[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Protecting root security

On Wed, May 19, 1999 at 01:13:55PM +0200, Marek Habersack wrote:
> * Ben Collins said:
>
>
> > from this type of access is to use some sort of secure fs (cfs and
> > secure loop devices with encryption come to mind), also check into sfs
> > (sorry, no URL's for these). This has a downfall of the fact that the
> > machine cannot boot without user interaction (some one to authenticate
> > or supply the password for the filesystem).
> Isn't that too much ado? No physical access is the cure - serious approach
> to security requires NO PHYSICAL ACCESS to the server machine.

Tell that to people who have their servers in a co-located isp. My
server does not have a floppy, but my tape backup is piped through mcrypt
so no one can just grab the tape and pull out all of my secure files.
Remember, a trusted physical environment is not always present.

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <bcollins@debian.org>                        Debian GNU/Linux
OpenLDAP Dev - bcollins@openldap.org     The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --
Reply to: