Re: Hardware advice: seeking echoes of running Linux-PC clusters
Don Gaffney said:
> Date: Tue, 30 Apr 1996 14:11:28 -0400 (EDT)
> From: Don Gaffney <email@example.com>
> Subject: Re: Hardware advice: seeking echoes of running Linux-PC clusters
> To: Neil Turton <firstname.lastname@example.org>
> Cc: email@example.com, firstname.lastname@example.org
> On Tue, 30 Apr 1996, Neil Turton wrote:
> > Lukas Nellen <email@example.com> wrote:
> > > >From the point of view of security, do you really need a diskless
> > > system? If you set a bios password, set the bios to boot only from C
> > > and make sure that a password is required to enter single user mode,
> > > wouldn't that be just as secure? Or is there a loophole which I
> > > missed (not having tried this type of setup)?
> There are programs available on the net which will cause a BIOS checksum
> error. At bootup this error will allow the intruder into the BIOS setup
> without a password (BIOS defaults are taken).
This is a solvable problem. Igel Ltd. [See ad in Linux Journal] has a
diskless PC running Linux they call an "Etherminal". It doesn't have
regular BIOS installed - embedded Linux kernel in EEPROMs instead.
> The intruder can then boot off of a floppy and access the machine regardless
> of any OS security. NT, which is heralded as "C2 secure", and its NTFS
> file systems are just as susceptible as any Linux or DOS/Windows box.
Etherminal also doesn't have a floppy drive, either.
> If you can't secure the machine, you can't secure the system. You can
> still secure information through encryption however.
The only secure house is one with no doors or windows. Having systems in
userland is inevitable - though I've never seen the logic of giving floppy
drives to every user. Especially in the virus-ridden world of DOS and
Windows. Just doesn't make sense.
> Our own Senator Leahy (D-VT) has recently proposed that almost everything
> be encrypted; S.1587 is sort of an encryption "Bill of Rights." Maybe
> someday (soon?) we will be able to put all this export/import munitions
> ban garbage behind us.
Don't hold your breath. We'd need to get a Libertarian in the White-house
first, and that's going to take us a few more years.
> Don Gaffney (http://www.emba.uvm.edu/~gaffney)
> Engineering, Mathematics & Business Administration Computer Facility
> University of Vermont - 237 Votey Building - Burlington, VT 05405
> (802) 656-8490 - Fax: (802) 656-8802
Chuck Stickelman, Owner E-Mail: <firstname.lastname@example.org>
Practical Network Design Voice: (419) 529-3841
9 Chambers Road FAX: (419) 529-3625
Mansfield, OH 44906-1302 USA