Re: secure boot/system; was Hardware advice
On Tue, 30 Apr 1996, Jay Carlson wrote:
> > There are programs available on the net which will cause a BIOS checksum
> > error. At bootup this error will allow the intruder into the BIOS setup
> > without a password (BIOS defaults are taken).
>
> How do you run these programs under Debian?
I don't know. The ones I've seen have been DOS binaries; perhaps DOSEMU
would work.
>
> > The intruder can then boot off of a floppy and access the machine regardless
> > of any OS security. NT, which is heralded as "C2 secure", and its NTFS
> > file systems are just as susceptible as any Linux or DOS/Windows box.
>
> > If you can't secure the machine, you can't secure the system. You can
> > still secure information through encryption however.
>
> As long as you've secured the keys as well.
Ayup. Strong encryption isn't much good if you have 'xhost +' in your
startup script. In fact, I do my en/decrypting on a PC, is there a really
secure way to do it on a UNIX multiuser system? Is SSH sound enough for this?
Didn't someone mention they were going to make a Debian SSH package?
BTW, the Leahy bill makes the designation of a key holder (key escrow)
strictly voluntary.
_____________________________________________________________________
Don Gaffney (http://www.emba.uvm.edu/~gaffney)
Engineering, Mathematics & Business Administration Computer Facility
University of Vermont - 237 Votey Building - Burlington, VT 05405
(802) 656-8490 - Fax: (802) 656-8802
Reply to: