Subject: Re: Security Question: require root passwd for single user modelogin?
From: Michael A. Peters (Moonglue@141.com )
Date: Mon Aug 28 2000 - 16:57:52 MDT
I also might add that we have boxes in a rackmount with a locked case.
To get at their hard drive, you have to break the lock on the server
rack- unless you have the key.
They also have monitors and keyboard up top, through as switch. Thus,
if it was a Mac or if lilo wasn't password protected, they could be
rooted with the current single user/no password and user shutdown
(assuming the would be rooter had an account, not uncommon for an
employee to have).
It would be very difficult to boot off of alternate media or steal
the hard drive on these boxes.
For a home os, maybe its not as much of an issue. For a server, its a
big issue. Most hacking is done from within companies behind the
firewall. Why lax local security?
>"Michael A. Peters" wrote:
>
> > NOT requiring a password to boot single user is a Red Hat thing, and
> > it sucks for physical security.
>
>Access to the console, period sucks for physical security. Don't ever
>assume just because single user mode is password protected that it will
>stop anyone getting in.
>
>Just boot off alternate media like a CD or floppy and mount the root
>filesystem - you're in. If you password protect the BIOS, just take the
>harddrive out and put it in another machine for a few minutes until
>you're in. If you have physical access to the machine, you're in - the
>best security is lock and key.
>
>Regards,
>Graham
>--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Michael A. Peters-- http://24.5.29.77/Linux_Pages/
http://www.omnilinux.com/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This archive was generated by hypermail 2a24 : Tue Aug 29 2000 - 02:02:16 MDT