From owner-freebsd-questions@FreeBSD.ORG Wed Jul 13 14:38:28 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A260016A41C for ; Wed, 13 Jul 2005 14:38:28 +0000 (GMT) (envelope-from perikillo@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DA7643D45 for ; Wed, 13 Jul 2005 14:38:27 +0000 (GMT) (envelope-from perikillo@gmail.com) Received: by rproxy.gmail.com with SMTP id b11so215600rne for ; Wed, 13 Jul 2005 07:38:24 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GUAjaC5jt8eqVEeWNBlODpjiERTtGAb5/3tNEtFVCtXpyVXl18vUFP/ARsRHHmly2Am63mmmkQ+AsHjDICNC2DFvWnBVNmZEnNVME26i1hCE+qZg5ZBLL+Dl3HKttLY+6Qw/TzFGiHT4gpOhZJ5N1wYiA0XUeBd69rasa03+3fc= Received: by 10.38.90.51 with SMTP id n51mr823007rnb; Wed, 13 Jul 2005 07:38:24 -0700 (PDT) Received: by 10.38.98.73 with HTTP; Wed, 13 Jul 2005 07:38:23 -0700 (PDT) Message-ID: <51d7a5160507130738fa78f4e@mail.gmail.com> Date: Wed, 13 Jul 2005 07:38:23 -0700 From: perikillo To: freebsd-questions@freebsd.org In-Reply-To: <42D51732.4080106@scls.lib.wi.us> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <1121252743.42d4f587ada2c@imp4-q.free.fr> <42D51732.4080106@scls.lib.wi.us> Subject: Re: securing FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: perikillo List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jul 2005 14:38:28 -0000 >On 7/13/05, Greg Barniskis wrote: > alexandre.delay@free.fr wrote: > > hi guys > > > > I would like to secure my FreeBSD server. > > I don't want anyone to be able to access to the disk using a bootable C= D (or by > > setting the actual hdd to secondary and plug an other primary hdd). > > > > I just don't want anyone to be able to hack this box nor any password. > > > > Do you have a solution? >=20 > Securing a platform against a determined attacker who can put their > hands on the physical hardware is a significant challenge for any > OS. To protect against the type of attack you describe, encrypting > all disk content (or at least the sensitive parts) is probably the > only effective thing you can do, short of sealing the whole thing > inside some other physically protected environment. >=20 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encryptin= g.html >=20 > Short of that, you could use a case with a trigger mechanism that > informs the BIOS that the case has been opened, so that a warning is > emitted at boot time re: physical security has been violated. Of > course, that doesn't prevent intrusion, it just tells you that it > occurred (and then, only if the intruder doesn't also violate your > BIOS security and simply reset the "case has been opened" bits). >=20 > -- > Greg Barniskis, Computer Systems Integrator > South Central Library System (SCLS) > Library Interchange Network (LINK) > , (608) 266-6348 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >=20 Plus, use google: +hardening freebsd.