[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crypting a whole filesystem or directory?

>>> linux (unix) is a quite secure system. But if somebody can get directly
>>> to the server-computer, then it is easy to reboot computer to dos with a
>>> boot disk, and use 2e-filesystem tools to get all files they want, like
>>> shadowed password file, or any other only root-readable files.
>> It can be done much easier, just put the linux boot disk (from any
>> distribution) into the floppy, reboot the system, then mount
>> the hard disk from the root's shell and the whole HD is yours without
>> using any other OS !!!
>You can avoid this on many computers by disabling the "boot from floppy"
>option in the BIOS and protect your BIOS by a password. Most recent PCs
>moreover have the option for a special boot password in their BIOS to
>prevent booting by unauthorized persons at all. However this does not
>help if someone will takeoff the hard-disk from your server.

Or, just short the jumper to clear the CMOS out.  Then, just re-autodetect
everything and you're set to go.

Short of encrypting the filesystem itself, I have yet to find a way to
secure things under Linux....  But if anyone has any ideas, I'd be *more*
than glad to hear them....

Kevin Traas

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: