Date: Wed, 6 Feb 2002 11:12:02 -0500 (EST) From: Weldon S Godfrey 3 <weldon@excelsus.com> To: Greg Lane <gregory.lane@anu.edu.au> Cc: Brett Glass <brett@lariat.org>, Victor Grey <victor@customdynamic.net>, <freebsd-security@FreeBSD.ORG> Subject: Re: Is this evidence of a break-in attempt? Message-ID: <Pine.BSF.4.44.0202061105140.56746-100000@joule.excelsus.com> In-Reply-To: <20020207024804.A28463@nucl03.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
But isn't slowing down the name of the game? If someone is good enough and they want to break in bad enough, they are going to get in. Nothing replaces consistent security monitoring and investigation. The more hoops you put up, the greater the likelihood you will be able to catch it, stop it before it goes too far, or discourage them, and/or circumvent the less knowledgeable (which accounts for more attempts than the knowledgeable). It is the same as your car and house. If a thief is bold enough, no matter how many alarms you have, that won't stop them. It doesn't mean you should give up and leave keys in the ignition :) If memory serves me right, sometime around Tomorrow, Greg Lane told me: > > I recommend that any box placed into a colo or a location that the > > security isn't under your direct control to mark your console as > > "insecure" in /etc/ttys so that root password will be asked when someone > > boots into single user mode. > > > > Weldon > > It will slow someone down, but as you no doubt know, if a box is not under > your direct control and someone has a clue then that doesn't help much. All > it takes is the fixit floppy. Mount / and /usr, edit the passwd file, > pwd_mkdb, instant root. > > We've had to do this to an embarrassingly large number of boxes where > we've forgotten the root passwords. > > Bios passwords, disabled floppy drives and other tricks might slow you > down, but in the end, physical access to the box and the game is > pretty much already over... > > Greg > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.44.0202061105140.56746-100000>