[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hardware advice: seeking echoes of running Linux-PC clusters

Don Gaffney said:
> Date: Tue, 30 Apr 1996 14:11:28 -0400 (EDT)
> From: Don Gaffney <gaffney@emba.uvm.edu>
> Subject: Re: Hardware advice: seeking echoes of running Linux-PC clusters
> To: Neil Turton <ndt1001@chu.cam.ac.uk>
> Cc: lukas@teorica0.ifisicacu.unam.mx, debian-user@lists.debian.org
> On Tue, 30 Apr 1996, Neil Turton wrote:
> > Lukas Nellen <lukas@teorica0.ifisicacu.unam.mx> wrote:
> > > >From the point of view of security, do you really need a diskless
> > > system? If you set a bios password, set the bios to boot only from C
> > > and make sure that a password is required to enter single user mode,
> > > wouldn't that be just as secure? Or is there a loophole which I
> > > missed (not having tried this type of setup)? 
> > 
> There are programs available on the net which will cause a BIOS checksum
> error. At bootup this error will allow the intruder into the BIOS setup 
> without a password (BIOS defaults are taken).
This is a solvable problem.  Igel Ltd. [See ad in Linux Journal] has a
diskless PC running Linux they call an "Etherminal".  It doesn't have
regular BIOS installed - embedded Linux kernel in EEPROMs instead.

> The intruder can then boot off of a floppy and access the machine regardless
> of any OS security. NT, which is heralded as "C2 secure", and its NTFS
> file systems are just as susceptible as any Linux or DOS/Windows box.
Etherminal also doesn't have a floppy drive, either.

> If you can't secure the machine, you can't secure the system. You can
> still secure information through encryption however. 
The only secure house is one with no doors or windows.  Having systems in
userland is inevitable - though I've never seen the logic of giving floppy
drives to every user.  Especially in the virus-ridden world of DOS and
Windows.  Just doesn't make sense.

> Our own Senator Leahy (D-VT) has recently proposed that almost everything 
> be encrypted; S.1587 is sort of an encryption "Bill of Rights." Maybe
> someday (soon?) we will be able to put all this export/import munitions 
> ban garbage behind us.
Don't hold your breath.  We'd need to get a Libertarian in the White-house
first, and that's going to take us a few more years.

> _____________________________________________________________________
> Don Gaffney (http://www.emba.uvm.edu/~gaffney)
> Engineering, Mathematics & Business Administration Computer Facility
> University of Vermont - 237 Votey Building - Burlington, VT  05405
> (802) 656-8490 - Fax: (802) 656-8802


Chuck Stickelman, Owner			E-Mail:	<stick@richnet.net>
Practical Network Design		Voice:	(419) 529-3841
9 Chambers Road				FAX:	(419) 529-3625
Mansfield, OH 44906-1302 USA

Reply to: