Re: Password Security
On 11/24/06, RW <[EMAIL PROTECTED]> wrote: On Friday 24 November 2006 05:37, Norberto Meijome wrote: > Precisely - MS makes a very strong (and valid) point of saying that once > 'the bad guys' have physical access to your box, the machine is owned. > > The was a (very cool) presentation in Ruxcon (ruxcon.org) this year about > hacking into someone's machine via Firewire. And even if it was an exploit, > neither the researcher/hacker nor MS would consider it "security issue", > because to use this FW attack you need physical access... ie, you've lost > the battle already, it's just a matter of picking your method of breaking > in. I think that's a bit complacent of MS, given that most instances of their OS don't run on servers. If a desktop machine has encrypted partitions, it is protected against someone stealing it and breaking in at their convenience. Reading data from a running machine, shouldn't be as convenient and inconspicuous as plugging-in a cable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" But what about database encryption? Is it possible to encrypt mySQL database and what is the best method to encrypt which does not affect the performance? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Friday 24 November 2006 05:37, Norberto Meijome wrote: > Precisely - MS makes a very strong (and valid) point of saying that once > 'the bad guys' have physical access to your box, the machine is owned. > > The was a (very cool) presentation in Ruxcon (ruxcon.org) this year about > hacking into someone's machine via Firewire. And even if it was an exploit, > neither the researcher/hacker nor MS would consider it "security issue", > because to use this FW attack you need physical access... ie, you've lost > the battle already, it's just a matter of picking your method of breaking > in. I think that's a bit complacent of MS, given that most instances of their OS don't run on servers. If a desktop machine has encrypted partitions, it is protected against someone stealing it and breaking in at their convenience. Reading data from a running machine, shouldn't be as convenient and inconspicuous as plugging-in a cable. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Thu, 23 Nov 2006 08:25:20 -0500 Bill Moran <[EMAIL PROTECTED]> wrote: > > So, does it mean that Windows 2003 Server provides more Password Level > > Security with Unauthorized Access? > > Where is this presumption coming from? Windows OS suffer from the same > difficulty protecting from physical intrusion that any other OS does. Precisely - MS makes a very strong (and valid) point of saying that once 'the bad guys' have physical access to your box, the machine is owned. The was a (very cool) presentation in Ruxcon (ruxcon.org) this year about hacking into someone's machine via Firewire. And even if it was an exploit, neither the researcher/hacker nor MS would consider it "security issue", because to use this FW attack you need physical access... ie, you've lost the battle already, it's just a matter of picking your method of breaking in. In short, secure the box both physically and network / services-wise as much as possible. Best, _ {Beto|Norberto|Numard} Meijome UFOs are for real: the Air Force doesn't exist. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
> 1. Password on BIOS Knowing that it is enought to remove the battery in order to remove the BIOS password. > 2. Change the order of booting i.e. When system is installed and working > once, then I just the change the Booting FIRST from HardDisk. You can also consider to remove the CD and floppy drives. Modern machines can boot from USB CD when needed. > 3. Put the password on Single User mode. Right. 4. Encrypt your hard disk. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Thu, 23 Nov 2006 17:47:26 -0500 Bill Moran <[EMAIL PROTECTED]> wrote: > > Well, I am not an expert on FreeBSD. And thats why I don't know > > that how it works that > > > > If 4 Disks of same size for example 146GB each and they are > > configured with RAID 10, and Root, SWAP, /usr, /var File systems > > have been created on them. And if one takes one or two harddisks > > and how come he would be able to read the data when data is splited > > on 4 disks? > > Your logic escapes me. If someone were to physically break in to the > machine to steal your data, why would they only take some of the > drives? And to add to it, just in case this comes up next: if the drives are attached to some kind of external controller, of course one takes that too. Even easier if you steal a geom based software-raid10. just put the drives into a freebsd box and the volume appears (if glabel is also used). Otherwise you'll have to do some juggling, but surely no rocket sience. -- | /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a | | \ / campaign against |0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 | | XHTML in email |.the next sentence is true. | | / \ and news | .the previous sentence was a lie.| signature.asc Description: PGP signature
Re: Password Security
On Thu, 23 Nov 2006 23:08:18 +0100 VeeJay <[EMAIL PROTECTED]> wrote: > On 11/23/06, Bill Moran <[EMAIL PROTECTED]> wrote: > > > > On Thu, 23 Nov 2006 10:45:19 +0100 > > VeeJay <[EMAIL PROTECTED]> wrote: > > > > > On 11/23/06, Olivier Nicole <[EMAIL PROTECTED]> wrote: > > > > > > > > > And how can one into the System by booting from a CD if it still > > > > > requires the Password even in Single User mode? > > > > > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > > > > > Booting in single or multi user mode is at Operating system level. > > > > > > > > Booting is in the following order: > > > > > > > > 1) BIOS select what medium to boot from > > > > > > > > 2) the operating system boot from the selected medium > > > > > > > > So when it comes to the Single user password, itis already at stage 2) > > > > it has passed the stage 1 (booting from hard disk ofr CD) without > > > > password. > > > > > > > > Olivier > > > > > > > > > > So, it means, that I should take the following steps > > > > > > 1. Password on BIOS > > > 2. Change the order of booting i.e. When system is installed and working > > > once, then I just the change the Booting FIRST from HardDisk. > > > 3. Put the password on Single User mode. > > > > > > So, what more? Do you people think that I have got somehow security > > barrier > > > for unauthorized access? > > > > Physically _LOCK_ the server up. Anyone who can get physical access to > > the > > unit can remove the drive and access it from another machine, bypassing > > all > > this stuff. > > > > Another option is to encrypt the hard drives, but this will require you > > (or > > someone else) to enter the password for the encrypted drives every time > > the > > system boots up, so it's generally a maintenance nightmare. > > > > > Well, I am not an expert on FreeBSD. And thats why I don't know that how it > works that > > If 4 Disks of same size for example 146GB each and they are configured with > RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. > And if one takes one or two harddisks and how come he would be able to read > the data when data is splited on 4 disks? Your logic escapes me. If someone were to physically break in to the machine to steal your data, why would they only take some of the drives? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
How RAID 10 works (was: Re: Password Security)
PMFJI On Thu 23 Nov 23:08, VeeJay wrote: > Well, I am not an expert on FreeBSD. And thats why I don't know that how it > works that > > If 4 Disks of same size for example 146GB each and they are configured with > RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. > And if one takes one or two harddisks and how come he would be able to read > the data when data is splited on 4 disks? With a four disk RAID 10 array you would need two (or more) drives and it would have to be the right two in order to read _all_ of the data. See: http://www.techtutorials.net/tutorials/hardware/raid.shtml RAID 10 is near the bottom. Cheers, Nick. -- "Elves are wonderful. They provoke wonder. Elves are marvellous. They provoke marvels. Elves are fantastic. They create fantasies. Elves are glamorous. They project glamour. Elves are enchanting. They weave enchantment. Elves are terrific. They beget terror. No-one ever said elves are _nice_. Elves are _bad_." ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On 11/23/06, Bill Moran <[EMAIL PROTECTED]> wrote: On Thu, 23 Nov 2006 10:45:19 +0100 VeeJay <[EMAIL PROTECTED]> wrote: > On 11/23/06, Olivier Nicole <[EMAIL PROTECTED]> wrote: > > > > > And how can one into the System by booting from a CD if it still > > > requires the Password even in Single User mode? > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > Booting in single or multi user mode is at Operating system level. > > > > Booting is in the following order: > > > > 1) BIOS select what medium to boot from > > > > 2) the operating system boot from the selected medium > > > > So when it comes to the Single user password, itis already at stage 2) > > it has passed the stage 1 (booting from hard disk ofr CD) without > > password. > > > > Olivier > > > > So, it means, that I should take the following steps > > 1. Password on BIOS > 2. Change the order of booting i.e. When system is installed and working > once, then I just the change the Booting FIRST from HardDisk. > 3. Put the password on Single User mode. > > So, what more? Do you people think that I have got somehow security barrier > for unauthorized access? Physically _LOCK_ the server up. Anyone who can get physical access to the unit can remove the drive and access it from another machine, bypassing all this stuff. Another option is to encrypt the hard drives, but this will require you (or someone else) to enter the password for the encrypted drives every time the system boots up, so it's generally a maintenance nightmare. Well, I am not an expert on FreeBSD. And thats why I don't know that how it works that If 4 Disks of same size for example 146GB each and they are configured with RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. And if one takes one or two harddisks and how come he would be able to read the data when data is splited on 4 disks? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
Being able to Kensington lock the machine so that it can't be opened (thinking of Dells), you can prevent physical access to a large degree (only have to worry about people that can screw up the lock), and prevent people from taking the drive OR resetting the CMOS jumper, giving people access to the BIOS without a password (one thing that many people haven't mentioned about security so far). -Garrett Sorry to disappoint you, but Kensington locks can easily be unlocked, using a toilet paper roll, pen, and tape. We tried this at work because my collegue protected his flat screen with it, but forgot his key at home on the day we moved to a new office. We needed a bit longer, thou... The video is wmv, but I didn't find a version in another format (but mplayer can play it): http://www.toool.nl/kensington623.wmv I wonder if the data on this machine is as sensitive as this thread suggests it... ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Nov 23, 2006, at 7:57 AM, Gregory Carvalho wrote: You might consider a safe with A/C from Black Box. Expensive, but an option for you. On Tuesday 21 November 2006 19:41, VeeJay wrote: Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Thanks in advance -- BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" Being able to Kensington lock the machine so that it can't be opened (thinking of Dells), you can prevent physical access to a large degree (only have to worry about people that can screw up the lock), and prevent people from taking the drive OR resetting the CMOS jumper, giving people access to the BIOS without a password (one thing that many people haven't mentioned about security so far). -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
You might consider a safe with A/C from Black Box. Expensive, but an option for you. On Tuesday 21 November 2006 19:41, VeeJay wrote: > Hi > > I need to secure my data and server. Any advice will be highly appreciated. > > I am going to place my FreeBSD server at a shared place? > > I am just afraid that any unauthorized person might boot machine in single > user mode and steal the data? > How can I make my Server secure that if if boots in single user mode, it > still demands the password and without password one cannot do anything? > or make it possible that booting in Single user mode, doesn't provide any > shell? > > Thanks in advance > > -- > > BR / vj > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Thu, Nov 23, 2006 at 10:45:19AM +0100, VeeJay wrote: > On 11/23/06, Olivier Nicole <[EMAIL PROTECTED]> wrote: > > > >> And how can one into the System by booting from a CD if it still > >> requires the Password even in Single User mode? > > > >Booting from CD, floppy or hard disk is slected at BIOS level. > > > >Booting in single or multi user mode is at Operating system level. > > > >Booting is in the following order: > > > >1) BIOS select what medium to boot from > > > >2) the operating system boot from the selected medium > > > >So when it comes to the Single user password, itis already at stage 2) > >it has passed the stage 1 (booting from hard disk ofr CD) without > >password. > > > >Olivier > > > > So, it means, that I should take the following steps > > 1. Password on BIOS > 2. Change the order of booting i.e. When system is installed and working > once, then I just the change the Booting FIRST from HardDisk. > 3. Put the password on Single User mode. As I said, you can beat that by removing the system battery or flash memory. > > So, what more? Do you people think that I have got somehow security barrier > for unauthorized access? The only real security is to totally prevent access. If that machine is in a place where you do not trust those who can touch it, then it is insecure. jerry > > > > -- > Thanks! > > BR / vj > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Thu, Nov 23, 2006 at 09:56:23AM +0100, VeeJay wrote: > So, does it mean that Windows 2003 Server provides more Password Level > Security with Unauthorized Access? > > And how can one into the System by booting from a CD if it still requires > the Password even in Single User mode? You just go to fixit mode - where you are running from the CD and not the installed OS and then rewrite any file that limits your access and then reboot again. jerry > > > > On 11/22/06, Jerry McAllister <[EMAIL PROTECTED]> wrote: > > > >On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: > > > >> Hi > >> > >> I need to secure my data and server. Any advice will be highly > >appreciated. > >> > >> I am going to place my FreeBSD server at a shared place? > >> > >> I am just afraid that any unauthorized person might boot machine in > >single > >> user mode and steal the data? > >> How can I make my Server secure that if if boots in single user mode, it > >> still demands the password and without password one cannot do anything? > >> or make it possible that booting in Single user mode, doesn't provide > >any > >> shell? > > > >Lock it in a box. Anyone who can put their hands physically can > >get in to the machine with a little tinkering even if you disable > >lots of software. > > > >I think you can get rid of the single user option in the boot, > >but anyone with a CD can defeat that if they want to. It would > >make things harder for yourself in managing the system, but it > >would slow a person down from casual interference. > > > >Also, many machines have BIOS level boot passwords that can be turned > >on. Using that would slow a person down, but be annoying for youself, > >especially in times such as power failures - the system would not come > >back up automatically without someone entering the BIOS password. > > > >Plus, if a person is determined enough, they can defeat that as well > >by removing the battery backup for the MB or the flash memory. But, > >it would stop casual tinkering. > > > >jerry > > > >> > >> Thanks in advance > >> > >> -- > >> > >> BR / vj > >> ___ > >> freebsd-questions@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to " > >[EMAIL PROTECTED]" > > > > > > -- > Thanks! > > BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
VeeJay wrote: > On 11/23/06, Olivier Nicole <[EMAIL PROTECTED]> wrote: > > > > > And how can one into the System by booting from a CD if it still > > > requires the Password even in Single User mode? > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > Booting in single or multi user mode is at Operating system level. > > > > Booting is in the following order: > > > > 1) BIOS select what medium to boot from > > > > 2) the operating system boot from the selected medium > > > > So when it comes to the Single user password, itis already at stage 2) > > it has passed the stage 1 (booting from hard disk ofr CD) without > > password. > > > > Olivier > > > > So, it means, that I should take the following steps > > 1. Password on BIOS > 2. Change the order of booting i.e. When system is installed and working > once, then I just the change the Booting FIRST from HardDisk. > 3. Put the password on Single User mode. > > So, what more? Do you people think that I have got somehow security barrier > for unauthorized access? Not much. Default FreeBSD install has two more places where one can influence booting with console access - boot blocks and loader. To disable the access to OK prompt of boot blocks create file /boot.config with '-n'. To disable access to loader put autoboot_delay="-1" and beastie_disable=YES into /boot/loader.conf. You can also instead put password=... into it and the loader will then require password to allow access to it. Michal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Thu, 23 Nov 2006 09:56:23 +0100 VeeJay <[EMAIL PROTECTED]> wrote: > So, does it mean that Windows 2003 Server provides more Password Level > Security with Unauthorized Access? Where is this presumption coming from? Windows OS suffer from the same difficulty protecting from physical intrusion that any other OS does. > And how can one into the System by booting from a CD if it still requires > the Password even in Single User mode? > > > > On 11/22/06, Jerry McAllister <[EMAIL PROTECTED]> wrote: > > > > On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: > > > > > Hi > > > > > > I need to secure my data and server. Any advice will be highly > > appreciated. > > > > > > I am going to place my FreeBSD server at a shared place? > > > > > > I am just afraid that any unauthorized person might boot machine in > > single > > > user mode and steal the data? > > > How can I make my Server secure that if if boots in single user mode, it > > > still demands the password and without password one cannot do anything? > > > or make it possible that booting in Single user mode, doesn't provide > > any > > > shell? > > > > Lock it in a box. Anyone who can put their hands physically can > > get in to the machine with a little tinkering even if you disable > > lots of software. > > > > I think you can get rid of the single user option in the boot, > > but anyone with a CD can defeat that if they want to. It would > > make things harder for yourself in managing the system, but it > > would slow a person down from casual interference. > > > > Also, many machines have BIOS level boot passwords that can be turned > > on. Using that would slow a person down, but be annoying for youself, > > especially in times such as power failures - the system would not come > > back up automatically without someone entering the BIOS password. > > > > Plus, if a person is determined enough, they can defeat that as well > > by removing the battery backup for the MB or the flash memory. But, > > it would stop casual tinkering. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Thu, 23 Nov 2006 10:45:19 +0100 VeeJay <[EMAIL PROTECTED]> wrote: > On 11/23/06, Olivier Nicole <[EMAIL PROTECTED]> wrote: > > > > > And how can one into the System by booting from a CD if it still > > > requires the Password even in Single User mode? > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > Booting in single or multi user mode is at Operating system level. > > > > Booting is in the following order: > > > > 1) BIOS select what medium to boot from > > > > 2) the operating system boot from the selected medium > > > > So when it comes to the Single user password, itis already at stage 2) > > it has passed the stage 1 (booting from hard disk ofr CD) without > > password. > > > > Olivier > > > > So, it means, that I should take the following steps > > 1. Password on BIOS > 2. Change the order of booting i.e. When system is installed and working > once, then I just the change the Booting FIRST from HardDisk. > 3. Put the password on Single User mode. > > So, what more? Do you people think that I have got somehow security barrier > for unauthorized access? Physically _LOCK_ the server up. Anyone who can get physical access to the unit can remove the drive and access it from another machine, bypassing all this stuff. Another option is to encrypt the hard drives, but this will require you (or someone else) to enter the password for the encrypted drives every time the system boots up, so it's generally a maintenance nightmare. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On 11/23/06, Olivier Nicole <[EMAIL PROTECTED]> wrote: > And how can one into the System by booting from a CD if it still > requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier So, it means, that I should take the following steps 1. Password on BIOS 2. Change the order of booting i.e. When system is installed and working once, then I just the change the Booting FIRST from HardDisk. 3. Put the password on Single User mode. So, what more? Do you people think that I have got somehow security barrier for unauthorized access? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
> And how can one into the System by booting from a CD if it still > requires the Password even in Single User mode? Booting from CD, floppy or hard disk is slected at BIOS level. Booting in single or multi user mode is at Operating system level. Booting is in the following order: 1) BIOS select what medium to boot from 2) the operating system boot from the selected medium So when it comes to the Single user password, itis already at stage 2) it has passed the stage 1 (booting from hard disk ofr CD) without password. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
So, does it mean that Windows 2003 Server provides more Password Level Security with Unauthorized Access? And how can one into the System by booting from a CD if it still requires the Password even in Single User mode? On 11/22/06, Jerry McAllister <[EMAIL PROTECTED]> wrote: On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: > Hi > > I need to secure my data and server. Any advice will be highly appreciated. > > I am going to place my FreeBSD server at a shared place? > > I am just afraid that any unauthorized person might boot machine in single > user mode and steal the data? > How can I make my Server secure that if if boots in single user mode, it > still demands the password and without password one cannot do anything? > or make it possible that booting in Single user mode, doesn't provide any > shell? Lock it in a box. Anyone who can put their hands physically can get in to the machine with a little tinkering even if you disable lots of software. I think you can get rid of the single user option in the boot, but anyone with a CD can defeat that if they want to. It would make things harder for yourself in managing the system, but it would slow a person down from casual interference. Also, many machines have BIOS level boot passwords that can be turned on. Using that would slow a person down, but be annoying for youself, especially in times such as power failures - the system would not come back up automatically without someone entering the BIOS password. Plus, if a person is determined enough, they can defeat that as well by removing the battery backup for the MB or the flash memory. But, it would stop casual tinkering. jerry > > Thanks in advance > > -- > > BR / vj > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " [EMAIL PROTECTED]" -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On 11/22/06, VeeJay <[EMAIL PROTECTED]> wrote: Thanks Jeff... But does this encryption affects on Disk Speed or Performance for Data Access/Read/Write? On 11/22/06, Jeff Hinrichs - DM&T <[EMAIL PROTECTED]> wrote: > Although I haven't used either, gbde and geli are possible methods. > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html > As I stated before, I haven't used either so I am in no way an authoritative source, but in general anytime you do additional processing in the data channel, some penalty is going to be incurred. I am sure there are things that can be done to mitigate this penalty to a degree (i.e. offloading encryption operations to an add-in card) but only you can be the judge if the trade off is a good one. -Jeff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: > Hi > > I need to secure my data and server. Any advice will be highly appreciated. > > I am going to place my FreeBSD server at a shared place? > > I am just afraid that any unauthorized person might boot machine in single > user mode and steal the data? > How can I make my Server secure that if if boots in single user mode, it > still demands the password and without password one cannot do anything? > or make it possible that booting in Single user mode, doesn't provide any > shell? Lock it in a box. Anyone who can put their hands physically can get in to the machine with a little tinkering even if you disable lots of software. I think you can get rid of the single user option in the boot, but anyone with a CD can defeat that if they want to. It would make things harder for yourself in managing the system, but it would slow a person down from casual interference. Also, many machines have BIOS level boot passwords that can be turned on. Using that would slow a person down, but be annoying for youself, especially in times such as power failures - the system would not come back up automatically without someone entering the BIOS password. Plus, if a person is determined enough, they can defeat that as well by removing the battery backup for the MB or the flash memory. But, it would stop casual tinkering. jerry > > Thanks in advance > > -- > > BR / vj > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
I've used geli to encrypt my swap partition following the instructions in the handbook and it went quite well. If you really need to secure the data on the machine, mark the terminal as insecure and encrypt all the disks, including swap. Keep in mind though, that no system is completely secure. It may be secure enough, but there is *always* a way in for the determined individual. On 11/22/06, Jeff Hinrichs - DM&T <[EMAIL PROTECTED]> wrote: Although I haven't used either, gbde and geli are possible methods. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- I'm nerdy in the extreme and whiter than sour cream ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
Although I haven't used either, gbde and geli are possible methods. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
On 11/21/06, Russell E. Meek <[EMAIL PROTECTED]> wrote: Quoting VeeJay <[EMAIL PROTECTED]>: > Hi > > I need to secure my data and server. Any advice will be highly appreciated. > > I am going to place my FreeBSD server at a shared place? > > I am just afraid that any unauthorized person might boot machine in single > user mode and steal the data? > How can I make my Server secure that if if boots in single user mode, it > still demands the password and without password one cannot do anything? > or make it possible that booting in Single user mode, doesn't provide any > shell? > > Thanks in advance > > -- > > BR / vj > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" BR, Edit /etc/ttys and look for the following line: # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console noneunknown off secure Change "secure" to "insecure" (no quotes) this will require the root password to be entered when booting into Single User Mode. Thanks, Russ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" If the box isn't physically secured then this is just blowin in the wind. Short of fully encrypted disks that require a token/password at boot, there isn't any security in this kind of environment. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
Quoting VeeJay <[EMAIL PROTECTED]>: Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Thanks in advance -- BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" BR, Edit /etc/ttys and look for the following line: # If console is marked "insecure", then init will ask for the root password # when going to single-user mode. console noneunknown off secure Change "secure" to "insecure" (no quotes) this will require the root password to be entered when booting into Single User Mode. Thanks, Russ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
Quoting VeeJay <[EMAIL PROTECTED]>: Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Thanks in advance -- BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" BR, Edit /etc/ttys and look for this: # If console is marked "insecure", then init will ask for the root password when going to single-user mode. console noneunknown off secure Change ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Password Security
> I am going to place my FreeBSD server at a shared place? > > I am just afraid that any unauthorized person might boot machine in single > user mode and steal the data? If the data are so sensible, do notplace the machine in a shared location. One could reboot in single mode, or just stop the machine and remove the hard disk to analyze it at his own pace. Single user password tends to give a false sense of security, if one has physical access to the machine, consider he has open access to the data stored on the machine. best regards, olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Password Security
Hi I need to secure my data and server. Any advice will be highly appreciated. I am going to place my FreeBSD server at a shared place? I am just afraid that any unauthorized person might boot machine in single user mode and steal the data? How can I make my Server secure that if if boots in single user mode, it still demands the password and without password one cannot do anything? or make it possible that booting in Single user mode, doesn't provide any shell? Thanks in advance -- BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"