home *** CD-ROM | disk | FTP | other *** search
- From: campbelr@hpcuhe.cup.hp.com (Bob Campbell)
- Date: Fri, 21 Aug 1992 18:12:23 GMT
- Subject: Re: HP 9000/370, no root password!
- Message-ID: <31480229@hpcuhe.cup.hp.com>
- Organization: Hewlett Packard, Cupertino
- Path: sparky!uunet!usc!sdd.hp.com!hp-cv!hp-pcd!hpfcso!hpcuhb!hpcuhe!campbelr
- Newsgroups: comp.sys.hp
- References: <1992Aug15.022529.7176@mccc.edu>
- Lines: 31
-
- > I realize that physical access allows people to do nasty things, but in
- > our environment, having someone mess around with the connections to the
- > disks would probably be noticed and stopped. Cycling power on a
- > workstation probably would not be noticed. I guess I'd like to see it
- > where a bad guy would have to seriously mess with the hardware to do
- > anything really harmfull. After all, I can't lock all our workstations
- > up in a vault, or nobody would be able to use them!
-
- If you give me access to a system, and let me cycle power, I could do
- many things.
-
- 1. Wipe all of your discs.
- 2. Copy all of your disc information without leaving *any* trace
- behind (apart from the powerfail/reboot)
- 3. Mount your discs and and do what I feel like.
-
- A bad guy does not to do much of anything physically, you certainly
- wouldn't need a screwdriver. For most systems I could fit everything
- I need for the above into a shirt pocket. Give me a screwdriver, and
- your memory boards look very nice . . .
-
- Physical security in an open environment is an interesting issue. The
- most important tenet being that your system *is* vulnerable, and backups
- and vigilence are of importance.
-
- If the information is sensitive, then physical security is required.
-
- ---------------------------------------------------------------------------
- Bob Campbell Some times I wish that I could stop you from
- campbelr@cup.hp.com talking, when I hear the silly things you say.
- Hewlett Packard - Elvis Costello
-
