On Thu, May 17, 2007 at 10:40:11AM -0700, BradenM - Sonoma Computer wrote: > Hi; > > In the past, I read an article which told me of a process in which a cd houses > the important system binaries and software and even some settings and is left > outside of the machine so that unauthorized users, and even root, cannot > access the programs unless the disc is within the system's cdrom drive. > Does anyone have any resources which explain and show the process for doing > something similar to that which is stated above?
Aside from the answers you've already received, I've heard quite a few people running the entire system from CD for security-sensitive things like firewalls, mostly when using Linux. (The argument is that it is very hard to compromise a machine in a way that survives reboots if you can't write to the system disk.) Of course, this is an OpenBSD list, and I am sure we can all imagine the easy Linux-bashing remark that follows. It's not entirely unjustified, either; if an attacker can compromise your system once, he can comprose it twice. Also, I've found that anything that makes upgrading the system harder, including removing the compiler, is very likely to be a net security loss. Joachim -- TFMotD: dirname (1) - return directory portion of pathname