Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Root password change

From: gboyce <gboyce () badbelly com>
Date: Fri, 31 Mar 2006 13:02:09 -0500 (EST)

On Fri, 31 Mar 2006, Valdis.Kletnieks () vt edu wrote:


On Fri, 31 Mar 2006 12:33:28 EST, gboyce said:

In which case the person needs to remove the hard drive, and put it into a
different system for the modifications (or mirroring).


Time constraints.  The amount of time needed to pop in a disk and hit reboot
is (or should be, in this case) a lot shorter than the amount of time it takes
to pull a rack-mount box out and pop the lid and play with the drives.

And if your server has a lockable faceplate like most Dell rack-mounts, that
can add a lot to the challenge right there (as it stops any quick "snarf a
hot-swap drive and run" scheme).


For the most part, if an attacker has physical access to the hardware
itself, you just lose.


Almost, but not quite right.  If the attacker has physical access *for long enough*,
you lose.


I wasn't quite clear enough I think.
By "Physical Access to the hardware", I meant unencoumbered physical access. If a system is in a locked rack, safe, or has a locking case then it is indeed much more difficult.
Good point about the time though. Even an unlocked rack mount server without hot swappable drives will take some time to unrack and disassemble in order to ge the drives out and back in again. 

--
Greg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: