From owner-freebsd-current Mon Jan 4 11:34:13 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA23067 for freebsd-current-outgoing; Mon, 4 Jan 1999 11:34:13 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from dingo.cdrom.com (castles165.castles.com [208.214.165.165]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA23042 for ; Mon, 4 Jan 1999 11:34:08 -0800 (PST) (envelope-from mike@dingo.cdrom.com) Received: from dingo.cdrom.com (LOCALHOST [127.0.0.1]) by dingo.cdrom.com (8.9.1/8.8.8) with ESMTP id LAA14171; Mon, 4 Jan 1999 11:26:09 -0800 (PST) (envelope-from mike@dingo.cdrom.com) Message-Id: <199901041926.LAA14171@dingo.cdrom.com> X-Mailer: exmh version 2.0.2 2/24/98 To: Poul-Henning Kamp cc: Mike Smith , "Jordan K. Hubbard" , Garrett Wollman , Tom Bartol , current@FreeBSD.ORG Subject: Re: New boot blocks for serial console ... In-reply-to: Your message of "Mon, 04 Jan 1999 20:14:25 +0100." <15157.915477265@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 04 Jan 1999 11:26:09 -0800 From: Mike Smith Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In message <199901041858.KAA14013@dingo.cdrom.com>, Mike Smith writes: > >> In message <38397.915473345@zippy.cdrom.com>, "Jordan K. Hubbard" writes: > >> >> Not at all. Ever heard of a padlock? > >> > > >> >Give me physical access to your machine, with or without a padlock, > >> >and I'll have root on that baby before you have a chance to come back > >> >from lunch. > >> > > >> >I think the original comment that there's no security without physical > >> >security has definite merit. The NSA learned this decades ago! :) > >> > >> Uhm, well there is, but it is called "tamper-proof hardware" and costs > >> a fortune. > > > >It's not "tamper-proof", it's "tamper-resistant", and I can suggest a > >wide range of "tampering" hardware that it won't stand up to for long. > > No, you bet it is tamper-PROOF. > > They will guarantee that you will not get access to anything in > the computer. Last perimeter will inject 220V (mains) through > vital bits of the computer (including your flash disk) if broken. > > By the time you have gotten through the 10mm steel plate, the computer > is dead. And quite likely you as well, they have versions with > poison-gas release and all sorts of nasties. > > Primary market: ATM & Banking terminals. > > Smallest model and the closest they have to a portable in the > catalog I have here weighs 450 kg (thats 900 pounds), sports 10mm > steel casing (both the outher case and the CPU module case inside > it) it comes with optional holes in the bottom so you can bolt it > to a foundation. It is also IP67 watertight and they will paint > it in any color you like. Price: $CALL. I recommend you find and read a copy of the very excellent, if somewhat dated, "Danger UXB" before being quite so certain. And consider; you still have to be able to open it for maintenance - if a direct physical approach is inefficient, hack the supporting organisation. I could also point out that I have a family background that covers financial IT, and I've seen the aftermath of a number of ATM takeovers both successful and otherwise. I was old enough to be very interested while my father was building a new datacentre (his third, and the second for this company), and got some fairly interesting holiday work in that organisation. 8) Believe me; it doesn't matter how much Heath Robinson hardware you attach to a device to "secure" it - people will still get in. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message