From owner-freebsd-questions Sun Feb 1 13:30:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA09346 for questions-outgoing; Sun, 1 Feb 1998 13:30:39 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA09325 for ; Sun, 1 Feb 1998 13:30:24 -0800 (PST) (envelope-from kpielorz@tdx.co.uk) Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242]) by caladan.tdx.co.uk (8.8.7/8.8.7) with ESMTP id VAA01660; Sun, 1 Feb 1998 21:29:15 GMT (envelope-from kpielorz@tdx.co.uk) Message-ID: <34D4E92B.C0BA0172@tdx.co.uk> Date: Sun, 01 Feb 1998 21:29:15 +0000 From: Karl Pielorz Organization: TDX X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: "David E. Cross" CC: freebsd-questions@FreeBSD.ORG Subject: Re: FreeBSD boot banner (securing FreeBSD) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe questions" Hmmm.... I still don't think it's going to be possible unless you remove the floppy and padlock the case... I've seen some 'mean' floppy-drive locks though (not like the usual plastic affairs) which might make it more feasable just to lock the drive up... As for getting round the security with 2 disks, well you can do it with 1 for NT, and I seem to remember being able to boot the old SCO system I used to run off a floppy - and then mount the root filesystems etc. (though it wasn't running C2 trusted)... You could always set a BIOS password on the machine, make sure the case is very well secured (back to padlock again) - and disable the machine booting from the Floppy drive - which at least leaves it free for usage once booted? Regards, Kp David E. Cross wrote: > > On Sat, 31 Jan 1998, Karl Pielorz wrote: > > > Remove the floppy drive? - and secure the case (with a padlock)?... > > I am not looking for that level of security; I am mostly just curious. > By the same token, I am hoping that there would be some way of preventing > a person from circumventing FreeBSDs security than just walking up to a > machine with 2 disks. Sun, with their NVRAM password accomplishes this; > you need to actually open the case (which can also be easily secured), and > without loosing functionality. The equivalent solution that I can see is > to remove the floppy drive, and that looses the functionality of the > floppy drive from within the program. > > -- > David Cross > UNIX Systems Administrator > GE Corporate R&D