[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems with root on network clients

... verify the recipient Luke before pressing the "send" button ;-)

"J-E.Schulz" wrote:
> Hi,
> as long as the server machines resides in a _really_
> restricted area (e.g. a machine room which may by
> physically accessed only by trusted staff members)
> You may have the chance to securly detect any physical
> intrusion to the exposed clients.
> You may use a network boot server, suppling each client
> the / and /etc directory. They may reside on a clients
> ramdisk or overwriteable hard-disk partition.
> Require the clients to do their IP configuration via
> DHCP or BOOTP, and if security is really a concern
> ensure that the server supervise the reachability of
> each client (e.g. ping each machine every 10 seconds)
> and set them on a deny list (e.g. ipchains/iptables input
> queue), if they don`t answer.
> So since rebooting manually, requires time (more than 10 seconds)
> the physical intusion gets dectected and the offending
> machine gets banned from further access to (any, when
> get informed)  other server or client on your local network.
> hope this helps, yours
>         J-E

Reply to: