On Sat, 30 Jul 2011, 夜神　岩男 wrote:

> Coming originally from secret squirrel land, one of the cardinal security 
> rules for us was simply "If the attacker has physical access, you don't have 
> security".

I don't agree with you completely, there's many sides to security. 
Data-theft, denial-of-service, hardware-theft, fire/water damage... 
Different kinds of measures can help you to protect against one or more of 
these, but simply stating that a GRUB password, a BIOS password or an 
encrypted filesystem do not help against someone with physical access is 
not true.

It's the difference between a good lock, a bad lock and no lock. Depending 
on the determination, the environment and the tools available, a good lock 
may very well prevent your bike from being stolen. No lock may guarantee 
it gets stolen (at least in some areas over here).

And that's just hardware, you might be concerned with the data-theft. 
Filesystem encryption doesn't prevent your data to be stolen, but makes it 
impossible to be abused when stolen.

So, yes, even considering physical access, a GRUB and BIOS password is 
very much recommended. And disabling ctrl-alt-del is a good measure to 
protect against accidental reboots... Everything adds up to the total 
security.

-- 
-- dag wieers, [log in to unmask], http://dag.wieers.com/
-- dagit linux solutions, [log in to unmask], http://dagit.net/

[Any errors in spelling, tact or fact are transmission errors]