[plug] Root password

Bernd Felsche bernie at innovative.iinet.net.au
Fri Nov 12 17:49:54 WST 2004


Ben Jensz <plug at jensz.id.au> writes:

>Adam Hewitt wrote:

>> None of this prevents someone from taking the hard drive out and 
>> putting it into another machine...And if the arguement here is that 
>> "amateur's" wouldn't know how to do that, then you may as well just 
>> not boot directly into X, because an amateur wont know what the hell 
>> to do with a command prompt.

>If someone unauthorized can get physical access to the machine, then 
>you've lost already.  If you're storing highly sensitive information on 
>a machine (i.e. information that is highly valuable), then you obviously 
>need to take appropriate measures to physically secure the machine as 
>well, not just from software based attacks.

Use at least a crypto filesystem for sensitive data.

If somebody steals the machine and moves the drive onto a machine
under their control, they're still going to have to expend a great
deal of effort to "crack" the password.

A level of obfuscation can be added by changing the partition table
so as to "remove" the crypto filesystem from the drive. If it's the
last partition, then you may also be able to hack the meta-
information in the drive, reducing its capacity to be at the end of
the last "clear" partition... That's just obfuscation; prevents
casual snooping at most.
-- 
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ /  ASCII ribbon campaign | I'm a .signature virus!
 X   against HTML mail     | Copy me into your ~/.signature
/ \  and postings          | to help me spread!




More information about the plug mailing list