securing FreeBSD
Greg Barniskis
nalists at scls.lib.wi.us
Wed Jul 13 13:32:05 GMT 2005
alexandre.delay at free.fr wrote:
> hi guys
>
> I would like to secure my FreeBSD server.
> I don't want anyone to be able to access to the disk using a bootable CD (or by
> setting the actual hdd to secondary and plug an other primary hdd).
>
> I just don't want anyone to be able to hack this box nor any password.
>
> Do you have a solution?
Securing a platform against a determined attacker who can put their
hands on the physical hardware is a significant challenge for any
OS. To protect against the type of attack you describe, encrypting
all disk content (or at least the sensitive parts) is probably the
only effective thing you can do, short of sealing the whole thing
inside some other physically protected environment.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
Short of that, you could use a case with a trigger mechanism that
informs the BIOS that the case has been opened, so that a warning is
emitted at boot time re: physical security has been violated. Of
course, that doesn't prevent intrusion, it just tells you that it
occurred (and then, only if the intruder doesn't also violate your
BIOS security and simply reset the "case has been opened" bits).
--
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at scls.lib.wi.us>, (608) 266-6348
More information about the freebsd-questions
mailing list