Integrity checking NANOBSD images
Jonathan M Bresler
jmb at bresler.org
Tue Jul 11 21:22:42 UTC 2006
> >A switch like on those 1.44'' floppy discs would be good...
> >But then software/OS updates would require physical access to the box...
>
> For this app, the problem is that there might indeed be physical
> tampering with the box despite some reasonable efforts to lock it up.
If the box is subject to tampering and not in a tamper-proof container,
then it may be impossible to know whether or not the device has been
tampered with or modified.
seems to me that it would be possible to replace the device with one that
emulates its behavior or rather intercepts connections (using the same ssh
keys copied from the device) and relays the data on to the device,
relaying responses back to you, all the while copying the cleartext data
stream to another device.
perhaps, you might consider setting it up so that if the box is opened the
flash is zapped.
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list