[COLUG] Network security / Live CD
William Yang
wyang at gcfn.net
Thu Jan 4 11:54:13 EST 2007
Mark Erbaugh wrote:
> If I set up a host and do not give the user full root access, I presume
> that I can keep certain files protected from the user.
>
> What happens if the user boots a 'live' CD.
About the same thing as happens if password protect the BIOS and the user
brings a screwdriver and resets the BIOS by shorting a jumper on the mobo.
> If this is a security risk, can it be handled by setting up the BIOS to
> not allow booting from CD and then password protecting the BIOS?
That's an inconvenience to the attacker, not particularly reliable form of
protection. The cold, hard fact is that if you can't control physical
access, you have to accept security risk.
The big issue here is whether it's *worth* trying to prevent misuse. A lot
of people will get worked up about exposures and risks... but what's needed
is to start thinking in terms of risk management and what risks are truly
acceptable. You can spend an infinite amount of effort and money trying to
secure assets if you're not careful.
In my mind, "secure" means you are prepared to deal adequately with the
consequences of things going wrong. That's an excellent IT model, because
it keeps costs down, while maximizing total value.
-Bill
--
William Yang
wyang at gcfn.net
More information about the colug432
mailing list