[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: console access
On Thu, 29 Jan 1998, Schlomo Schapiro wrote:
>Hi,
>
>Can't you bar physical access to the computer-box (like put it into a
>strong cabinet, and leave screen, keyboad and mouse outside ?).
>If not, take out the floppy, disable all compilers, kill all
^^^^^^^^^^^^^^^^^^^^^
No need. I may write all BIOS-cracking and most shellcode exploits on a
small piece of paper and enter them as binary dump. That's not so hard,
given copule of hours... And most crackers have plenty of time...
Just gives you false sense of "if I didn't install it and have no
compiler, nobody can have it here". If you allow outside FTP, expect full
gcc install in your /tmp. ;) If you allow any data transfer, expect
precompiled code of any tool you may imagine in user's home. ;) If you
don't allow anything, what is the computer for?
>hardware-related devices, that could provide access to the bios. Try
>MrBIOS, they have replacement BIOS for most PCs with better security (no
>setup, no low-level format ...). Disable CtlAltDel.
What for? If you have no floppy, C-A-D doesn't do no bad (except reboot,
but you might pull out the plug anyway).
Yet another idea - put some trash 386 with floppies and DOS, and allow FTP
access from it to the Linux machines. This clearly doesn't allow to boot,
but allows data transfer. Though, the B: idea might really be better...
Then, to feed your paranoia, ;) imagine following scenary: I come to
your Linux PC with laptop+ethernet card+sniffer installed, take out enternet
plug from the PC, put it into laptop, sniff traffic for all the subnet for
half an hour (logins, data, everything), put the plug back and leave...
Maybe leaving just monitor and keyboard and mouse accessible and
hiding the PC would be better. Depends on who's around.
Physical access is something dangerous, given proper means ;) Then again,
anything is dangerous, given proper means :). Good set of monitoring tools
will make life much easier than vigorous erasing of compilers and
interpreters and "dangerous" tools.
--
frodo@sharat.co.il \/ There shall be counsels taken
Stanislav Malyshev /\ Stronger than Morgul-spells
phone +972-2-5369213 /\ JRRT LoTR.
http://www.sharat.co.il/frodo/ whois:SM719-RIPE@whois.ripe.net