From owner-freebsd-questions@FreeBSD.ORG Thu Nov 23 22:08:43 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B2BAC16A40F for ; Thu, 23 Nov 2006 22:08:43 +0000 (UTC) (envelope-from maanjee@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C54743DBB for ; Thu, 23 Nov 2006 22:07:46 +0000 (GMT) (envelope-from maanjee@gmail.com) Received: by py-out-1112.google.com with SMTP id f31so370432pyh for ; Thu, 23 Nov 2006 14:08:18 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=stUjTspIWTU95eN4+/lf2KpuhJNwQzUyTH3dhH5z0E4ra9Z3iQmkByxxIhnQARgSZP4sQLMSsocef2+9Ik9h2oKNesQ0Q4XfsUMAmeHKNoMyvShrePuDJrjcb52knNx7FXGrueje0DplkDZzq/nexPL+bGQ3KfwvoD21bavSQaM= Received: by 10.35.96.7 with SMTP id y7mr4316730pyl.1164319698647; Thu, 23 Nov 2006 14:08:18 -0800 (PST) Received: by 10.35.32.4 with HTTP; Thu, 23 Nov 2006 14:08:18 -0800 (PST) Message-ID: <2cd0a0da0611231408l4a95b0bfo96bb5dfe5187fbbc@mail.gmail.com> Date: Thu, 23 Nov 2006 23:08:18 +0100 From: VeeJay To: "Bill Moran" In-Reply-To: <20061123082403.b8afea32.wmoran@collaborativefusion.com> MIME-Version: 1.0 References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> <200611230914.kAN9E2GW065034@banyan.cs.ait.ac.th> <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com> <20061123082403.b8afea32.wmoran@collaborativefusion.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Password Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 22:08:43 -0000 On 11/23/06, Bill Moran wrote: > > On Thu, 23 Nov 2006 10:45:19 +0100 > VeeJay wrote: > > > On 11/23/06, Olivier Nicole wrote: > > > > > > > And how can one into the System by booting from a CD if it still > > > > requires the Password even in Single User mode? > > > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > > > Booting in single or multi user mode is at Operating system level. > > > > > > Booting is in the following order: > > > > > > 1) BIOS select what medium to boot from > > > > > > 2) the operating system boot from the selected medium > > > > > > So when it comes to the Single user password, itis already at stage 2) > > > it has passed the stage 1 (booting from hard disk ofr CD) without > > > password. > > > > > > Olivier > > > > > > > So, it means, that I should take the following steps > > > > 1. Password on BIOS > > 2. Change the order of booting i.e. When system is installed and working > > once, then I just the change the Booting FIRST from HardDisk. > > 3. Put the password on Single User mode. > > > > So, what more? Do you people think that I have got somehow security > barrier > > for unauthorized access? > > Physically _LOCK_ the server up. Anyone who can get physical access to > the > unit can remove the drive and access it from another machine, bypassing > all > this stuff. > > Another option is to encrypt the hard drives, but this will require you > (or > someone else) to enter the password for the encrypted drives every time > the > system boots up, so it's generally a maintenance nightmare. > Well, I am not an expert on FreeBSD. And thats why I don't know that how it works that If 4 Disks of same size for example 146GB each and they are configured with RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. And if one takes one or two harddisks and how come he would be able to read the data when data is splited on 4 disks? -- Thanks! BR / vj