Date: Tue, 3 Mar 2015 14:16:33 +0100 From: Polytropon <freebsd@edvax.de> To: Arthur Chance <freebsd@qeng-ho.org> Cc: fluxwatcher@gmail.com, freebsd-questions@freebsd.org Subject: Re: Check root password changes done via single user mode Message-ID: <20150303141633.c38bdc7b.freebsd@edvax.de> In-Reply-To: <54F5AF25.7000303@qeng-ho.org> References: <54F56A83.3000404@gmail.com> <CA%2ByaQw_3JJ2tJm32or-UmSpfMFo_jCn_JD1xFw=1E9i9K2reDg@mail.gmail.com> <54F57CD9.2000707@gmail.com> <54F5AF25.7000303@qeng-ho.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 03 Mar 2015 12:55:01 +0000, Arthur Chance wrote: > As Bruce Schneier says, there's no such thing as perfect security, it > all depends on what costs (in money, time, or effort) attacker and > defender are prepared to pay. Also consider non-OS security in this context: A CCTV camera monitoring the console, or a hardware keylogger that can be examined for SUM logins and "passwd" command calls. This is relatively easy with physical servers, but those which are being accessed via network (and with some management solution that let's you, for example, access the serial console via IP) could benefit from a mechanism examining the network traffic; but as soon as you have end-to-end encryption in such a setup, it won't work... except it's weak crypto and you have the sufficient means... FreeBSD can only offer a specific subset of solutions "out of the box", and a versatile attacker will always find a way to avoid those obstacles. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150303141633.c38bdc7b.freebsd>