Date: Wed, 13 Jul 2005 08:29:22 -0500 From: Greg Barniskis <nalists@scls.lib.wi.us> To: alexandre.delay@free.fr Cc: freebsd-questions@freebsd.org Subject: Re: securing FreeBSD Message-ID: <42D51732.4080106@scls.lib.wi.us> In-Reply-To: <1121252743.42d4f587ada2c@imp4-q.free.fr> References: <1121252743.42d4f587ada2c@imp4-q.free.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
alexandre.delay@free.fr wrote: > hi guys > > I would like to secure my FreeBSD server. > I don't want anyone to be able to access to the disk using a bootable CD (or by > setting the actual hdd to secondary and plug an other primary hdd). > > I just don't want anyone to be able to hack this box nor any password. > > Do you have a solution? Securing a platform against a determined attacker who can put their hands on the physical hardware is a significant challenge for any OS. To protect against the type of attack you describe, encrypting all disk content (or at least the sensitive parts) is probably the only effective thing you can do, short of sealing the whole thing inside some other physically protected environment. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html Short of that, you could use a case with a trigger mechanism that informs the BIOS that the case has been opened, so that a warning is emitted at boot time re: physical security has been violated. Of course, that doesn't prevent intrusion, it just tells you that it occurred (and then, only if the intruder doesn't also violate your BIOS security and simply reset the "case has been opened" bits). -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) <gregb at scls.lib.wi.us>, (608) 266-6348
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42D51732.4080106>