[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: securing an Ubuntu box in a shared office?

Anonymous Sender wrote:
> I know that anyone who can get into a computer can make it insecure
> (by putting the hard drive in another machine or taking the mo/board
> battery out to clear the bios password), but what are the steps I can
> realistically take to make a computer in a shared office secure?  I
> can only think of these two:
> 1. set a BIOS password
> 2. set a GRUB password so no-one else can boot it into single-user
>    mode
> Anything else?


A few suggestions:

1. Please be a man (or a woman or whatever gender you choose) and
actually post from a real email address with a real name.
2. This is not an Ubunutu support forum, but rather for Debian (yes I
know that Ubuntu is Debian-based, but they do have their own support

As to your problem:

Use an encrypted filesystem that requires a passphrase on boot.  The
advantage is that if the machine is shut down (whic is a necessity to
remove the drive), the hard drive cannot be accessed again without a
passphrase.  If your passphrase is sufficiently long and complex and you
choose a filesystem with a good encryption algorithm, then it can take
decades for someone to crack it.  The disadvantage is that you *must* be
physically present to provide the passphrase if the machine is rebooted.
 This may not be a problem if you physically work in the office where
these machines reside or if there is someone you can trust there.
However, if you provide remote supoprt for these machines, that my not
be such a good idea.


Roberto C. Sanchez

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: