-----Original Message-----
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, May 06, 1998 4:11 PM
Subject: Re: Single user mode
> OTOH, that's the reason most *nix boxes are in a modestly secure
>location. One easy way to solve that problem is to remove the keyboard
>and monitor from the server, so that you cannot interact with the machine
>from it's physical location without a bit of work.
It's a fundamental principle of computer security that physical security is
AT LEAST as important as any other kind of security, and no computer is
truly secure if it's not physically secure.
Even O'Reilly's "Computer Security Basics", in it's discussion of
vulnerabilities in the introduction, lists "Physical Vulnerabilites" first.
Any machine that can be physically accessed has many of it's safeguards
subject to easy nullification.
If data isn't encrypted, it can be read from hard drives easily, no matter
what the operating system or file system format, assuming someone has taken
the time to write the right programs or can boot the operating system from
some other medium than the "secured" hard drive.
Linux can boot from a floppy. It doesn't matter *WHAT* your security
precautions are, if they can be bypassed merely by sticking a floppy in a
drive.
And removing the floppy doesn't help, if they have a screwdriver and another
floppy drive...
The best cure for all this is a locked room and a server that sits in plain
view of a trusted human. There's no substitute for this.
Ideally, I'd have my servers built into my chair, and I'd take them home
with me in the evenings. :-)
A pitbull with AIDS chained to them during the evenings would be a close
second.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
