Nick Holland wrote: > > Bob Beck wrote: > ... > > IMNSHO, a root password for single user makes the system *LESS* > > secure, and I'm dead serious. I would object to any attempt to commit > > changes to OpenBSD to have one by default. Why? Real simple: *because > > you asked this question*. - Now I'm not just crapping on you, every > > new sysadmin I know asks this. The point is, if OpenBSD put a root > > password on single user, you might be tempted to think that somehow, > > someway, a not-physically secured machine was secure, and be tempted > > to deploy it that way. And don't laugh, I've seen the assumption made > > (I work at a university). My point is that putting "security" measures > > in place that do not do anything because of equivalent access make > > people believe that they *do* do something, and therefore people make > > incorrect assumptions and do things insecurely. > > > > "Physical access is everything highness. Anyone who says differently > > is selling something." > > > > -Bob > > Here's another example: > > My boss feels that it is important that he have a list of administrative > passwords to all servers in our company. > > Now, call me no fun, but the idea of a password for the perimeter > security firewalls sitting in an Excel spreadsheet on a laptop he > selected because it was small and expensive and he likes to carry around > to impress people scares the hell out of me..and thus, the PWs are not > there. > > Now, he's got a point...yes, we have multiple administrators, but we are > friends outside of work, so we are not infrequently in the same place at > the same time, so the possibility of us both being killed in the same > Celtic Music Riot or explosion of the same Mongolian Grill can't be > discounted. If something happens to both of us, someone will need to be > able to get into those systems. So...I just wrote up and showed him > (and had him try) the "lost my PW" process in the FAQ, and had him force > the root PW. And he was satisfied (other than the look on his face that > seemed to be slightly pissed that I was denying him something he wanted, > even though he knows I satisfied the goal of the demand he made). > > NOW...if we had something that had some kind of master password that was > required even with physical access, we'd probably have to have either > created an unused account for him (bad idea) or recorded a master > password on his magic Excel spreadsheet (another bad idea). I don't > think that would have improved security one bit. > > Sometimes, you got to make it easy to get in in a controlled way to make > it harder for the wrong people to get in in a less controlled way. > > Nick.
?? odds the laptop winds up on eBay, drive intact ??
