Matthew R. Dempsky wrote:
On Mon, Mar 13, 2006 at 06:35:06AM +0000, Chris Lale wrote:And I thought that Debian was so secure!To change the root password as Florian described, you need physical access to the machine, which most attackers lack. If you are concerned, you can set a password in lilo or grub.
Indeed, it is impossible to defend against someone with physical access to the machine. You can make it more difficult by setting a bootloader password and disabling booting from CDROM etc. in the BIOS (which should then be password-protected as well). However, a determined attacker with full physical access can always take out the harddrive and analyze it elsewhere. The next level would be to encrypt your home directory and maybe also the root and swap partition to protect sensitive data. I seem to remember reading somewhere that this will become an option in one of the next versions of the Debian installer. Finally, if you are worried about a determined attacker who might get physical access to the person who knows the passwords and encryption passphrases, then you need encryption with built-in deniability (steganography). And maybe a cyanide capsule. This tape will self-destruct in five seconds. Good luck, Jim. (All joking aside, steganographic filesystems are important, for example for human rights organizations working in countries with oppressive regimes.) Regards, Florian