Re: [Full-disclosure] Root password change

From: gboyce <gboyce@xxxxxxxxxxxx>
Date: Fri, 31 Mar 2006 13:02:09 -0500 (EST)

On Fri, 31 Mar 2006, Valdis.Kletnieks@xxxxxx wrote:

On Fri, 31 Mar 2006 12:33:28 EST, gboyce said:
In which case the person needs to remove the hard drive, and put it into a
different system for the modifications (or mirroring).

Time constraints. The amount of time needed to pop in a disk and hit reboot
is (or should be, in this case) a lot shorter than the amount of time it takes
to pull a rack-mount box out and pop the lid and play with the drives.

And if your server has a lockable faceplate like most Dell rack-mounts, that
can add a lot to the challenge right there (as it stops any quick "snarf a
hot-swap drive and run" scheme).

For the most part, if an attacker has physical access to the hardware
itself, you just lose.

Almost, but not quite right. If the attacker has physical access *for long enough*,
you lose.

I wasn't quite clear enough I think.

By "Physical Access to the hardware", I meant unencoumbered physical access. If a system is in a locked rack, safe, or has a locking case then it is indeed much more difficult.

Good point about the time though. Even an unlocked rack mount server without hot swappable drives will take some time to unrack and disassemble in order to ge the drives out and back in again.

--
Greg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Root password change
  - From: Mockbee, Tom
- Re: [Full-disclosure] Root password change
  - From: Michael Holstein
- Re: [Full-disclosure] Root password change
  - From: spam
- Re: [Full-disclosure] Root password change
  - From: Kerry Thompson
- Re: [Full-disclosure] Root password change
  - From: Gary E. Miller
- Re: [Full-disclosure] Root password change
  - From: Michael Holstein
- Re: [Full-disclosure] Root password change
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Root password change
  - From: gboyce
- Re: [Full-disclosure] Root password change
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Root password change
Next by Date: [Full-disclosure] RSA HAVE CRACKED PHISHING, NO SERIOUSLY
Previous by thread: Re: [Full-disclosure] Root password change
Next by thread: RE: [Full-disclosure] Strange interactions between tunnelling and SMBunder the proprietary Microsoft Windows environment
Index(es):
- Date
- Thread

Relevant Pages

Re: [fw-wiz] Securing a Linux Firewall
... >access said boxes. ... longer or more difficult physical access paths mean longer ... This in turn means that an evildoer can accomplish more ... I guess if you're only worried about old 4/690s using IPI drives, ...
(Firewall-Wizards)
Re: CD-ROM & Floppy Drives Dont Work
... Have you checked the Device Manager? ... yourself have physical access to the machine? ... the drives as "new hardware" and reinstall them with the ... | Both my CD and Floppy Drives aren't working. ...
(microsoft.public.windowsxp.hardware)
Re: Securing Documents when getting repairs
... Physical access beats five aces. ... a d4mn about your so-called security settings. ... restricted to floppy drives, AND doesn't care about security settings. ... I dunno - I don't know what repair shop ...
(alt.computer.security)
Re: Linux, BSD, and Unix are fundamentally insecure.
... >> can not be accessed if you have physical access to the machine and are able ... Some PCs can boot off USB drives. ... Really good chances ...
(comp.unix.bsd.openbsd.misc)
Re: Linux, BSD, and Unix are fundamentally insecure.
... >> can not be accessed if you have physical access to the machine and are able ... Some PCs can boot off USB drives. ... Really good chances ...
(comp.unix.bsd.freebsd.misc)