Re: Protecting root security
On Wed, May 19, 1999 at 01:13:55PM +0200, Marek Habersack wrote:
> * Ben Collins said:
>
>
> > from this type of access is to use some sort of secure fs (cfs and
> > secure loop devices with encryption come to mind), also check into sfs
> > (sorry, no URL's for these). This has a downfall of the fact that the
> > machine cannot boot without user interaction (some one to authenticate
> > or supply the password for the filesystem).
> Isn't that too much ado? No physical access is the cure - serious approach
> to security requires NO PHYSICAL ACCESS to the server machine.
Tell that to people who have their servers in a co-located isp. My
server does not have a floppy, but my tape backup is piped through mcrypt
so no one can just grab the tape and pull out all of my secure files.
Remember, a trusted physical environment is not always present.
--
----- -- - -------- --------- ---- ------- ----- - - --- --------
Ben Collins <bcollins@debian.org> Debian GNU/Linux
OpenLDAP Dev - bcollins@openldap.org The Choice of the GNU Generation
------ -- ----- - - ------- ------- -- ---- - -------- - --- ---- - --
Reply to: