|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: securing the boot process (again?!?)
From: Alex Popa (razor
ldc.ro)Date: Tue Jul 04 2000 - 05:27:21 CDT
- Next message: Troy Arie Cobb: "RE: securing the boot process (again?!?)"
- Previous message: Andrey V. Sokolov: "Forward to next hop in ipf"
- Next in thread: Troy Arie Cobb: "RE: securing the boot process (again?!?)"
- Maybe reply: Alex Popa: "Re: securing the boot process (again?!?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jul 03, 2000 at 08:43:38PM -0700, Dan O'Connor wrote:
> >> Doesn't your computer have a BIOS password? These are typically invoked
> >> *before* the BIOS tries to boot off any disk...
> >
> >Unfortunately BIOS passwords can be disabled on the motherboard in a matter
> >of minutes (for most motherboards that I know of). Even Dell laptops
> (don't
> >know about their desktops/servers) have a master password that Dell will
> give
> >you if you call them, provided you give them some details first.
>
> Looks like there's not really much you can do if you can't physically secure
> the machine.
>
> Even all the other tricks, boot only from hard drive, setting the delay to
> '0', are pointless if someone can get inside the hardware case, change
> jumpers, get into the BIOS and turn on boot from floppy and then boot from a
> floppy. On the other hand, if someone has the opportunity to do all that,
> they might as well just steal the whole box...
>
> Moral of the story: either secure the machine in a location where malicious
> users can't get to it or take the consequences.
>
Okay, my mistake: by "public access machine" I meant users have access
to the fromt panel of the PC (so they can use the floppy drive) and a
keyboard and monitor, but *NOT* the inside of the case (the case is
sort of buried in a wall). And the problem I had was (apart from booting
an evil kernel installed on /tmp) that by setting the floppy drive to
"none" in the BIOS the kernel (4.0-STABLE) canot use floppies after
booting.
I do have a BIOS password, and of what I've heard there is no other
way of bypassing it except for the jumpers on the motherboard
(impossible, see above).
------------+------------------------------------------
Alex Popa, |There never was a good war or a bad peace
razorldc.ro| -- B. Franklin
------------+------------------------------------------
"It took the computing power of three C-64s to fly to the Moon.
It takes a 486 to run Windows 95. Something is wrong here."
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Troy Arie Cobb: "RE: securing the boot process (again?!?)"
- Previous message: Andrey V. Sokolov: "Forward to next hop in ipf"
- Next in thread: Troy Arie Cobb: "RE: securing the boot process (again?!?)"
- Maybe reply: Alex Popa: "Re: securing the boot process (again?!?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]