home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.novell
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!darwin.sura.net!sgiblab!newsun!dseeman
- From: dseeman@novell.com (Daniel Seeman)
- Subject: Re: Hack.exe
- Message-ID: <1992Nov23.173652.13931@novell.com>
- Sender: news@novell.com (The Netnews Manager)
- Nntp-Posting-Host: db.sjf.novell.com
- Organization: Novell Inc., San Jose, Califonia
- References: <jdsmith.50.722206331@novell.com> <7212@news.duke.edu> <1992Nov21.110530.22022@novell.com>
- Date: Mon, 23 Nov 1992 17:36:52 GMT
- Lines: 62
-
- In article <1992Nov21.110530.22022@novell.com> donp@novell.com (don provan) writes:
- >In article <7212@news.duke.edu> low00001@bullnext.mc.duke.edu (Richard Low) writes:
- >>Ah, but as Eric J. Schwertfeger pointed out in his follow up posting,
- >>physicall access to a server is the determining factor. Even if the console
- >>is secured, I can kill the power (and probably some files) to bring the
- >>server down. Then all I need is a boot floppy with SERVER.EXE and my set
- >>password NLM on it and I can do my thing.
- >
- >Isn't this just a characteristic of your hardware purchase? I mean,
- >all you're saying is that you can get control of your machine before
- >NetWare does. It's hard to fault NetWare for not doing something
- >before it gets control.
- >
- >I don't know if any PC manufactures have done this, but it wouldn't be
- >too hard to prevent this type of attack. Most PCs nowadays have a
- >CMOS configuration switch to force booting off the hard disk. Just
- >require a password to change CMOS, and then without the password the
- >server should be unstoppable, shouldn't it?
- >
- >Once you get this far, the direct break-ins would tend to be physical.
- >There's no end of physical escalation, so i tend not to worry about it
- >myself. Even with solid software protection, "all" the enemy has to
- >do is open up the box, remove the hard disk, and put it in a machine
- >that's more "friendly". Put a lock on the case, and the enemy has to
- >pick, pry, or burn it open. Lock it in a room, he breaks into the
- >room...and the building! Heck, put armed guards around it...he
- >*kills* them. Ad infinitum.
- >
- >This reminds me of Craig Everhart's axiom: *Never* put anything into a
- >computer or a network that you don't want anyone else to see. Too bad
- >his advice isn't practical, even if it is sage.
- > don provan
- > donp@novell.com
-
- Hi,
-
- I have stayed clear of this discussion for long enough.
-
- The more "padlocks" you put on a system, the more you entice clever burglars
- to break in. *THERE IS NO SUCH THING AS A COMPLETELY SECURE LAN.* Remember,
- you are sending bit sequences over a cable or through the air. This means that
- a clever person will always have access to these same bit sequences. Encryption
- keys of all kinds can eventually be forged. CHAOS is used to de-crypt the
- secrets of nature. I suspect human encryption schemes would be easier to break.
-
- The bottom line is this. Security systems (both hardware and software) keep
- only honest and ignorant people away.
-
- I am not saying you shouldn't at least TRY to keep unauthorized "eyes" from your
- network, but realize there are built-in limits to any secrity system. Limits
- like these are part of nature. They are not "imposed" or left resident by
- Novell or any other network designer.
-
- Think Peace...
-
- Dan Seeman
- Novell
- Walnut Creek, Ca.
-
- ps. What happens when you tell someone your password over the telephone (maybe
- by accident)? Would a LAN security system protect against this?
-
-
