Date: Wed, 13 Jul 2005 07:38:23 -0700 From: perikillo <perikillo@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: securing FreeBSD Message-ID: <51d7a5160507130738fa78f4e@mail.gmail.com> In-Reply-To: <42D51732.4080106@scls.lib.wi.us> References: <1121252743.42d4f587ada2c@imp4-q.free.fr> <42D51732.4080106@scls.lib.wi.us>
next in thread | previous in thread | raw e-mail | index | archive | help
>On 7/13/05, Greg Barniskis <nalists@scls.lib.wi.us> wrote: > alexandre.delay@free.fr wrote: > > hi guys > > > > I would like to secure my FreeBSD server. > > I don't want anyone to be able to access to the disk using a bootable C= D (or by > > setting the actual hdd to secondary and plug an other primary hdd). > > > > I just don't want anyone to be able to hack this box nor any password. > > > > Do you have a solution? >=20 > Securing a platform against a determined attacker who can put their > hands on the physical hardware is a significant challenge for any > OS. To protect against the type of attack you describe, encrypting > all disk content (or at least the sensitive parts) is probably the > only effective thing you can do, short of sealing the whole thing > inside some other physically protected environment. >=20 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encryptin= g.html >=20 > Short of that, you could use a case with a trigger mechanism that > informs the BIOS that the case has been opened, so that a warning is > emitted at boot time re: physical security has been violated. Of > course, that doesn't prevent intrusion, it just tells you that it > occurred (and then, only if the intruder doesn't also violate your > BIOS security and simply reset the "case has been opened" bits). >=20 > -- > Greg Barniskis, Computer Systems Integrator > South Central Library System (SCLS) > Library Interchange Network (LINK) > <gregb at scls.lib.wi.us>, (608) 266-6348 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >=20 Plus, use google: +hardening freebsd.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51d7a5160507130738fa78f4e>