Re: Debian 2.2 and security - SecurityPortal article
Henrique M Holschuh <hmh+debianml@rcm.org.br> writes:
> On Thu, 31 Aug 2000, Olaf Meeuwissen wrote:
> > Edited /etc/hosts.deny to read ALL:ALL to boot.
>
> You probably want to add portmap: ALL to /etc/hosts.deny as well,
> just in case. ALL: ALL does not handle the portmapper for some
> reason.
In an earlier incarnation of the same machine (running potato when it
was still frozen) I had to enable the portmapper in /etc/hosts.allow
to get NFS mounts to work. Looks like ALL:ALL covers portmap.
> > Change your BIOS settings to only boot from the internal disk and
> > password protect it.
>
> BIOSes are very easy to erase, you know. Some are even stupid enough
> to have 'master key' passwords. You really need to keep the machine
> behind a locked door (or in a special locked case) if you can't
> trust everyone who gets near it. Otherwise, it won't hold even a
> reasonably tech-savy 10 year old (read proto-hardware-hacker) that
> manages to stay 5 minutes alone near the machine in possession of
> some tools and a small resistor (if he's a nice kid) or piece of
> wire (if he's a not-so-nice kid or likes sparks) :-)
I know BIOS passwords are not super-secure, but at least it will make
it a fair bit more difficult for our average computer user to screw up
the system. Putting the machine behind locked doors is not an option.
--
Olaf Meeuwissen Epson Kowa Corporation, Research and Development
Reply to: