home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!dtix!darwin.sura.net!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!ns1.cc.lehigh.edu!jjk1
- From: jjk1@ns1.cc.lehigh.edu (Konsultant Josh/fuzzy.happy.green.box)
- Newsgroups: comp.os.linux
- Subject: Re: Linus security/Non root access
- Message-ID: <1992Aug22.004851.89467@ns1.cc.lehigh.edu>
- Date: 22 Aug 92 00:48:51 GMT
- Organization: Lehigh University
- Lines: 30
-
- In article <BtCGLp.Kuw@dexter.mi.org>, jsr@dexter.mi.org (Jay S. Rouman) writes:
- >This is essentially what Sun does. It's a passworded boot prom, but
- >the effect is the same. However, keep in mind that once someone has
- >physical access to a machine, most of the security battle is already
- >lost. They can always remove the disk drive and move it to another
- >machine, if they can't get around your password system. I have been
- >taught to make the machine as secure as possible from dialin and
- >network attacks and let it go at that. If the bad guy has physical
- >access, it's only a matter of time.
-
- Whoa - you're talking an entirely different type of security breach.
- I know that here at Lehigh, we have the machines physically bolted and
- locked to tables; we had a printer stolen recently, but the people
- smashed the entire case and took the insides (in other words, they
- didn't get a functional printer). Software security is one thing, but
- if your site is such that people can simply walk in, open the machine,
- and take the hard drive, you've got an entirely different type of
- problem. Booting from floppies then becomes the least of your
- worries, no?
-
- --Josh
-
- --
- ____________------------===========------------____________
- from: Josh Kopper
- jjk1@lehigh.edu
-
- Computer Engineering, EECS Department, Lehigh University
-
- Systems Programming - Lehigh University Computing Center
-
