On Wed, 6 May 1998, Shawn McMahon wrote:
> -----Original Message-----
> From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Wednesday, May 06, 1998 4:11 PM
> Subject: Re: Single user mode
>
>
> > OTOH, that's the reason most *nix boxes are in a modestly secure
> >location. One easy way to solve that problem is to remove the keyboard
> >and monitor from the server, so that you cannot interact with the machine
> >from it's physical location without a bit of work.
>
>
> It's a fundamental principle of computer security that physical security is
> AT LEAST as important as any other kind of security, and no computer is
> truly secure if it's not physically secure.
There is no such thing as secure. There's only levels in trying to get
closer to that theoretical state which exists in most people's imagination
when considering their computer because they just set a screen-saver
password.
> Even O'Reilly's "Computer Security Basics", in it's discussion of
> vulnerabilities in the introduction, lists "Physical Vulnerabilites" first.
>
> Any machine that can be physically accessed has many of it's safeguards
> subject to easy nullification.
Physical access kills security on 95% of PC systems running Linux. Win95
has no security to begin with, and NT's security is laughable at best.
The problem with Linux is while it's meant to be secure for remote access,
it isn't really meant to be secure against someone at the console... once
someone gains root on a Linux system, you're screwed... no damage control.
But then PC cases have never really been secure either. The so-called
keyboard lock is a perfect example of this.
A friend I knew went part-way in this... he used security screws and a
blowtorch on his case, and took some other security measures. If you can
secure the case, and then implement CMOS password security, while it's
seriously going to screw automated reboots, it would be somewhat secure.
I recently got a new full-tower case from AOpen... 12 bays, 5 5-1/4" and 1
3-1/2" external.. it's got a very nice panel design... the two side
panels slide on (on rails) and then the top panel slides over, and holds
the two side panels in place with two tabs on either side. Additionally
they have a "locking tab" which you can screw down under the top panel and
which would let you put a padlock there to prevent the panels from being
removed. While a hacksaw would make quick work of this (maybe 1/16" metal
on the tab) it was a nice thought. The other flaw in the design is the
very nice sliding motherboard panel, which slides out the back after
removing 4 screws, unhindered by the side/top panels. Doh! (yes, cables
would still be a problem, but again, it's proof that the locking tab was
"a nice idea", but not much more).
> If data isn't encrypted, it can be read from hard drives easily, no matter
> what the operating system or file system format, assuming someone has taken
> the time to write the right programs or can boot the operating system from
> some other medium than the "secured" hard drive.
This is really the only way one can actually "secure" the system to any
degree, in my opinion. loop encrypted filesystems go a long way to this
end though, and with triple-des encryption, it's going to make access to
the system somewhat difficult once it's powered down without the
password(s). Hardware encryption devices are also an interesting idea to
this end. There's still problems with this though, so for full security,
you'd need it setup like an SSL CA (certificate authority) server.
Faraday cage, anyone? ;)
> Linux can boot from a floppy. It doesn't matter *WHAT* your security
> precautions are, if they can be bypassed merely by sticking a floppy in a
> drive.
Or disabling the floppy drive and/or the boot sequence in the CMOS setup.
Password-protecting the CMOS setup would naturally also be a good idea if
doing this. Password can still be erased by pulling the battery and
letting it sit, but then this would still entail access to the internals..
> And removing the floppy doesn't help, if they have a screwdriver and another
> floppy drive...
Again, this would entail access to inside the case. One *can* make a case
somewhat tamper-resistant such that you'll notice tamering, but be warned,
for every security invented, a way around it has been figured out. This
includes "security screws" and the like.
A combination of things such as security screws and a contact strip on the
case cover, or a light-sensitive thingie, wired into a high-decibel
alarm.... to this end, security through obscurity. :)
> The best cure for all this is a locked room and a server that sits in plain
> view of a trusted human. There's no substitute for this.
*laughs* naturally. my personal home computer sits next to my bed, but
then i'm a lazy person with no life, and i'm sure this wouldn't work for
everyone. it is quite comfortable though! ;)
> Ideally, I'd have my servers built into my chair, and I'd take them home
> with me in the evenings. :-)
>
> A pitbull with AIDS chained to them during the evenings would be a close
> second.
*laughs* the first is an interesting idea... the second, well, that could
have it's downsides too... especially if you forgot to feed it.
Cheers!
-macker
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
