|
 |
Warp wrote:
> Darren New <dne### [at] san rrcom> wrote:
>> Warp wrote:
>>> Resetting the root password from local console is not a security hole.
>>> It's regular maintenance. It's by design.
>
>> Possibly, depending on how you think about it. It certainly makes for
>> insecure personal desktop computers in a corporate environment, for
>> example.
>
> I was mainly talking from the point of view of the owner of the
> computer, which is naturally also its administrator.
Right. And I was pointing out that resetting the root password from the
local console is indeed a security hole if the owner of the computer
isn't the one sitting at the console. Makes sense?
> It would, quite naturally, not make too much sense that if you forgot
> the root password, you would be completely stuck and the computer would
> become completely unmaintainable. There must, of course, be some way of
> resetting the root password (given that you have direct physical access
> to the computer). It's just common sense.
Sure. But preserve all the data of everyone on the machine when
resetting the password is less secure than resetting the password by
wiping out all data on the machine.
> Security of the data is not the same as security of the system.
> If someone can hack into your computer and delete all your encrypted
> files (or worse, replace them with something else without you noticing
> for a long time, perhaps messing up your backups), I wouldn't call that
> security.
Right.
> Accounts, access control, etc. are only good for remote access.
I disagree. If they're only good for remote access, why is there advice
that you shouldn't log in as root for everyday use?
> If someone has direct access to your computer, they serve only as a
> deterrent for the novice and a slowdown for the expert. There's little
> stopping the user from eg. booting from a linux installation disk and
> wiping out the contents of the HDs.
Again, you're making a boolean description of security. The fact that
you can destroy the computer doesn't mean it's "insecure".
>> This would be factually incorrect also, unless you believe ...
>
> You mean some OS can stop someone from booting from a CD and wiping
> the HDs, for example?
No, but that's *more* secure than someone booting from a CD and reading
all your files. That's why they invented paper shredders.
I'd rather have my backup disks, when stolen by a thief, get wiped out
and sold as blank media than to have all my personal information
accessible to the thief. There's not too much you can do to keep the
disk from getting stolen, but you can keep the data from getting stolen.
> If someone has direct physical access to the computer, it is insecure.
Well, in some senses of the word, it's insecure. In other senses, it
isn't. If I boot Vista and I need to put a USB frob in to decrypt the
boot partition, the machine is significantly more secure than if I'm
running Win98, even if neither machine is plugged into a network at all.
> Remote access can be made much more secure.
No question there. Remote access prevents a number of attacks. But that
doesn't mean local access must or even should allow all attacks.
--
Darren New / San Diego, CA, USA (PST)
Remember the good old days, when we
used to complain about cryptography
being export-restricted?
Post a reply to this message
|
|
