[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ***HUGE*** security hole??!! (Re: Lost root passwd)

On Sat, 10 Oct 1998, Shaleh wrote:

> But people can always yank the power cord.  Follow Paul's advice -- make the
> machine physically in-accessible.  Lock it, fence it in, whatever.  Locking
> racks is also nice.  That way people can't even see the machine, just a big
> cabinet.
> What if it is a workstation in a lab?  Then disable as much as you can.  Make
> sure bios is safe if it is a x86 box.  This is why real workstations are nice
> -- they are much more secure than x86 PC's.

It's a matter of threat assessment and the value of what you are
protecting. We can get paranoid and put gun towers on every corner of our
homes because someone might want to interrupt power and communications to
our personal linux server. Recently, I was reading about these smart card
devices that have emergency erase features. The idea is that banking PIN
numbers might be stored unencrypted in a little vault. Only encrypted data
is transmitted on the connecting cables. If someone tries to tamper with
the vault or the cards, the contents are erased. It sounds extreme and
there is probably a weakness somewhere outside the vault, anyway.

In the 1980's there were quick-remove hard drive carriers being used at
certain government locations. The idea was to lock it up when not in use,
but in one of those safes that always has explosives ready to destroy the
contents if the facility was being captured. Please don't try this at

+ Paul Wade                         Greenbush Technologies Corporation +
+ mailto:paulwade@greenbush.com              http://www.greenbush.com/ +

Reply to: