Anonymous Sender wrote: > I know that anyone who can get into a computer can make it insecure > (by putting the hard drive in another machine or taking the mo/board > battery out to clear the bios password), but what are the steps I can > realistically take to make a computer in a shared office secure? I > can only think of these two: > > 1. set a BIOS password > > 2. set a GRUB password so no-one else can boot it into single-user > mode > > Anything else? > > Hello, A few suggestions: 1. Please be a man (or a woman or whatever gender you choose) and actually post from a real email address with a real name. 2. This is not an Ubunutu support forum, but rather for Debian (yes I know that Ubuntu is Debian-based, but they do have their own support channels). As to your problem: Use an encrypted filesystem that requires a passphrase on boot. The advantage is that if the machine is shut down (whic is a necessity to remove the drive), the hard drive cannot be accessed again without a passphrase. If your passphrase is sufficiently long and complex and you choose a filesystem with a good encryption algorithm, then it can take decades for someone to crack it. The disadvantage is that you *must* be physically present to provide the passphrase if the machine is rebooted. This may not be a problem if you physically work in the office where these machines reside or if there is someone you can trust there. However, if you provide remote supoprt for these machines, that my not be such a good idea. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
Attachment:
signature.asc
Description: OpenPGP digital signature