Just out of curiousity...
 

If someone were physically sitting at my machine and didn't know any passwords, couldn't they gain access to the entire file system simply by booting a live cd and mounting the drives? Maybe its a stupid question but I'm still pretty new to linux and it seems like a live cd is basically a loaded gun that will give anyone with it complete access to any linux box.

Yes. Unless your drive was encrypted.

yeah, that's right

pretty dangerous, huh? :)

but if you encrypt your drive, then they can't without an actual password.

-----------------------
Which is different from a person with physical access to your computer how? Or a live CD while you are running any other operating system -- how? Encryption MIGHT help, but if I have access to your computer, I copy it and crack the encryption as the worst case scenario, which is different on an encrypted disk from XP or Vista how?

Also let's not forget good old single user mode? why do you need a live CD when you can just change the root password using single user mode? It takes alot to secure a computer when you are looking at physical access, it's possible but really really hard.

not terribly hard. just encrypt your drive (medium difficulty), put a password on your bios as well as your boot loader (easy), physically lock the machine down with a heavy duty combination lock and chain it to a hefty metal desk (and get a real lock&chain, not that garbage from kensington).

So the only way to keep anything important totally safe is store it on a flash drive.

Encrypting a drive still isn't really a needed step, that's something you do if you aren't the admin/root and want to secure your data... however I think you hit on the key I was noting, to hide away the machine is what I was thinking, so that the machine itself can't be accessed, say looked in a locked big metal case or something... then just supply a power button (grab one from an old/disused computer or something) and an External CD/DVD drive that is configured in bios to not be a boot device, of course you password grub :).

If you keep the flash drive on you and never forget it... ever then yes I suppose that would be the safest way.

long story short it doesn't matter what kind of computer you have if someone has phisical access to it they can do anything they want to it. even if your drive is encrypted they can crack it. why do you think they have data centers with armed gaurds? why do you think you need a key to start my computer? (not that this would help if someone took it with them but it's a deterent.)

Edit:
no a flash drive isn't that safe. they get misplaced all the time; I'm alwways hearing about ones with clasified government stuff on them turning up. not to mention that it's almost impossible to totaly erase something from flash there are ways to resurect your data even if you thought it was gone.

"All I need to get everything is ... physical access to the hardware, and a gun." :eek:

My system runs with a LUKS encrypted lvm setup, with a good strong pass phrase. The reason for this is not that I'm some paranoid tin-foil hat wearing nutter that thinks the government is out to get him, but that I had a burglary a few years back and my PC was taken. Cracking encryption requires a non-trivial amount of computing time. Now I'm under no illusions that the authorities could muster the resources necessary if they really wanted to take an interest in me (though they'd probably just get out the rubber hose), but if encryption stops the average idiot burglar from rummaging around my harddisk after stealing my PC then: mission accomplished!

No that's no different from having it on your hard drive - you'd need to ensure that the flash drive is physically secure too. If by 'safe' you mean your data is not accessible to unauthorised people you need to encrypt it.

True if your only goal is to stop the casual burglar from going through your files then this will work, but just setting a login password would probably acomplish the same goal. the casual burglar just wants to resell your computer not get at your data. If someone wants to get at your data don't kid yourself it isn't safe. 'non-trivial amount of computing time' how many homemade supercomputing clusters are out there? (I've built 2 myself) how many of these do you think were built just to crack various types of encryption codes? there are crackers out there with as much or more computing power then the government. if they have a reason to be interested in your data and get your drive, you're screwed. if you just want to stop a casual thief: get better locks and a home security system. thieves go after what will give them the most benefit for the least amount of effort/risk. it's just like the old saying 'I don't have to outrun the bear, I just have to outrun you.'

And you know this how exactly?

If I've been able to build 2 clusters out of spare parts with $0 buget and use them for mathimaticly intensive aplications such as 3d rendering and re-encoding mpeg2 video ;) What do you think someone with better skills and a bigger buget could build? I know that clusters have been used to bruteforce crack WPA much faster then a single box. with todays cheap and powerful hardware, some Linux skills and the ability to code custom apps in c++ or something similar the only limit to how powerful a computer you can build is your buget. I know that their are criminals with a lot more money then me, and plenty with more computer skills then me. If I can do something I have no doubt they can do it better and faster then me. and as has been proven time and time again the us government is usualy the least efficent way to get anything done; most things they could do for millions of dollars could be done much, much cheaper if your properly motivated.