Quoting Gideon N. Guillen ([EMAIL PROTECTED]): > Of course, you can't rely on BIOS and GRUB security alone. Those two are > meant to stop average-skilled users. :)
My interpretation: Techies love to play with gadgets, and a solid majority of the so-called "security authors" I encounter are basically gadget freaks. As such, they're always warm to the notion of adding more mechanism and complexity, as allegedly enhancing security. My main server, uncle-enzo.linuxmafia.com, is an old 2U rackmount box near my desk, running headless in my living room at home. Physical security resides in the fact that anyone connecting a monitor to it, fooling with the power, or futzing with the keyboard will motivate me or my wife to say "Hey, what the heck are you doing?" And it resides in the fact that my house is, well, my home. I think this foolishness about "console security" traces back mostly to Microsoft Corporation, of all people: When MS-Windows NT Server came out, Microsoft claimed company file servers using that OS could be safely deployed in the middle of one's office with effectively zero physical security, because they claimed NTFS was impregnable. Look, they said: Boot floppies and such can't break into it. The few network admins in the audience tended to object that this is irrelevant on grounds already cited. (The bad guys can, if nothing else, just lift the hard drive out, take it home, and mount it as a second drive on their own NT system.) The Linux community put an additional nail in that argument's coffin, via Linux's NTFS driver and its inclusion in maintenance floppies and bootable business cards. But the urge to claim that a physically unrestricted console is "secure" because of software tricks seems to have survived and is still with us. -- Cheers, There are only 10 types of people in this world -- Rick Moen those who understand binary arithmetic and those who don't. [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
