you can by a REAL server eg Compaq server line which can be locked completely and only unlocked by a license disk or a bootpasswd On 19-May-99 Marek Habersack wrote: > * Koyote said: > >> >so that root password, or some other verification system is required, >> >before a reinstall is permitted. It is true that compromising a >> system >> >this way requires unfettered access to the box. However as Linux is >> >used more and more in commercial environments this issue will need to >> be >> >addressed. >> >> >> If you think about it- this is no different than windows: power off, >> insert cdrom or disk one and power on. >> >> I don't think that there is any good answer for this. Workarounds >> abound, for the paranoid: you can wire a hidden switch that must be >> reset by hand after a power off (uses a small electromagnet to >> maintain on status) that controlls power to all drives. >> You can lock the computer, so that no one can get to the drives. >> You can setup a computer that is not bootable from cdrom, and remove >> the floppy drive (install it when you need to do a full >> install.)...(and no, I have no idea how to make the cdrom unbootable >> on a linux pc. I'll learn sooner or later.) > If one wants to go through so much trouble istead of disallowing physical > access, he can spend several $ to buy a device which requires a magnetic, or > chip card to gain access to any device in the machine. The chip cards use a > one-time password scheme to prevent password spoofing - I think DEC sells > such devices, but don't quote me. Such device has one disadvantage - the > server won't reboot on its own when anthing fails - it will wait till > someone with enough privilege comes and inserts the chip card to finish the > reboot process. It can be overcome by using a watchdog hardware card which > would be connected in such a way, that the security system would allow > full system reboot ONLY if initialized by the watchdog hardwar. But still, > it's much less security than putting the server away from anybody's hands. > > >> If someone wants to workaround these safety features, they can >> just dismount your hdd and leave, anyway. > Exactly. > >> If you are talking about having a password resident in your boot >> sector or some such soft password, I just come in and boot a floppy >> that deletes it before loading your system. Sort of. > One-time passwords can help. > > regards, > marek
---------------------------------- E-Mail: Rune Linding Raun <[EMAIL PROTECTED]> Date: 19-May-99 Time: 16:00:15 This message was sent by XFMail ----------------------------------
