"Donald A. Tevault" <[EMAIL PROTECTED]> writes:
> > 2. bootloader security
> >
> > There must be more to it that 'put a password on it' :)
> >
> There is another aspect to this that I just thought of.
>
> You'll also want to emphasize the importance of physical security in
> this regard. If an attacker can get physical access to a machine, he
> can just boot off of a live Linux CD, mount the harddrive, and get
> whatever he wants with full root privileges. All the bootloader
> security in the world won't mean a thing in this instance.
Another unstated goal for me with this exam is not to overlap what the CISSP
(and the SSCP?) cover.
I think that they do an amazing job but I would like to focus on the security
issues that are Linux specific. Social engineering, IMHO, is well tested by
the ISC2 guys.
This is also the reason that I dropped a lot of the boring down into hardware
details and networking details on the LPIC-1 exams. x86 and TCP/IP packet
formats aren't really Linux specific (not to mention kinda mean to test on a
newbie).
PS - I also think that it would be really cool if the ISC2 and LPI teamed
up to jointly cross promote their security plus LPI's linux specific
cert in some way. Anyone on the list work for ISC2 or know them? :)
Regards,
--
g. matthew rice <[EMAIL PROTECTED]> starnix care, toronto, ontario, ca
phone: 647.722.5301 x242 gpg id: EF9AAD20
http://www.starnix.com professional linux services & products
_______________________________________________
lpi-examdev mailing list
[email protected]
http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
