Date: Tue, 11 Jul 2006 17:22:34 -0400 (EDT) From: Jonathan M Bresler <jmb@bresler.org> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-security@freebsd.org, Poul-Henning Kamp <phk@phk.freebsd.dk>, "R. B. Riddick" <arne_woerner@yahoo.com> Subject: Re: Integrity checking NANOBSD images Message-ID: <20060711170817.X94314@newgate.bresler.org> In-Reply-To: <6.2.3.4.0.20060711165223.04bce500@64.7.153.2> References: <77192.1152649343@critter.freebsd.dk> <20060711204521.80198.qmail@web30304.mail.mud.yahoo.com> <6.2.3.4.0.20060711165223.04bce500@64.7.153.2>
next in thread | previous in thread | raw e-mail | index | archive | help
> >A switch like on those 1.44'' floppy discs would be good... > >But then software/OS updates would require physical access to the box... > > For this app, the problem is that there might indeed be physical > tampering with the box despite some reasonable efforts to lock it up. If the box is subject to tampering and not in a tamper-proof container, then it may be impossible to know whether or not the device has been tampered with or modified. seems to me that it would be possible to replace the device with one that emulates its behavior or rather intercepts connections (using the same ssh keys copied from the device) and relays the data on to the device, relaying responses back to you, all the while copying the cleartext data stream to another device. perhaps, you might consider setting it up so that if the box is opened the flash is zapped. > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060711170817.X94314>