On Thu, Aug 6, 2009 at 5:01 PM, John Floren<slawmas...@gmail.com> wrote: > > Oh, if we're just protecting against people wandering by who are > obviously there by mistake--since we're discounting anyone coming > prepared for serious maliciousness--how about just not having a > terminal connected to your file server? My cpu/auth/file servers don't > have anything connected except an ethernet cable and a remote serial > console. Oh, sure, there's a crash cart over in the corner that you > could drag over and plug in, but you've decided that we're only > talking about opportunists who see a prompt and decide to type some > stuff, so it's not a problem. > > The whole friggin' point of a colo is that you trust the people > running it--also, that they don't leave terminals connected to every > single one of their hundreds of customer machines. It's a locked room > in a corporate building... this ain't your little brother banging on > keys (a far more realistic reason for password-protecting a cpu > server, if you're going to be dumb enough to leave the head attached). > > I have a Plan 9 server sitting in a lab at my university. Over the > last 2+ years, it has been in the same place, powered on, connected to > a keyboard, mouse, and monitor. The only deterrent to unauthorized > users has been that I keep the monitor off, and in those 2 years I > have not found a single sign that anyone has so much as touched the > keyboard, much less done "rm -r /" or whatever it is you're afraid of. > I'm afraid you'll have to forgive me if I find the probability of > someone improperly accessing your headless colo'd box rather low. > > I invite you, though, to create some form of logging protection system > for the box. Put the box in a colo, and then in 3 years send us your > logs. I guess we'll see how many people tried to get into your cpu > server. > > > John
A note, please don't take this as a flame. I asked exactly the same sort of thing in 2005/2006, and what I wrote here is the synthesis of my experiences and changing viewpoints since then, shaped to apply to the specific situations posed. Basically, even in the environment of a university lab, considerably more hostile than a trusted colo, your house, or your corporate machine rooms, I haven't had a problem, which I attribute partially to the monitor/keyboard/mouse all being old scruffy refugees, and partially to the fact that I keep the monitor off. Realistically, I should have the peripherals unplugged and moved away from the server, because it's *not* a particularly safe place--it should either be headless, or indeed use some form of locker. Everybody asks these questions, I think, if only to themselves. The answers usually become evident, though--in my case, I had to get grouched at by the curmudgeonly 9fans before I "got" it. hasta~ John -- "Object-oriented design is the roman numerals of computing" -- Rob Pike
