[techtalk] Physical security example

Kai MacTane kmactane at GothPunk.com
Tue May 15 19:01:34 EST 2001 

At 5/15/01 06:38 PM , coldfire wrote:
> > Just a note about physical security.. keep in mind.. if your physical
>security plans aren't realistic... you may end up creating a worse
>situation.. ie. lets take a door where you have to use 10diffrent
>bio-scans to get into the facility.. and people have to do it
>constantly.. how long do you think it'll take before people start
>"holding the door open" to strangers or leaving it propped open and the
>like?
>
>this is always .. *always* an issue.

Yes. If security measures become inconvenient for the people who have to 
use them every day, they *will* be bypassed.

>and as for physical access?  there's nothing to really stop anyone from
>comprimising the box after obtaining physical access.  bios passwords,
>lilo passwords, ... they can all be bypassed given physical access.  it
>would take time, granted, but it is possible.

If I'm a really hostile attacker (I mean, we're talking real corporate 
espionage here, for example) and I've got physical access to your machine, 
just give me a screwdriver. In fifteen minutes (tops!), I'll have your hard 
drive out and in my pocket.

Oh, you put heavy-duty locks on the case? Fine. Give me some heavy-duty 
bolt cutters, and jump the time estimate by maybe thirty seconds.

OTOH, for most everyday purposes, such levels of paranoia are simply not 
necessary. Take the situation with my servers:

One is serving HTTP, FTP, POP3, SMTP, DNS, and SSH for about a half-dozen 
domains (generally social/cultural; these aren't businesses, except for one 
non-profit magazine). The other is a mixture of firewall and file/MP3 
server for my house. They both sit in my kitchen, with basically no special 
security on them. (There's only one keyboard/monitor set, but I wouldn't 
really consider having to switch the console to the other box to be 
"security".) Theoretically, anyone in the house can just walk up to 
whichever machine has the monitor and keyboard plugged in at the moment and 
have instant console access. (Indeed, I've actually sat a couple of friends 
down at the console when it was convenient.)

However, there are five people living in my house, and we keep varying 
schedules. We don't generally have people over who we think might be 
hostile in the first place -- heck, at least half our friends are on one or 
more mailing lists hosted out of the multi-domain machine. People who visit 
our house have no earthly reason to screw with our servers. And we just 
aren't in the habit of inviting icky people over.

the point of all this? Sometimes, you don't need to consider what the worst 
possibility is; you just need to consider what will actually be going on 
under real-world conditions. Sure, there's a half-dozen sysadmin friends 
who come over on a regular basis who *could*, the next time I leave them 
unattended in the kitchen for five minutes, stick a boot floppy in the 
drive, smack Ctrl-Alt-Del twice, and quickly change my root password to 
whatever they wanted.

But I know that none of them even _want_ to. In many ways, relying on 
people's complete lack of desire to harm your system can be a much stronger 
security method than locking the whole thing up in a steel safe.

                                                 --Kai MacTane
----------------------------------------------------------------------
"Soft and only you, lost and only you,
  Strange as angels."
                                                 --The Cure,
                                                  "Just Like Heaven"

More information about the Techtalk mailing list