Date: Tue, 3 Mar 2015 06:02:13 -0800 From: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> To: Polytropon <freebsd@edvax.de> Cc: fluxwatcher@gmail.com, Arthur Chance <freebsd@qeng-ho.org>, FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: Check root password changes done via single user mode Message-ID: <CAOgwaMvytBWdoprPNSuqKMnuX-w7-L_u1Wvg=kTH7nEDCjTjvw@mail.gmail.com> In-Reply-To: <20150303141633.c38bdc7b.freebsd@edvax.de> References: <54F56A83.3000404@gmail.com> <CA%2ByaQw_3JJ2tJm32or-UmSpfMFo_jCn_JD1xFw=1E9i9K2reDg@mail.gmail.com> <54F57CD9.2000707@gmail.com> <54F5AF25.7000303@qeng-ho.org> <20150303141633.c38bdc7b.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 3, 2015 at 5:16 AM, Polytropon <freebsd@edvax.de> wrote: > On Tue, 03 Mar 2015 12:55:01 +0000, Arthur Chance wrote: > > As Bruce Schneier says, there's no such thing as perfect security, it > > all depends on what costs (in money, time, or effort) attacker and > > defender are prepared to pay. > > Also consider non-OS security in this context: A CCTV camera > monitoring the console, or a hardware keylogger that can be > examined for SUM logins and "passwd" command calls. This is > relatively easy with physical servers, but those which are > being accessed via network (and with some management solution > that let's you, for example, access the serial console via > IP) could benefit from a mechanism examining the network > traffic; but as soon as you have end-to-end encryption in > such a setup, it won't work... except it's weak crypto and > you have the sufficient means... > > FreeBSD can only offer a specific subset of solutions "out > of the box", and a versatile attacker will always find a way > to avoid those obstacles. > > > -- > Polytropon > Magdeburg, Germany > Happy FreeBSD user since 4.0 > Andra moi ennepe, Mousa, ... > _______________________________________________ > > If any one is in front of the console , he/she may use a boot CD/DVD/USB stick to boot a copy of the operating system , and do whatever wants to do . Thank you very much . Mehmet Erol Sanliturk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOgwaMvytBWdoprPNSuqKMnuX-w7-L_u1Wvg=kTH7nEDCjTjvw>