OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: ro hd
From: sigippWELLA.COM.BR
Date: Thu May 04 2000 - 12:12:17 CDT

Hi folks,

yes, i have already thought of a bootable floppy or a CDROM for the system.
Well, the floppy is good for booting, but not sufficient for the /bin, /sbin,
/usr/bin and /usr/sbin directories too. The extremely slow booting time would
not be such a problem, cause it would occure only once. The CDROM would be
better, but have two disadvantages. First it is still slower than a hard disk.
Second the system upgrade would not be extremely environment-friendly. And iīd
prefere a ro hd too for the simple key-switching enabling/disabling of the write
protection. Disabling the write protection would depend on the physical access
to the computer and the availability of such a key (or enough time to open the
box). O.k., this would not protect against a real local physical attack, but it
would protect against local "accidents" ("oh, this floppy was really of
importance?" is much easier than "oh, i really should not have opened the
server?"). And it would really protect against remotely altering something.

Yes, i know that a ro hd would not prevent beeing hacked. But it would make it
impossible to for example leave a backdoor. At least the protection against
leaving a backdoor would be 100%. And you could be shure that your other
security configurations would be intact even if you have been hacked. You could
always trust the write-protected part of your installation. Occasionally this
could be very valuable.

Even using tools like tripwire could not offer that level of security. It could
show altered parts (i.e. parts you canīt trust anymore), but it cant protect
against altering. It "only" offers detection of such manipulations.

Greetings
Siegfried Gipp