Re: Reset root password

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 05/22/05 

Date: Sat, 21 May 2005 21:12:53 -0500

In article <1116678422.947909.17740@g43g2000cwa.googlegroups.com>,
muxaul@lenta.ru wrote:

[Please learn to quote for context.]

>I agree with both statements.

Which were? I think you mean't

>huge@ukmisc.org.uk (Huge) wrote:
>
>>muxaul@lenta.ru writes:
>>>I would argue that there are ways to strengthen security
>> ^
>>You forgot the word "minimally".

Actually, it can be a good bit more than "minimally"

>>>even in case users have physical access to the machine.
>>
>>You're better off preventing physical access in the first place.

>The second idea is not always easy to implement, is it?
>Imagine a university lab ... ;-)

1. Remove floppy and CD drives - users can't bring in removable media,
which makes installing windoze virus/trojans and *nix rootkits much
harder.
2. Boot loader restricted and password protected. Same for BIOS.
3. Students save files to a central file server, which are running 'quotas'.
4. The case of the computers is physically locked, and the computers and
monitors are secured by security cables.
5. Internet access _severely_ restricted - FTP/web access to proxy server
only
6. Students guilty of transgressions loose computer privileges. This
probably means they fail the course - and perhaps the quarter/semester.
Second offenders are expelled.

Not fool proof (fools are constantly discovering new ways to be a more
complete fool), but also more than 'minimally' strengthened. And this is
not just for education facilities - I know a number of companies that have
essentially the same setup, except for step 6. Instead, they may simply be
fired.

        Old guy

Relevant Pages

  • Re: Richard heathfields C programming article
    ... I was going through Mr "Richard heathfields" site, ... Some people think C has no role to play in the modern programming ... Even people who never go near a computer terminal are constantly using devices that have small computers embedded in them that the user is probably unaware of, and those embedded computers are often running programs written in C, or at least in a variant of C. ... My father is a technophobe who probably doesn't even know what C is; but I don't think that makes him a fool - he's fairly wise in many ways that have nothing to do with computers. ...
    (comp.lang.c)
  • Re: Why Corporate America uses PCs and not Mac
    ... 200,000 employees. ... any fool knows that (but as we all know "Dark" just isn't any fool. ... Windows computers in general, but that's another story). ...
    (comp.sys.mac.advocacy)
  • Re: Why Corporate America uses PCs and not Mac
    ... 200,000 employees. ... any fool knows that (but as we all know "Dark" just isn't any fool. ... Windows computers in general, but that's another story). ...
    (comp.sys.mac.advocacy)
  • Re: How to enable "There are 1 user(s) connected to your computer..." warning?
    ... Why don't you make one of the machines a central file server. ... > all drives are shared to all computers with no password (there is no ... > connection to the internet). ... > how do I enable this warning... ...
    (microsoft.public.security)
  • Re: Number: Its Origin and Evolution
    ... > language processing by computers> ... >>If what you are saying is that you can think up clever sentences ... > will fool the system, computer or human, you are right. ...
    (sci.bio.evolution)
Quantcast