On Sat, 2007-04-21 at 12:51 -0500, Ron Johnson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/21/07 12:25, Greg Folkert wrote: > [snip] > > > > If they have the console, they can and will be able to compromise the > > machine NO MATTER the steps you have taken on the machine level. > > > > Keeping an attacker away from the CONSOLE is the ONLY way to keep them > > from compromising the machine through physical attacks. If they can > > touch the keyboard and have physical access to the machine's > > internals... There is literally no amount of measures you can take to > > keep them out of the machine. > > I have to *slightly* disagree. > > Keyboard-only access (where the hardware is in a secure cage) when > the attacker does not know the root password leaves you in the same > position as if he were telneting in. VERY FEW places do this anymore. And in any case I said "touch the keyboard and have physical access to the machines internals" > > There is one measure that (nearly) always works... LOCKED DOORS to a > > secure facility. If you have to have people in and out of the facility, > > you better have some kind of access control in place with logging (and > > cameras). > > But companies have been doing that forever, no? Really, only medium to big ones. Many (Most?) small to medium companies I've seen, leave the server out in the open or even have a user using it as a workstation. -- greg, greg@gregfolkert.net Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup
Attachment:
signature.asc
Description: This is a digitally signed message part