Date: Thu, 8 Nov 2001 09:15:06 +0100 From: "Anthony Atkielski" <anthony@atkielski.com> To: "Giorgos Keramidas" <charon@labs.gr>, <questions@FreeBSD.ORG> Subject: Re: Lockdown of FreeBSD machine directly on Net Message-ID: <003401c1682d$7a623cc0$0a00000a@atkielski.com> References: <15330.23714.263323.466739@guru.mired.org> <00b501c1637b$1cd2f880$0a00000a@atkielski.com> <20011102095554.A38169@student.uu.se> <00d801c1637c$d3264640$0a00000a@atkielski.com> <20011102055416.B67495@klatsch.org> <012101c16391$3f31ca80$0a00000a@atkielski.com> <20011108045340.A2965@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos writes: > Think of the damage that someone can do, if > they come with a floppy and steal the keypair > that you use to SSH as root. An important prerequisite to good security is physical security of the server. If you allow direct physical access to the machine, all bets are off. Some machines can be secured well enough to prevent any kind of non-violent penetration, by disallowing disk and CD-ROM boots, putting passwords on the BIOS, locking the case, etc., but someone can still just rip the machine out and carry it off, or pry it open and disable the BIOS password, and so on. I don't know of any non-trivial system that is physically secure, although organizations like the NSA do design small devices that are highly (but not completely) tamperproof. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003401c1682d$7a623cc0$0a00000a>