LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

July 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS July 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: password for singleuser - benefits?
From:	夜神　岩男 <[log in to unmask]>
Reply To:	夜神　岩男 <[log in to unmask]>
Date:	Sat, 30 Jul 2011 00:29:24 +0900
Content-Type:	text/plain
Parts/Attachments:	text/plain (53 lines)

On 07/29/2011 11:16 PM, Jeremiah Jahn wrote:
> On the servers you REALLY care about you can  use luks and encrypted USB
> keys that have to be in the system in order for it to decrypt the root
> partition on boot. But most folks don't really need to go to that
> extreme. Your best to decide how valuable the data you have actually is,
> and how often you want to have to come into the office at 3am on a
> Saturday night just to reboot something, much less wake the other guy up
> to open his safe to get the key.  :)
>
> 2011/7/29 Dag Wieers <[log in to unmask] <mailto:[log in to unmask]>>
>
>     On Fri, 29 Jul 2011, Marek Andreánsky wrote:
>
>         Why is securing /etc/inittab helping? I've read that by
>         adding init=/bin/bash to grub you can get into the machine and
>         change the
>         shadow file anyway, which gives you root. I'd say that Red Hat
>         presumes that
>         the server is in a secure location and it is therefore highly
>         improbable
>         that anyone could just simply sit down to it and reboot it
>         without anyone
>         ever noticing.
>
>
>     Well, one of the additional security measures when securing a Linux
>     system is adding a password to your BIOS and to your bootloader. So
>     that changing the kernel commandline or booting another device by
>     someone unauthorized is hard or impossible.
>
>     You could consider someone having physical access to your system, to
>     be able to walk away with the harddisk anyway (encrypted filesystem
>     not taken into account), but at least that's not something you can
>     do without being noticed.

Coming originally from secret squirrel land, one of the cardinal 
security rules for us was simply "If the attacker has physical access, 
you don't have security".

If we are talking about serious security environments then all 
hypotheticals must be taken seriously, and even overwrought schemes such 
as TPM do not prevent compromise in this case (neither does encryption 
in many cases, depending on the attacker's intention -- its not always 
just binary data on a disk that a smart attacker is after).

Physical acces to a system is where coded security gives way in absolute 
terms to physical security measures. But again, that is if we're talking 
about serious security environments and almost none of our use cases 
probably represent that -- so we're left simply balancing usability vs 
security like normal people.

-Iwao

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV