"Ctrl-Alt-Del to login" important for security?
Tristan Wibberley
maihem at maihem.org
Sat Mar 4 20:21:16 GMT 2006
Michael Shigorin wrote:
> On Wed, Mar 01, 2006 at 10:12:25PM +0000, Tristan Wibberley wrote:
>>> Anyway, any computer which is physically accessible is
>>> vulnerable (you always can stole the HD and work at home ;)).
>> You can pull a hard disk out through the keyboard or monitor?
>
> Yep. Do you have bootloader password?
This computer is not secured... (It runs a recent Linux).
If I wanted a secure computer, I can lock it in a box and set a BIOS and
bootloader password for the rare powercut. It requires a lot of effort
and time (= increased chance of being caught) to get past that much, and
it needs to be maintained all the way up to the desktop environment,
otherwise you can't offer a Linux console in a public space.
I inferred from the parent poster that he thought that forall x.
scenario(x) => keyboard-access(x) ->
no-reasonable-level-of-security-possible(x). That is not true. What
physical access grants you by necessity is a reasonable certainty of the
physical location of the box, a reasonable certainty of your proximity
to it, and a reasonable certainty of the tools and skills required to
obtain it; thus merely an increased probability of successfully opening
it - but it comes along with a reasonable certainty of getting caught too.
Doctors with paper files don't consider it to be a terrible problem that
the location and strength of the filing cabinets is known; they are not
worth the effort to break into, but the secretarial staff wouldn't just
hand files over willy-nilly. So too with a public console -
unsecured-software -> trivial-to-break-in, secured-software -> break ins
will be *extremely* rare for most computers.
Then you just have to erect physical barriers to the main unit
appropriate to the importance of the data in within it.
--
Tristan Wibberley
More information about the sounder
mailing list