Re: [ISN] Securing the Nest

• Previous message: mea culpa: "[ISN] Privacy ad campaign to launch"
• Maybe in reply to: mea culpa: "[ISN] Securing the Nest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Reply From: //Stany <stany@zerkalo.istar.net>

> Forwarded From: Eric Budke <budke@budke.com>
> 
> [Just my two cents.  But any tiger team left to try whatever they want,
>  and can't get into a sun box, one should rethink the team.  Either the
>  article stretches the truth a little, or the "tiger team" didn't hear of
>  an external scsi drive and an install CD.  
>  (My experience is with Sun.  AIX I believe handles things similarly, HP I
>  don't know)	- Eric Budke]

The thing that might slow down the tiger team would be the PROM password,
more so, when full security is enabled.  They wouldn't be able to start up
a system off a non-default device, or at all without knowing the magic
word. 

But it is trivial to get rid of password.  If in medium security mode (ie
can only boot witout password) one has to replace the default start-up
drive with a working drive that one has root on.  After system booting up,
and one logging in as root, one has to use eeprom command to disable
security-mode.  

root@http.notbsd:/[15]# eeprom security-mode=none

It gets a wee bit hairy if the system is in full security mode. 
Essentially all one has to do is to obtain a compatible PROM chip (I have
done this in sun4m and sun4c systems) that doesn't have a password,
replace the PROM with the new chip, boot the system up to rom monitor, and
on a running system *carefully* swap the PROMs once again.  Then
set-defaults, reset, and voila! System is wide open for any physical
access "exploits" that once can think of. 

So I have to agree.  The Tiger Team as described is rather pathetic.

//Stany

-- 
+-----------------------------------------------------------------------------+
|         Stanislav N. Vardomskiy - Procurator Odiosus Ex Infernis[TM]        |
|        Sun hardware specialist and JOAT at large.  LARTing, no charge.      |
| Jolt!  For all the sugar and twice the caffeine.  I speak for myself only.  |
+-----------------------------------------------------------------------------+


-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

• Next message: mea culpa: "[ISN] Wardialer Goes Corporate"
• Previous message: mea culpa: "[ISN] Privacy ad campaign to launch"
• Maybe in reply to: mea culpa: "[ISN] Securing the Nest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:59 PDT