fossil or any of the > > other possibilities that arise when you are able to physically insert > > bootable media into a system and force it to reboot. > > > > This assumes that: > > 1 - the intruder came prepared with a Plan 9 disk > > 2 - the machine in question does in fact have a cdrom/floppy attached >
i think you're arguing three ends against the middle. if the intruder is willing to break down doors, the intruder can just take the machines, too. on the other hand, you argue that you'd need to be prepared to use a live cd or whatnot. but that's just not the case. you can smash and grab. or bring a bootable usb stick and either erase or copy files. first step in understanding security is understanding what the real threats are. or that failing, what threats one would like to protect against. for example, in the office there's a lock and alarm on the front door, a lock into the suite but there's no lock on the machine room door, nor the physical consoles. this has increased system availablity. since i've been able to talk people through problems when i wasn't on site. sure anyone in the company could go mess with the fileserver or auth server. but, that wouldn't be too smart. and the sr with the fileserver's storage has hot swap drives. it would be easier to hose the fs by pulling drives than anything else. great plausable deniablity. the disk drives could have gone nuts. in fact the only physical security problem we've had was an accident. somebody pushed the big red button during a machine move. demonstrating that it's hard to get to step one of security: understanding what the real threats are. by the way, if you want to lock the console, it's not hard to write such a program. just do it. - erik
