From owner-freebsd-questions@FreeBSD.ORG Thu Nov 23 13:25:24 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A265016A416 for ; Thu, 23 Nov 2006 13:25:24 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id A7EC343D6D for ; Thu, 23 Nov 2006 13:24:47 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from working (c-71-60-174-60.hsd1.pa.comcast.net [71.60.174.60]) (AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Thu, 23 Nov 2006 08:25:21 -0500 id 000564EE.4565A141.00008F87 Date: Thu, 23 Nov 2006 08:25:20 -0500 From: Bill Moran To: VeeJay Message-Id: <20061123082520.af5d4265.wmoran@collaborativefusion.com> In-Reply-To: <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> Organization: Collaborative Fusion Inc. X-Mailer: Sylpheed version 2.2.9 (GTK+ 2.10.6; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Password Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 13:25:24 -0000 On Thu, 23 Nov 2006 09:56:23 +0100 VeeJay wrote: > So, does it mean that Windows 2003 Server provides more Password Level > Security with Unauthorized Access? Where is this presumption coming from? Windows OS suffer from the same difficulty protecting from physical intrusion that any other OS does. > And how can one into the System by booting from a CD if it still requires > the Password even in Single User mode? > > > > On 11/22/06, Jerry McAllister wrote: > > > > On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: > > > > > Hi > > > > > > I need to secure my data and server. Any advice will be highly > > appreciated. > > > > > > I am going to place my FreeBSD server at a shared place? > > > > > > I am just afraid that any unauthorized person might boot machine in > > single > > > user mode and steal the data? > > > How can I make my Server secure that if if boots in single user mode, it > > > still demands the password and without password one cannot do anything? > > > or make it possible that booting in Single user mode, doesn't provide > > any > > > shell? > > > > Lock it in a box. Anyone who can put their hands physically can > > get in to the machine with a little tinkering even if you disable > > lots of software. > > > > I think you can get rid of the single user option in the boot, > > but anyone with a CD can defeat that if they want to. It would > > make things harder for yourself in managing the system, but it > > would slow a person down from casual interference. > > > > Also, many machines have BIOS level boot passwords that can be turned > > on. Using that would slow a person down, but be annoying for youself, > > especially in times such as power failures - the system would not come > > back up automatically without someone entering the BIOS password. > > > > Plus, if a person is determined enough, they can defeat that as well > > by removing the battery backup for the MB or the flash memory. But, > > it would stop casual tinkering.