securing an Ubuntu box in a shared office?

Serg B. sergicles at gmail.com
Fri Jul 7 00:58:45 UTC 2006 

Howdy,

If you expect people to perform a physical attack on the machine such
as opening a case and what not then (you are screwed either way, don't
install machine there) I suggest bolting the case shut and covering it
with liquid nails. Super gluing all peripherals to it could also help.
Hope you can see the humor in that.

Even better choice, keeping it in a server room and lock the door.
Don't you love simplest solutions. No server room? No problem, explain
to your boss whats going on and keep it in his office.

This is a given for any environment but I thought I would mention it
anyway while being on the subject of bullshit suggestions.

A good starting points for you, in my opinion are:

1. Put it in a server room and lock the door.
2. Install and run a package called Bastille-Linux.

In regards to actual (general) OS hardening: Plenty of info for that
on the net. And volumes, volumes and volumes of books, some of them
are even worth reading.

   Serg


On 07/07/06, NikNot <niknot at gmail.com> wrote:
> On 7/6/06, Anonyma <anon-bounces at deuxpi.ca> wrote:
> > I know that anyone who can get into a computer can make it insecure
> > (by putting the hard drive in another machine or taking the mo/board
> > battery out to clear the bios password), but what are the steps I can
> > realistically take to make a computer in a shared office secure?  I
> > can only think of these two:
> >
> > 1. set a BIOS password
> >
> > 2. set a GRUB password so no-one else can boot it into single-user
> >    mode
> >
> I wouldn't bother with boot protection - if the attacker can open the case,
> he will not boot your computer at all: he will connect the HD to an IDE/USB
> adapter and scoop the content onto his laptop.
>
> Encrypting the dart is thus a must, but:
>
> If the attacker can open your computer case or the keyboard to
> install a hardware key logger and remain undetected, there is nothing
> you can do to prevent the data from being compromised.
>
> If however, you are confident you can detect first such intrusion and refrain
> from using the compromised box thereafter, install TrueCrypt
> (www.truecrypt.org) and put all your data on a TrueCrypt encrypted partition.
> Use both a password and a keyfile (on a miniCD, keep it with you when away
> from the computer) and your data will be secure.
>
> niknot
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>

More information about the ubuntu-users mailing list