Shaun Savage wrote: > Even though Linux is not totally secure, it is an order of magnitude > better than any MSwindows product. Buy using SELinux, (which is free) > or WireX (which is good), a person can improve security where socal > engineering is the only fesible way. While I appreciate the praise, neither Immunix nor SELinux provide security against physical access. The problem is below the operating system, in the BIOS: by default, the hardware/BIOS looks at removable media (floppy, CD, DVD) ahead of looking at the hard drive to boot from. To 0wn the machine, just insert a malicious disk and reboot. > Open Source Linux Rules Linux, security-enhanced or not, is subject to the same threat. To prevent this attack, while also offering physical access (i.e. in a public kiosk or a school lab) you have to physically block the removable media. For instance, you remove the CD and floppy drives from the machine, and then encase the whole box in a locked cabinet so the attacker can't install their own drives. Protecting a home PC from your kids is flat out impossible. If it still is important to have this protection, get a door lock. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:45:30 PST