Thanks to everyone for such informative responses. This list is like a
school for System Administration. I hope that one day I able to pass on
the knowledge I have gained here. Thanks again
True security must begin with the "Physical Security" of the box itself. One
can remove removable disk drives like CDROM, Floppy, Zip etc but anyone
could still use a paralel port drive etc, but each step you take helps. Just
my two cents.
Ben
* Rune Linding Raun said:
> you can by a REAL server eg Compaq server line which can be locked completely
> and only unlocked by a license disk or a bootpasswd
Yes, that's true, but still the server is incapable of rebootig on it's own
- it still requires human attendance at that process. And it's
you can by a REAL server eg Compaq server line which can be locked completely
and only unlocked by a license disk or a bootpasswd
On 19-May-99 Marek Habersack wrote:
> * Koyote said:
>
>> >so that root password, or some other verification system is required,
>> >before a reinstall is permitted. I
~> From: Ben Collins <[EMAIL PROTECTED]>
~>
~> Leaving it up to the install disk to secure the root partition is
~> impractical. That's like trusting the user with a [Yn] response on "Was
~> the password you entered correct?". The only way to secure a filesystem
~> from this type of access is to u
* Ben Collins said:
> > > machine cannot boot without user interaction (some one to authenticate
> > > or supply the password for the filesystem).
> > Isn't that too much ado? No physical access is the cure - serious approach
> > to security requires NO PHYSICAL ACCESS to the server machine.
>
>
On Wed, May 19, 1999 at 01:13:55PM +0200, Marek Habersack wrote:
> * Ben Collins said:
>
>
> > from this type of access is to use some sort of secure fs (cfs and
> > secure loop devices with encryption come to mind), also check into sfs
> > (sorry, no URL's for these). This has a downfall of the fa
* Koyote said:
> >so that root password, or some other verification system is required,
> >before a reinstall is permitted. It is true that compromising a
> system
> >this way requires unfettered access to the box. However as Linux is
> >used more and more in commercial environments this issue
* David B.Teague said:
> > Doesn't the fact that I can go to any Linux box with an install
> > disk or cd and gain root access mean that the all Linux
> > systems are fundamentally insecure?
>
> Absolutely. Any system to which physical access is allowed, then
> the system is vulnerable to a suff
* Ben Collins said:
> from this type of access is to use some sort of secure fs (cfs and
> secure loop devices with encryption come to mind), also check into sfs
> (sorry, no URL's for these). This has a downfall of the fact that the
> machine cannot boot without user interaction (some one to aut
* [EMAIL PROTECTED] said:
> I suppose it you used cfs (as another poster suggested), you could keep
> someone from reading your disk. But you couldn't keep them from
> wiping it clean with fdisk and being generally destructive.
> I'm not a security guru, but I think it's still one of the most impo
* Tommy Malloy said:
> Doesn't the fact that I can go to any Linux box with an install disk or
> cd and gain root access mean that the all Linux systems are
> fundamentally insecure? Perhaps the install process could be changed
> so that root password, or some other verification system is require
On Tue, 18 May 1999, Tommy Malloy wrote:
> Doesn't the fact that I can go to any Linux box with an install
> disk or cd and gain root access mean that the all Linux
> systems are fundamentally insecure?
Absolutely. Any system to which physical access is allowed, then
the system is vulnerable to
I suppose it you used cfs (as another poster suggested), you could keep
someone from reading your disk. But you couldn't keep them from
wiping it clean with fdisk and being generally destructive.
I'm not a security guru, but I think it's still one of the most important
rules to remember: physical
On Tue, 18 May 1999, Koyote wrote:
> You can setup a computer that is not bootable from cdrom, and remove
> the floppy drive (install it when you need to do a full
> install.)...(and no, I have no idea how to make the cdrom unbootable
> on a linux pc. I'll learn sooner or later.)
For newer PCs, y
>Doesn't the fact that I can go to any Linux box with an install disk
or
>cd and gain root access mean that the all Linux systems are
>fundamentally insecure? Perhaps the install process could be
changed
>so that root password, or some other verification system is required,
>before a reinstall is
On Tue, May 18, 1999 at 09:16:35PM -0400, Tommy Malloy wrote:
> Doesn't the fact that I can go to any Linux box with an install disk or
> cd and gain root access mean that the all Linux systems are
> fundamentally insecure? Perhaps the install process could be changed
> so that root password, or
17 matches
Mail list logo
