LinuxSA Mailing list archives

  From: Brad J <bjones@rebel.net.au>
  To  : linuxsa@linuxsa.org.au
  Date: Wed, 15 Sep 1999 10:24:21 +0930

Re: Linux Console Security

----- Original Message -----
From: <anto@hups.apana.org.au>
To: Phil Pittard <vk5ham@seol.net.au>
Cc: <linuxsa@linuxsa.org.au>
Sent: Tuesday, September 14, 1999 9:27 AM
Subject: Re: Linux Console Security


> On Mon, Sep 13, 1999 at 08:33:17PM +0930, Phil Pittard wrote:
>
> > ONLY IF the PC has NO floppy drive otherwise it is still at risk!
>
> No Only if the floppy drive is enabled for boot, if not then a floppy
> drive being present in the machine is as useful to an attacker as you
> having a mouse attached.

As pointed out  in previous posts
1.you can reboot and turn the floppy back on,
2. if its password protected it has been pointed that there are numerous
bios passwd utils, also pointed out some motherboards have default passwords
or keybord squences to bypass them.

>
> > > At this point you have secured the OS to the point that someone has to
> > remove the Hard drive
> > >  to get access to your system and we get back to physical security.
> > >
> > Again....ONLY IF the linux box  is a)LILO password protected AND b) has
> > the floppy drive removed (which IMHO is a wise move!)
>
> I would disagree, Floppy drives can be quite useful BUT you must manage
the
> security risk they entail. I would strongly recommend that unless you have
> a good reason to make your floppy drive bootable (or any other media for
> that matter) that you disable it in the bios.


see above ;)

Brad

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject