Re: security for a home system
Douglas Allan Tutty wrote in Article <[🔎] 20070421193021.GA12585@titan> posted
to gmane.linux.debian.user:
> On Sat, Apr 21, 2007 at 09:14:27PM +0200, Joe Hart wrote:
>> Douglas Allan Tutty wrote:
>> > Reflecting on recent posts re allowing root login (related, but I
>> > didn't want to steal the thread), I'm wondering about a home network
>> > and what
>> > to bother with. There's a touch of devil's advocate in this but the
>> > concept that physical access == root access causes one to wonder.
>>
>> Well, if you consider that, you also might want to consider making sure
>> the systems cannot boot from a CD, USB or anything else than the HD
>> where Debian is installed and make sure that the BIOS has a password
>> protect to prevent someone from changing this. Because if someone with
>> a liveCD comes along, all the strong passwords you want won't save your
>> data.
>
> Right, but someone on a recent thread argued that securing the bios is
> useless since physical access to the box means that they can get root
> access anyway.
You can make that tricky with a Master lock using the lock loop on the case
door. Granted, on most cases, this will make the lock the strongest link
in a weak chain (given how flimsy most cases are relative to tinsnips).
>> That is what I do, but I make sure that the internet is down when I do
>> that, so there is no chance of someone coming in, or anything going out
>> while I am backing up, just a safety precaution. One can never be too
>> careful.
>
> How does running a backup as root make it more likely that someone can
> come in from the net and get root?
Covert execution of arbitrary tasks? Though in every scenario I can think
of this coming up, the machine is already compromised to the point where
doing such a thing would be moot.
--
Paul Johnson
Email and IM (XMPP & Google Talk): baloo@ursine.ca
Reply to: