[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian 2.2 and security - SecurityPortal article



On Thu, 31 Aug 2000, Olaf Meeuwissen wrote:
> Edited /etc/hosts.deny to read ALL:ALL to boot.  This should perhaps

You probably want to add portmap: ALL to /etc/hosts.deny as well, just in
case. ALL: ALL does not handle the portmapper for some reason.

> Change your BIOS settings to only boot from the internal disk and
> password protect it.  On my system I have such a setup and require a

[...]

BIOSes are very easy to erase, you know. Some are even stupid enough to have
'master key' passwords. You really need to keep the machine behind a locked
door (or in a special locked case) if you can't trust everyone who gets near
it. Otherwise, it won't hold even a reasonably tech-savy 10 year old (read
proto-hardware-hacker) that manages to stay 5 minutes alone near the machine
in possession of some tools and a small resistor (if he's a nice kid) or
piece of wire (if he's a not-so-nice kid or likes sparks) :-)

(and if said 10-year-old likes to read stuff such as "Zen and the art of
lockpicking", a locked door and case might not be enough...)

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Attachment: pgp8yPsZDVPub.pgp
Description: PGP signature


Reply to: