[Courses] [Security] Inside Attacks

jennyw jennyw at dangerousideas.com
Mon Mar 25 20:14:59 EST 2002


Wow, great story about TDW. I can't believe their security people
responded so slowly!

On Mon, 2002-03-25 at 12:33, Lorne Gutz wrote:
>     From the inside there is no way to
> prevent a determined person from breaking in.
> If you can reboot a system you can remove
> the root password.  Then the system is yours

There are way to secure a machine that people have physical access to
even without a physical lock.  For one thing, it really depends on what
you're trying to secure. If your goal is to secret information, then you
can use encryption. They can do damage to your system, but your files
would still be safe. You can also have a BIOS password in addition to a
screensaver. Of course, someone could remove the disk and stick it in
another machine, but it'd be a real hassle for them to do that. There
are probably other ways ... but hopefully you trust the people who have
physical access to your computer!

Jen




More information about the Courses mailing list