Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I tried knoppix and to my supprise I became root on my harddisk and got access to the hole system (mandrake 9.1). Intressted I tried it on my girlfriends computer since she still uses the other system and same there.
This must be a major problem in banks, big companies etc. Any employee can access all data within seconds just they got access to the hardware.
Encryption must de the anwser but does it take a lot of power? For me it does not matter since I work from home and like openness, no password here but I am intressted.
If you have access to the physical hardware, then most security precautions go out the window; it's nearly always possible to get root on a machine if you have physical access to it. In high-security situations you'd need another form of protection, like a hardware key or something. If you're interested in protecting the stuff on the disk, then yes, encryption would probably be the way to go.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Most companies worth their salt keep their important machines locked up in a datacenter with extravagant security measures (guards, cameras, electronic badges, man-traps, etc). Usually this is not a problem for servers, since they are kept in guarded and/or locked rooms or buildings.
What is a problem are the many workstations with network access and important files stored locally. Often companies try to protect these machines with case locks, BIOS passwords, etc but those can all be bypassed given enough time and determination.
I have no idea. I'm sure there are a lot of companies that are smart enough to protect themselves, but there are probably a lot of others that don't take those precautions.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
I usually vist 1 to 3 different companies per week (over the last year plus) and most of the time it's to install something in their server room. Trust me, every place I've been at least has locked doors between normal employees and the server room (even in very small organizations).
You can't boot a machine from anything other than the hard drive. The BIOS is password protected. The cases themselves are locked to prevent someone from trying to pop the CMOS battery. But as mentioned, if you have physical access....the servers are of course behind two sets of locked doors....I wouldn't be surprised if there are surv. cameras in those rooms....
I do remember in the military they always took the harddrive with them. There was an special docking system for the harddrive.
So I could get into a client and easily install a troyan and the get passwords etc. Seams to me one has to employ the rigth people from the boss to the cleaner.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well it's a tradeoff of money & effort vs. potential loss. Many times companies will choose to mitigate the risk rather than reduce the risk, i.e. they don't have their machines locked down so tightly that the cleaning crew couldn't get into them at night, but they do install video cameras in the office and keep the tapes for years. It won't prevent the cleaning crew from breaking into computers, but they'll be able to catch the culprit fast if they ever suspect anything, and maybe the review the tapes once a week or even every day?
The point is that not all security is technical measures, and the point of security isn't to make something unbreakable, it's to make the most effective use of resources to gain the best tradeoff.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.