On Sun, 14 Mar 2010 22:54:55 +0100 Robert <info...@die-optimisten.net> wrote:
> Chris Bennett wrote: > > Matthias Kilian wrote: > >> On Sun, Mar 14, 2010 at 08:51:05PM +0100, Otto Moerbeek wrote: > >> > >>>>> ( http://geodsoft.com/howto/harden/OpenBSD/remove_files.htm ) > >>>>> > >>>> He forgot to remove sh(1), unvis(1) and chmod(1). > >>>> > >>> and getty(8), login(8), and /bsd > >>> > >> > >> Better remove the mainboard. That's way more secure and takes less > >> effort. > >> > >> Ciao, > >> Kili > >> > >> > >> > > You people have no sense of where security really lies at! > > If you don't remove the hard drive, there is no security at all! > > > > It seems that you haven't heard of ramdrives! > Rip out the memory! NOW! > tsk. tsk. tsk. It seems you've underestimated the threat of firmware based rootkits, so grab your desoldering station and get to work removing them. Oh, but there's also the potential of ROM based attack vectors, so you might as well remove those as well. And let's not forget "Reflections on Trusting Trust" where it's clearly stated that microcode bugs, intentional or otherwise, are nearly impossible to discover, so all IC's including your processor have to go. But still, due to the immense threat of Power Over Ethernet (PoE) and similar, just removing the power cords and BIOS battery are not enough, so you'll need to remove all potential sources of power, hence all external connections. Of course, to prevent re-installation of any of these dangerous components, be sure to encase the system in a few meters of concrete, but this is just the required "packing material" needed to transport the system to a secure location... The biggest threat is always physical security, and the only reliable way to make sure physical access is (reasonably) impossible is to put the system in the center of the Sun so it can no longer be accessed by mere mortals. Ahhh a totally secure system! ... DAMN! --Some advanced aliens just few into the Sun and p0wnd me. jcr
