[ubuntu-uk] System Security (Was Re: Password recovery)
tony.arnold at manchester.ac.uk
Sun Jul 6 23:42:30 BST 2008
Matthew Macdonald-Wallace wrote:
> Indeed, if you have a live CD (even if it's a really basic one such as
> a debian/ubuntu installer), there is a huge amount of damage you can
> do to a system.
> From a relatively modern (last year or so) Linux-based Live CD, you
> can do the following:
> On a windows System:
> * Mount the hard-disks and copy any data onto either a USB key or
> the internet
> * Use the copied data to take information about the system-setup
> (especially if you can get a copy of the registry!) and therefore
> information about the network it is attached to
> * Leave (hopefully without detection) and use the information you
> have recovered without anyone knowing you were there in the first place.
> * Format the harddisks (although why you'd want to do this I have
> no idea - it's a dead giveaway you've been up to something!!!)
> On a Linux System:
> * All of the above
> * mount and "boot" into the local system via a "chroot" allowing
> you to run the system and install software (although unless you're
> careful you'll leave logs all over the place)
> * Change passwords (including root!!) although quite often this is
> also a dead giveaway
> How to protect against this? If it's your desktop, don't let people
> near it. If it's your server - keep it locked, only attach a keyboard
> when you do maintainence and ensure that you know exactly when and why
> it is off-line (any unusual outages should be investigated immediately).
Alternatively, encrypt your file systems and disks! Any would be hacker
would then need the encryption key before doing any of the above!
(Well, she could format the disks, but would not get any information
from them. You need backups for that. In fact unencrypted backups kept
in a locked safe preferably is a must for encrypted systems; in case you
lose the key!)
> Hope I've not given anyone nightmares,
It's OK, I'm paid to have nightmare about this stuff!
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
More information about the ubuntu-uk