securing an Ubuntu box in a shared office?
NikNot
niknot at gmail.com
Fri Jul 7 00:26:00 UTC 2006
On 7/6/06, Anonyma <anon-bounces at deuxpi.ca> wrote:
> I know that anyone who can get into a computer can make it insecure
> (by putting the hard drive in another machine or taking the mo/board
> battery out to clear the bios password), but what are the steps I can
> realistically take to make a computer in a shared office secure? I
> can only think of these two:
>
> 1. set a BIOS password
>
> 2. set a GRUB password so no-one else can boot it into single-user
> mode
>
I wouldn't bother with boot protection - if the attacker can open the case,
he will not boot your computer at all: he will connect the HD to an IDE/USB
adapter and scoop the content onto his laptop.
Encrypting the dart is thus a must, but:
If the attacker can open your computer case or the keyboard to
install a hardware key logger and remain undetected, there is nothing
you can do to prevent the data from being compromised.
If however, you are confident you can detect first such intrusion and refrain
from using the compromised box thereafter, install TrueCrypt
(www.truecrypt.org) and put all your data on a TrueCrypt encrypted partition.
Use both a password and a keyfile (on a miniCD, keep it with you when away
from the computer) and your data will be secure.
niknot
More information about the ubuntu-users
mailing list