On Thu, May 17, 2007 at 10:40:11AM -0700, BradenM - Sonoma Computer wrote:
> Hi;
>
> In the past, I read an article which told me of a process in which a cd houses
> the important system binaries and software and even some settings and is left
> outside of the machine so that unauthorized users, and even root, cannot
> access the programs unless the disc is within the system's cdrom drive.
> Does anyone have any resources which explain and show the process for doing
> something similar to that which is stated above?
Aside from the answers you've already received, I've heard quite a few
people running the entire system from CD for security-sensitive things
like firewalls, mostly when using Linux. (The argument is that it is
very hard to compromise a machine in a way that survives reboots if you
can't write to the system disk.)
Of course, this is an OpenBSD list, and I am sure we can all imagine the
easy Linux-bashing remark that follows. It's not entirely unjustified,
either; if an attacker can compromise your system once, he can comprose
it twice.
Also, I've found that anything that makes upgrading the system harder,
including removing the compiler, is very likely to be a net security
loss.
Joachim
--
TFMotD: dirname (1) - return directory portion of pathname
