From owner-freebsd-security Fri Dec 20 09:03:41 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id JAA27640 for security-outgoing; Fri, 20 Dec 1996 09:03:41 -0800 (PST) Received: from foobar.gw2kbbs.com (foobar.gw2kbbs.com [205.217.137.150]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id JAA27635 for ; Fri, 20 Dec 1996 09:03:38 -0800 (PST) Received: from blue ([10.12.5.66]) by foobar.gw2kbbs.com (8.7.5/8.6.11) with SMTP id LAA18794; Fri, 20 Dec 1996 11:03:29 -0600 (CST) Message-ID: <32BAD160.E46@gw2kbbs.com> Date: Fri, 20 Dec 1996 11:48:16 -0600 From: Tyson Reply-To: tysonb@gw2kbbs.com X-Mailer: Mozilla 2.02E (OS/2; I) MIME-Version: 1.0 To: Igor Roshchin CC: freebsd-security@freebsd.org Subject: Re: stopping users from rebooting with ctr-alt-del References: <199612201504.JAA23349@alecto.physics.uiuc.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Igor Roshchin wrote: > In a public place I would also disable "reset" and "power" button > This illustrates the need for physical security. Any terminal other than console and possibly an alternate has no business being able to reboot the cpu. So far as security on PC's goes, I would also mention that it is a good idea to operate on a least priviledge mode when thinking security. I go so far as to pull the screws from the floppy drive, push the floppy further inside the case, and slap a bay cover on top. Same for CD-ROM's. It's the out of sight, out of mind principle. The newer ATX cases present some good possibilities as well, as now you can move/hide the power switch as well as the reset switch. Even then I wind up hearing about a luser who tries to get around that. I usually then point them to the "Simon, BOFH" documents, and ask them if they'd like that. For some reason, they start to behaving themselves. I wonder why. };-) >