*BSD News Article 24780


Return to BSD News archive

Newsgroups: comp.os.386bsd.questions
Path: sserve!newshost.anu.edu.au!munnari.oz.au!bunyip.cc.uq.oz.au!harbinger.cc.monash.edu.au!msuinfo!agate!tfs.com!zodiac.tfs.com!shipley
From: shipley@oak.dis.org (Peter Shipley)
Subject: Re: Security question
In-Reply-To: stever@csuohio.edu's message of Sat, 4 Dec 1993 06:57:00 GMT
Message-ID: <SHIPLEY.93Dec7131343@oak.dis.org>
Sender: usenet@tfs.com
Organization: Processed People for a Processed America
References: <2dodgn$s9s@bigboote.WPI.EDU> <1993Dec4.065700.11472@news.csuohio.edu>
Date: Tue, 7 Dec 1993 21:13:43 GMT
Lines: 30


In article <1993Dec4.065700.11472@news.csuohio.edu> stever@csuohio.edu (Steve Ratliff) writes:
>	   Basically, with the PC architecture you can't win.  Even if you
>   could prevent single user booting somebody could boot off a floppy and
>   do whatever they like.  The key point is that you have to ensure that 
>   nobody has physical access to the console.  You put the FreeBSD system
>   into a locked room and only allow access over the wire from for example
>   tecktronix Xwindow terminals in another room.  You could also setup
>   diskless bootp systems that nfs mount from a secured server.

All I can add is there is no such thing as a totaly secure system
but if you take enough precautions you should be fairly safe. 

If someone wants in they will get in (no matter what hardware/OS
you have) the trick is that you have to make it not worth it.

the three  bests ways to make it not worth it are:

	1) make it difficult to break in
	2) take away the "reward", that is dont make it tempting to
		illeagly access your system
	3) make the punichment to violating security suffent enough that
		the reprocautions for doing so out way the "rewards"


--
---------------
Pete Shipley:
email: shipley@berkeley.edu             Flames:  cimarron@postgres.berkeley.edu
Spelling corections: /dev/null          Quote: "Anger is an energy"