Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 23 Nov 2006 08:24:03 -0500
From:      Bill Moran <wmoran@collaborativefusion.com>
To:        VeeJay <maanjee@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Password Security
Message-ID:  <20061123082403.b8afea32.wmoran@collaborativefusion.com>
In-Reply-To: <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com>
References:  <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> <200611230914.kAN9E2GW065034@banyan.cs.ait.ac.th> <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Thu, 23 Nov 2006 10:45:19 +0100
VeeJay <maanjee@gmail.com> wrote:

> On 11/23/06, Olivier Nicole <on@cs.ait.ac.th> wrote:
> >
> > > And how can one into the System by booting from a CD if it still
> > > requires the Password even in Single User mode?
> >
> > Booting from CD, floppy or hard disk is slected at BIOS level.
> >
> > Booting in single or multi user mode is at Operating system level.
> >
> > Booting is in the following order:
> >
> > 1) BIOS select what medium to boot from
> >
> > 2) the operating system boot from the selected medium
> >
> > So when it comes to the Single user password, itis already at stage 2)
> > it has passed the stage 1 (booting from hard disk ofr CD) without
> > password.
> >
> > Olivier
> >
> 
> So, it means, that I should take the following steps
> 
> 1. Password on BIOS
> 2. Change the order of booting i.e. When system is installed and working
> once, then I just the change the Booting FIRST from HardDisk.
> 3. Put the password on Single User mode.
> 
> So, what more? Do you people think that I have got somehow security barrier
> for unauthorized access?

Physically _LOCK_ the server up.  Anyone who can get physical access to the
unit can remove the drive and access it from another machine, bypassing all
this stuff.

Another option is to encrypt the hard drives, but this will require you (or
someone else) to enter the password for the encrypted drives every time the
system boots up, so it's generally a maintenance nightmare.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20061123082403.b8afea32.wmoran>