Re: password for singleuser - benefits?

Fri, 29 Jul 2011 08:29:32 -0700 

On 07/29/2011 11:16 PM, Jeremiah Jahn wrote:

On the servers you REALLY care about you can  use luks and encrypted USB
keys that have to be in the system in order for it to decrypt the root
partition on boot. But most folks don't really need to go to that
extreme. Your best to decide how valuable the data you have actually is,
and how often you want to have to come into the office at 3am on a
Saturday night just to reboot something, much less wake the other guy up
to open his safe to get the key.  :)

2011/7/29 Dag Wieers <d...@wieers.com <mailto:d...@wieers.com>>

    On Fri, 29 Jul 2011, Marek Andreánsky wrote:

        Why is securing /etc/inittab helping? I've read that by
        adding init=/bin/bash to grub you can get into the machine and
        change the
        shadow file anyway, which gives you root. I'd say that Red Hat
        presumes that
        the server is in a secure location and it is therefore highly
        improbable
        that anyone could just simply sit down to it and reboot it
        without anyone
        ever noticing.


    Well, one of the additional security measures when securing a Linux
    system is adding a password to your BIOS and to your bootloader. So
    that changing the kernel commandline or booting another device by
    someone unauthorized is hard or impossible.

    You could consider someone having physical access to your system, to
    be able to walk away with the harddisk anyway (encrypted filesystem
    not taken into account), but at least that's not something you can
    do without being noticed.
Coming originally from secret squirrel land, one of the cardinal security rules for us was simply "If the attacker has physical access, you don't have security".
If we are talking about serious security environments then all hypotheticals must be taken seriously, and even overwrought schemes such as TPM do not prevent compromise in this case (neither does encryption in many cases, depending on the attacker's intention -- its not always just binary data on a disk that a smart attacker is after).
Physical acces to a system is where coded security gives way in absolute terms to physical security measures. But again, that is if we're talking about serious security environments and almost none of our use cases probably represent that -- so we're left simply balancing usability vs security like normal people. 

-Iwao

Reply via email to