>Earlier, Bill asked about user security with a kiosk Linux system... Sorry, jumping into this thread after having deleted other messages. If this has been mentioned, then ignore:
Anyone with the lack of understanding of risk to use of a public station to ssh to another box is dancing with the devil. (Condemnation of users who would actually use ssh on untrusted machines.) #1 (as I have said many times) ssh does nothing to secure the box in which it is used. SSH is only useful in trying to create a "secure connection over an insecure network." #2 When you run a public box as a Kiosk, the box is likely to be available to many anonymous users. When a new users arrives to use a box for which many other users have has physical access (and worse yet, unsupervised physical access) to use as an authentication point, they must trust not only the creators of the source for the packages, but also the packagers, and the person who built the box and *all* of the people who have touched the box since the OS was installed. Consider the multi-tier process of security vs. comprimise: shell -> local exploit, no shell but physical access -> boot single user mode, password LILO, use external boot media, password BIOS -> short BIOS. With sufficient resources, physical access is a security risk. In the most basic sense, at least a DoS can be completed. #3 Keyboard wedges that record keystrokes can also be placed in-line between the keyboard and the CPU. They can be small enough to often go without being noticed. with so much reliance on ssh, there are many of exploits and trojan kits out there for ssh from trojans/wrappers, to local port redirection/piggyback, to conduction of exploits to remote targets. Given a shell, it is also possible to create "time bombs" where the machine will follow directions long after the user who dropped the packageh has logged out-- potentially harming another user. Kiosks are great for demoing web surfing, and GUI but testing ssh to trust remote machines from untrusted local machines is risky. I consider encouraging people to ssh from untrusted machine to be *almost* as bad as using gpg from a shell on an untrusted machine (gpg with keys and ID that is used by others as part of the Web of Trust.) It is because of my lack of trust for how ssh is installed and used on untrusted machines that I installed SquirrelMail to check my mail (and sync it to a different password DB than my shell with different authentication credentials.) If someone steals my webmail credentials, they can see my unencrypted mail, but at least they can shell to my box. (The problems above exist for other OS used as Kiosks. For example, these apply to windows software, but in addition there are more risks with windows than I list above.) (Maybe, if someone can get me a ride out to LUGOD over the summer, I might be able to do a brief presentation on SquirrelMail with courier imap... or if there are other SM users who are up for it, combine with them and team up to offer a presentation on it.) Again, the above having been said, Kiosks are *great* tools for showing people the excellent advantages of Linux. They are excellent tools for demonstration and giving people opportuinity to feel something of the OS. Counter measures including having Kiosks that are client-server based and netboot with the Kiosk unit mounting and NFS root that is read-only and a server that is physically secured. The user must still trust the installer of the OS, and the packagers as well as coders. There is also risk for keyboard wedges, shoulder surfing and other similar attacks, but since the client netboots, the HD, CDROM, DVD, and floppy drive can be physically removed, custom kernels can further disable port access (firewire, usb, serial, parallel) and the BIOS can be down-graded to not support other booting hardware. Also, netboot permits many, many clients to all share one server. -ME _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech