Matthew R. Dempsky wrote:
On Mon, Mar 13, 2006 at 06:35:06AM +0000, Chris Lale wrote:And I thought that Debian was so secure!To change the root password as Florian described, you need physical access to the machine, which most attackers lack. If you are concerned, you can set a password in lilo or grub.
Indeed, it is impossible to defend against someone with physical access
to the machine. You can make it more difficult by setting a bootloader
password and disabling booting from CDROM etc. in the BIOS (which should
then be password-protected as well). However, a determined attacker with
full physical access can always take out the harddrive and analyze it
elsewhere.
The next level would be to encrypt your home directory and maybe also
the root and swap partition to protect sensitive data. I seem to
remember reading somewhere that this will become an option in one of the
next versions of the Debian installer.
Finally, if you are worried about a determined attacker who might get
physical access to the person who knows the passwords and encryption
passphrases, then you need encryption with built-in deniability
(steganography).
And maybe a cyanide capsule. This tape will self-destruct in five
seconds. Good luck, Jim.
(All joking aside, steganographic filesystems are important, for example
for human rights organizations working in countries with oppressive
regimes.)
Regards,
Florian