Re: to allow root logins or not?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/21/07 12:25, Greg Folkert wrote:
[snip]
>
> If they have the console, they can and will be able to compromise the
> machine NO MATTER the steps you have taken on the machine level.
>
> Keeping an attacker away from the CONSOLE is the ONLY way to keep them
> from compromising the machine through physical attacks. If they can
> touch the keyboard and have physical access to the machine's
> internals... There is literally no amount of measures you can take to
> keep them out of the machine.
I have to *slightly* disagree.
Keyboard-only access (where the hardware is in a secure cage) when
the attacker does not know the root password leaves you in the same
position as if he were telneting in.
> There is one measure that (nearly) always works... LOCKED DOORS to a
> secure facility. If you have to have people in and out of the facility,
> you better have some kind of access control in place with logging (and
> cameras).
But companies have been doing that forever, no?
- --
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGKk8sS9HxQb37XmcRAn+uAKCwXORgoaoCwmNZprm5VntyCCiMUQCdFh6z
kjJOFw6z2b+FNaa2zruNdrI=
=k2GK
-----END PGP SIGNATURE-----
Reply to: