RE: security scenario

["Trevor Cushen" <Trevor.Cushen () sysnet ie>]

What about this for a cat amoung the pigeons!!!

Physical security is in place, root access is via console only (all
previously discussed)

A user can gain access via the lan (as part of their job) and places
netcat (which is most likely already there on most Linux installs
anyway).  They then schedule overnight a dd of the system disk to a disk
in their machine over the network (very easy to do)  What priviledges do
they need??  I must check this but I have a feeling they will have
access to /dev files and also the /bin files where netcat and dd are (or
/sbin).

Now they can bring the newly cloned disk home and in their own time
brute force root passwords, or boot via CDROM to by-pass the password
and gain access to data.

Very much possible and infact quite easy to do (I use it for forensics
investigations where I can't shutdown the machine), clone a machine over
a network connection.

Your physical server room security is useless and also your root at
console only security.  Your bios passwords are useless here too as is
your grub password.

The point I am making here is that you have to match the solution to the
environment so there will never be a true solution for all because all
environments are different.

Trevor Cushen
Sysnet Ltd

www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499



-----Original Message-----
From: theog [mailto:theog () theog org] 
Sent: 31 January 2003 00:23
To: Chris Berry; security-basics () securityfocus com
Subject: Re: security scenario


Well , I think that instead of dealing with how many layers one can
install (and taking the time to install them) it is better (IMHO) to
invest the time in making the important layers secure. having more
layers won't increase your security level if you spent all the time in
installing those same layers , whatmore , you have more then CDROM and
Floppy to boot with (USB dev , etc...). I wouldnt use a grub password ,
or a bios password , as forgeting those , will cause more harm then the
security benefit they provide ,writing them down or putting weak
passwords is simply not worth the trouble .


TheOg

----- Original Message -----
From: "Chris Berry" <compjma () hotmail com>
To: <security-basics () securityfocus com>
Sent: Wednesday, January 29, 2003 9:44 PM
Subject: Re: security scenario


> > From: "theog" <theog () theog org>
> > I agree , in my opinion , if someone got to the machine's keyboard , 
> > be it phisically or via a remote console device , he can do virtually

> > anything, in fact, the simplest thing to do (if I wanted to change 
> > the root for a machine I dont have the password for) is to boot with 
> > a linux cd , mount the root partition , then do chroot , and passwd ,

> > so ..... no point is having a grub password for the machine if you 
> > have users you dont trust , with access to that machine console.
>
> Physical access will yield root access given time, knowledge, and 
> tools. That said, I still disagree, security is not one thing, it is a
compilation
> of little things that add up.  No one is hack proof, but by adding 
> layer after layer of complications for the attacker, you make yourself

> an uninviting target, and become hack resistant.  You have to draw the

> line somewhere or your administrative burden will grow greater than 
> you can handle, but I believe that a grub password (or requiring root 
> password for single user mode) would be a good idea as it's easy to 
> setup and maintain, but makes things a little more difficult for the 
> attacker (not to mention curious employees messing with things they 
> shouldn't be).  I also think
bios
> passwords are a good idea, sure any monkey who can open the case can 
> pop
the
> battery and reset it, but that's one more step they have to do, and 
> around most workplaces you'll get quite a bit of unwanted attention if

> you start taking your computer apart and you don't work in IT.  On top

> of this, removing the CD-ROM drive and Floppy drive from any 
> workstation that
doesn't
> require it, is a good idea as it slows them down even further, and
requires
> more knowledge, and some parts to bypass.  With these three things in
place
> they'll need a screwdriver, a linux cd, a cd-rom drive, enough 
> knowledge
to
> open the case install the cd-rom, set the jumpers on cd-rom and IDE, 
> reset the cmos, then boot up and use their linux cd to bypass your 
> grub
password.
> Can it be done sure, is it hard, not really for a trained person, I 
> could probably do it in under 20 minutes, but how many people have 
> that level of training, and can get unobserved access to the machine 
> for that long? Personally I feel that would stop anything but a 
> determined and knowledgeable attacker who has time and physical 
> access.  If you have good physical security (locks, alarms etc.) that 
> makes it even harder.  If someome is determined enough to get through 
> all that there isn't any way you're going to stop him anyways, but I 
> consider that a much lower order
of
> probability than the kind of people who could get in without having 
> those three precautions.
>
> Chris Berry
> compjma () hotmail com
> Systems Administrator
> JM Associates
>
> "For Sys Admins paranoia isn't a mental health problem, its a 
> marketable
job
> skill."
>
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
> http://join.msn.com/?page=features/junkmail



**************************************************************************************

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie

**************************************************************************************