From owner-freebsd-questions  Sat Jan 31 10:16:38 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA13383
          for questions-outgoing; Sat, 31 Jan 1998 10:16:38 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA13345
          for <freebsd-questions@FreeBSD.ORG>; Sat, 31 Jan 1998 10:16:20 -0800 (PST)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.8.7/8.8.7) with ESMTP id SAA05377;
	Sat, 31 Jan 1998 18:14:48 GMT
	(envelope-from kpielorz@tdx.co.uk)
Message-ID: <34D36A17.44B3EDFC@tdx.co.uk>
Date: Sat, 31 Jan 1998 18:14:47 +0000
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX
X-Mailer: Mozilla 4.04 [en] (WinNT; I)
MIME-Version: 1.0
To: "David E. Cross" <dec@phoenix.its.rpi.edu>
CC: freebsd-questions@FreeBSD.ORG
Subject: Re: FreeBSD boot banner (securing FreeBSD)
References: <Pine.BSF.3.96.980131115809.5729C-100000@phoenix.its.rpi.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe questions"

Remove the floppy drive? - and secure the case (with a padlock)?...

Seriously though, if you can't secure the room where the server is - your
probably going to find it very hard to secure the server at all - this goes
for Netware, NT, and every other server OS I've seen, if people can get
physical access to the hardware - it's going to be tricky...

There are a few companys that do metal enclosures for PC's, or you could put
the whole lot in a locked cabinet or something? (with ventilation)...

Regards,

Karl Pielorz

David E. Cross wrote:
> 
> I have enabled the BIOS password on my server, and prevented booting to
> the 'A:' drive, but it seems that all someone needs to do to bypass that
> is create a FreeBSD floppy, and when the boot prompt comes up to do a
> 'sd(0,a)/kernel'.  Is there any way to prevent this?
> 
> --
> David Cross
> UNIX Systems Administrator
> GE Corporate R&D