On Wed, 9 Nov 2005, Jason Holt wrote:
On Tue, 8 Nov 2005, Ross Werner wrote:
they can turn off whatever customizations you have created. In the security
world, having physical access to a computer basically means that there is
no way to completely secure that computer.
Well, it depends on what you mean by "console access". The BYU kiosks are
pretty good nowadays, AFAICT. Keep them from opening the case, out of the
bios and bootloader, and then it's down to limiting what an unprivileged user
can do.
Indeed. By "physical access" I mean full physical access. Once you even
mitigate that with "supervised physical access" it becomes much more
difficult for a malicious attacker to circumvent the system.
(For example, I'm sure the proctors at these exams will notice somebody
opening a case and tripping the BIOS password reset. They'd *probably*
notice someone switching to a virtual terminal long enough to figure out
what's up with the iptables configuration and do something to get around
it. They probably *wouldn't* notice someone switching to a virtual
terminal long enough to paste the exam text into an ssh session, if done
surreptitiously.)
~ Ross
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
