securing FreeBSD
perikillo
perikillo at gmail.com
Wed Jul 13 14:38:28 GMT 2005
>On 7/13/05, Greg Barniskis <nalists at scls.lib.wi.us> wrote:
> alexandre.delay at free.fr wrote:
> > hi guys
> >
> > I would like to secure my FreeBSD server.
> > I don't want anyone to be able to access to the disk using a bootable CD (or by
> > setting the actual hdd to secondary and plug an other primary hdd).
> >
> > I just don't want anyone to be able to hack this box nor any password.
> >
> > Do you have a solution?
>
> Securing a platform against a determined attacker who can put their
> hands on the physical hardware is a significant challenge for any
> OS. To protect against the type of attack you describe, encrypting
> all disk content (or at least the sensitive parts) is probably the
> only effective thing you can do, short of sealing the whole thing
> inside some other physically protected environment.
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/disks-encrypting.html
>
> Short of that, you could use a case with a trigger mechanism that
> informs the BIOS that the case has been opened, so that a warning is
> emitted at boot time re: physical security has been violated. Of
> course, that doesn't prevent intrusion, it just tells you that it
> occurred (and then, only if the intruder doesn't also violate your
> BIOS security and simply reset the "case has been opened" bits).
>
> --
> Greg Barniskis, Computer Systems Integrator
> South Central Library System (SCLS)
> Library Interchange Network (LINK)
> <gregb at scls.lib.wi.us>, (608) 266-6348
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
Plus, use google: +hardening freebsd.
More information about the freebsd-questions
mailing list