Re: Reset root password

From: Rick Moen (rick_at_linuxmafia.com)
Date: 05/24/05 

Date: Mon, 23 May 2005 20:26:42 -0400

Menno Duursma <pan@desktop.lan> wrote:

> It's as much about securing a job possition and staying out of
> discussions in meetings (which are expensive and tiresome) as it is
> about systems security. Basically the same deal as with putting up
> firewalls in many cases. Just get a FireWall-1 becouse the Johnsons
> are certified and they have one ...

Ah. Thank you for clarifying. I honestly hadn't followed your point.

> Well if users in some department go out of thier way to try and
> circumvent such a password, there may be an open question as to why
> they would... Maybe the company policy has luser accounts locked down
> to a state unworkable for them? (I.e.: engineering may need to have
> sudo privs, which get logd.)

Oh yes. A familiar syndrome.

But what I was saying is that it seems odd that one would need to
password protect BIOS Setup passwords merely to establish as policy that
cracking root is not allowed. Why would it not suffice, in that regard,
to just establish as policy that cracking root _itself_ isn't allowed?

> Nope. I'm saying the password should be known (or readily accessible)
> by computing service personnel.

Well, I was talking about cases where it wasn't -- and where the
malefactor blandly justified his action as "necessary for security" --
because he'd skim-read some security articles advising him that
"securing the console" of his unattended, publicly reachable Linux
workstation was a good idea.

You might comment that the firm suffered a fundamental procedural
problem. I'd agree -- and add that much worse things were also broken,
but this one happened to annoy me considerably at the time.

Relevant Pages

  • Fwd: Oh Dear, Where to start?!
    ... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...
    (Security-Basics)
  • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
    ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
    (Firewall-Wizards)
  • RE: Cant set Local Security policies. They fail to save
    ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    (microsoft.public.windows.server.sbs)
  • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
    ... The report you cite is CheckPoint originated and deals with older NetScreen ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ...
    (Firewall-Wizards)
  • Re: No Shut Down or Restart for Domain Admins
    ... run rsop.msc from your DC and check which policy is responsible to this. ... I have created a group policy in a development network and imported it ... NT AUTHORITY\Authenticated Users Read (from Security Filtering) No ... Enforce user logon restrictions Enabled ...
    (microsoft.public.windows.server.active_directory)
Quantcast