From owner-freebsd-questions@FreeBSD.ORG Thu Nov 23 22:47:33 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E043816A407 for ; Thu, 23 Nov 2006 22:47:33 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2E8E43D5A for ; Thu, 23 Nov 2006 22:46:51 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from working (c-71-60-174-60.hsd1.pa.comcast.net [71.60.174.60]) (AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Thu, 23 Nov 2006 17:47:27 -0500 id 00056412.456624FF.0000B0CD Date: Thu, 23 Nov 2006 17:47:26 -0500 From: Bill Moran To: VeeJay Message-Id: <20061123174726.1eec4184.wmoran@collaborativefusion.com> In-Reply-To: <2cd0a0da0611231408l4a95b0bfo96bb5dfe5187fbbc@mail.gmail.com> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> <200611230914.kAN9E2GW065034@banyan.cs.ait.ac.th> <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com> <20061123082403.b8afea32.wmoran@collaborativefusion.com> <2cd0a0da0611231408l4a95b0bfo96bb5dfe5187fbbc@mail.gmail.com> Organization: Collaborative Fusion Inc. X-Mailer: Sylpheed version 2.2.9 (GTK+ 2.10.6; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Password Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 22:47:34 -0000 On Thu, 23 Nov 2006 23:08:18 +0100 VeeJay wrote: > On 11/23/06, Bill Moran wrote: > > > > On Thu, 23 Nov 2006 10:45:19 +0100 > > VeeJay wrote: > > > > > On 11/23/06, Olivier Nicole wrote: > > > > > > > > > And how can one into the System by booting from a CD if it still > > > > > requires the Password even in Single User mode? > > > > > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > > > > > Booting in single or multi user mode is at Operating system level. > > > > > > > > Booting is in the following order: > > > > > > > > 1) BIOS select what medium to boot from > > > > > > > > 2) the operating system boot from the selected medium > > > > > > > > So when it comes to the Single user password, itis already at stage 2) > > > > it has passed the stage 1 (booting from hard disk ofr CD) without > > > > password. > > > > > > > > Olivier > > > > > > > > > > So, it means, that I should take the following steps > > > > > > 1. Password on BIOS > > > 2. Change the order of booting i.e. When system is installed and working > > > once, then I just the change the Booting FIRST from HardDisk. > > > 3. Put the password on Single User mode. > > > > > > So, what more? Do you people think that I have got somehow security > > barrier > > > for unauthorized access? > > > > Physically _LOCK_ the server up. Anyone who can get physical access to > > the > > unit can remove the drive and access it from another machine, bypassing > > all > > this stuff. > > > > Another option is to encrypt the hard drives, but this will require you > > (or > > someone else) to enter the password for the encrypted drives every time > > the > > system boots up, so it's generally a maintenance nightmare. > > > > > Well, I am not an expert on FreeBSD. And thats why I don't know that how it > works that > > If 4 Disks of same size for example 146GB each and they are configured with > RAID 10, and Root, SWAP, /usr, /var File systems have been created on them. > And if one takes one or two harddisks and how come he would be able to read > the data when data is splited on 4 disks? Your logic escapes me. If someone were to physically break in to the machine to steal your data, why would they only take some of the drives?