Re: security for a home system

To: debian-user@lists.debian.org
Subject: Re: security for a home system
From: Douglas Allan Tutty <dtutty@porchlight.ca>
Date: Sat, 21 Apr 2007 15:30:21 -0400
Message-id: <[🔎] 20070421193021.GA12585@titan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 462A6293.5030903@orange.nl>
References: <[🔎] 20070421174918.GA10236@titan> <[🔎] 462A6293.5030903@orange.nl>

On Sat, Apr 21, 2007 at 09:14:27PM +0200, Joe Hart wrote:
> Douglas Allan Tutty wrote:
> > Reflecting on recent posts re allowing root login (related, but I didn't
> > want to steal the thread), I'm wondering about a home network and what
> > to bother with.  There's a touch of devil's advocate in this but the
> > concept that physical access == root access causes one to wonder.
> 
> Well, if you consider that, you also might want to consider making sure
> the systems cannot boot from a CD, USB or anything else than the HD
> where Debian is installed and make sure that the BIOS has a password
> protect to prevent someone from changing this.  Because if someone with
> a liveCD comes along, all the strong passwords you want won't save your
> data.  

Right, but someone on a recent thread argued that securing the bios is
useless since physical access to the box means that they can get root
access anyway.  Right now, my box has an administrator password set for
accessing the bios but unless I set a power-on password, anyone can hit
F8 and get a boot menu.  Even with the bios password set, I guess
someone could pop the bios battery; or do such settings get put in NV to
survive a removed battery.  I don't really want to test this on my main
box (maybe next time I reinstall...).

> Now encrypting it all might save you, but do you really need to
> go that far?  I guess this is what you mean by hyper vigilance.
> 
> > If ssh isn't even listening on external interfaces, does it matter if I
> > allow root to ssh (useful for rsyncing backups between the boxes)?
> > 
> > Why bother to rsync instead of just nfs mounting the backup repository?
> > 
> 
> If you are positive there are no ways into the computer through your
> internet connections, then nfs is fine.  For a closed system, there is
> no problem.
> 
> > If I need to run a backup, other than it being 'proper', why not just
> > login as root instead of myself and su?
> 
> That is what I do, but I make sure that the internet is down when I do
> that, so there is no chance of someone coming in, or anything going out
> while I am backing up, just a safety precaution.  One can never be too
> careful.
> 

How does running a backup as root make it more likely that someone can
come in from the net and get root?

Doug.

Reply to:

Follow-Ups:
- Re: security for a home system
  - From: Joe Hart <j.hart@orange.nl>
- Re: security for a home system
  - From: Paul Johnson <baloo@ursine.ca>

References:
- security for a home system
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>
- Re: security for a home system
  - From: Joe Hart <j.hart@orange.nl>

Prev by Date: Re: Oh, yeah: Unable to switch to TTY from X
Next by Date: root on LVM problem on etch
Previous by thread: Re: security for a home system
Next by thread: Re: security for a home system
Index(es):
- Date
- Thread