From owner-freebsd-questions@FreeBSD.ORG Thu Nov 23 13:24:06 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 70BB616A412 for ; Thu, 23 Nov 2006 13:24:06 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id B86A743D49 for ; Thu, 23 Nov 2006 13:23:30 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from working (c-71-60-174-60.hsd1.pa.comcast.net [71.60.174.60]) (AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Thu, 23 Nov 2006 08:24:04 -0500 id 000564E8.4565A0F4.00008F69 Date: Thu, 23 Nov 2006 08:24:03 -0500 From: Bill Moran To: VeeJay Message-Id: <20061123082403.b8afea32.wmoran@collaborativefusion.com> In-Reply-To: <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> <200611230914.kAN9E2GW065034@banyan.cs.ait.ac.th> <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com> Organization: Collaborative Fusion Inc. X-Mailer: Sylpheed version 2.2.9 (GTK+ 2.10.6; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Password Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 13:24:06 -0000 On Thu, 23 Nov 2006 10:45:19 +0100 VeeJay wrote: > On 11/23/06, Olivier Nicole wrote: > > > > > And how can one into the System by booting from a CD if it still > > > requires the Password even in Single User mode? > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > Booting in single or multi user mode is at Operating system level. > > > > Booting is in the following order: > > > > 1) BIOS select what medium to boot from > > > > 2) the operating system boot from the selected medium > > > > So when it comes to the Single user password, itis already at stage 2) > > it has passed the stage 1 (booting from hard disk ofr CD) without > > password. > > > > Olivier > > > > So, it means, that I should take the following steps > > 1. Password on BIOS > 2. Change the order of booting i.e. When system is installed and working > once, then I just the change the Booting FIRST from HardDisk. > 3. Put the password on Single User mode. > > So, what more? Do you people think that I have got somehow security barrier > for unauthorized access? Physically _LOCK_ the server up. Anyone who can get physical access to the unit can remove the drive and access it from another machine, bypassing all this stuff. Another option is to encrypt the hard drives, but this will require you (or someone else) to enter the password for the encrypted drives every time the system boots up, so it's generally a maintenance nightmare.