[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: to allow root logins or not?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/21/07 12:25, Greg Folkert wrote:
[snip]
> 
> If they have the console, they can and will be able to compromise the
> machine NO MATTER the steps you have taken on the machine level.
> 
> Keeping an attacker away from the CONSOLE is the ONLY way to keep them
> from compromising the machine through physical attacks. If they can
> touch the keyboard and have physical access to the machine's
> internals... There is literally no amount of measures you can take to
> keep them out of the machine.

I have to *slightly* disagree.

Keyboard-only access (where the hardware is in a secure cage) when
the attacker does not know the root password leaves you in the same
position as if he were telneting in.

> There is one measure that (nearly) always works... LOCKED DOORS to a
> secure facility. If you have to have people in and out of the facility,
> you better have some kind of access control in place with logging (and
> cameras).

But companies have been doing that forever, no?

- --
Ron Johnson, Jr.
Jefferson LA  USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGKk8sS9HxQb37XmcRAn+uAKCwXORgoaoCwmNZprm5VntyCCiMUQCdFh6z
kjJOFw6z2b+FNaa2zruNdrI=
=k2GK
-----END PGP SIGNATURE-----
Reply to: