From: jjk1@ns1.cc.lehigh.edu (Konsultant Josh/fuzzy.happy.green.box) Subject: Re: Linus security/Non root access Date: 22 Aug 1992 00:48:51 GMT
In article <BtCGLp.Kuw@dexter.mi.org>, jsr@dexter.mi.org (Jay S. Rouman) writes:
>This is essentially what Sun does. It's a passworded boot prom, but
>the effect is the same. However, keep in mind that once someone has
>physical access to a machine, most of the security battle is already
>lost. They can always remove the disk drive and move it to another
>machine, if they can't get around your password system. I have been
>taught to make the machine as secure as possible from dialin and
>network attacks and let it go at that. If the bad guy has physical
>access, it's only a matter of time.
Whoa - you're talking an entirely different type of security breach.
I know that here at Lehigh, we have the machines physically bolted and
locked to tables; we had a printer stolen recently, but the people
smashed the entire case and took the insides (in other words, they
didn't get a functional printer). Software security is one thing, but
if your site is such that people can simply walk in, open the machine,
and take the hard drive, you've got an entirely different type of
problem. Booting from floppies then becomes the least of your
worries, no?
--Josh
--
____________------------===========------------____________
from: Josh Kopper
jjk1@lehigh.edu
Computer Engineering, EECS Department, Lehigh University
Systems Programming - Lehigh University Computing Center