Yet another Linux on the desktop article
Brian Densmore
DensmoreB at ctbsonline.com
Mon Aug 2 15:25:27 CDT 2004
> -----Original Message-----
> From: Brian Kelsay
> partition. They still need permission to do this. As has
> been said, if a person has physical access to a machine and
> either a boot floppy or LiveCD, the box can be 0wned in a
> matter of moments. Knoppix might take a bit longer due to
> its long boot time, unless I were to boot directly to the CLI.
Well how long it takes to 0wn a machine depends on whether or not
the filesystem is encrypted, and other factors. It's quite possible to
build fairly secure desktops that it would take quite a bit of
effort to 0wn and still be user friendly. Some possible configurations
are:
1) Burn Linux into a EEPROM and cut the trace to prevent "accidental" rewriting.
2) Install the base system on a small older HD and disable the write pin on the
HD or connector.
3) install Linux on a memory stick and make it read only.
4) Install Linux on a CD and run it from there.
Each of the above solutions of course means having a "user" HD for storing dynamic
data. Of course this won't stop a determined cracker, but will knock out most all
of the script kiddies and also has the advantage of requiring physical access to the
machine to 0wn it. That is not to say that a crafty cracker couldn't install a Trojan in
to RAM, but if any of the above options was configured correctly a monitoring program
would detect and remove such programs.
More information about the Kclug
mailing list