Re: [SLE] Root password - is it THAT simple to alter it?
Rich wrote:
james.knott@rogers.com wrote:
Yes. The first line of security, is physical security. Even without changing the password, it's easy to boot a rescue disk and access the files. The same applies to Windows etc. Even a password protected computer won't help, as a hard drive can easily be moved to another computer. The only way around this is to use encryption or prevent physical access to your computer.
I'm trying to figure out how to use a smart card, along with PAM-USB to secure access to my PC.
There were a couple of articles in Linux Journal recently, about using encrypted file systems. The second article descriped booting from a USB pen drive and having the entire hard drive encrypted.
James Knott wrote:
encrypted file systems. The second article descriped booting from a USB pen drive and having the entire hard drive encrypted.
when you install suse it asks "do you want an encrypted file system" this is very secure, as long as you don't share your passwd, I think only State secret service or hudge company could afford to break. the main drawback is... that you may loose or forget your pass... and in case of something preventing the computer to boot... one may be obliged to reinstall. So backups, and secure them in a Safe :-( jdd -- pour m'écrire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr
jdd sur free wrote:
James Knott wrote:
encrypted file systems. The second article descriped booting from a USB pen drive and having the entire hard drive encrypted.
when you install suse it asks "do you want an encrypted file system"
this is very secure, as long as you don't share your passwd, I think only State secret service or hudge company could afford to break.
the main drawback is... that you may loose or forget your pass... and in case of something preventing the computer to boot... one may be obliged to reinstall. So backups, and secure them in a Safe :-(
You can have encrypted file systems, however that will still leave some parts of the system exposed. In the second article, the point was that the entire hard drive is encrypted and only accessable with the USB drive. Which ever method is appropriate, depends on your needs.
On Fri, 2005-08-26 at 18:14, James Knott wrote:
jdd sur free wrote:
James Knott wrote:
encrypted file systems. The second article descriped booting from a USB pen drive and having the entire hard drive encrypted.
when you install suse it asks "do you want an encrypted file system"
this is very secure, as long as you don't share your passwd, I think only State secret service or hudge company could afford to break.
the main drawback is... that you may loose or forget your pass... and in case of something preventing the computer to boot... one may be obliged to reinstall. So backups, and secure them in a Safe :-(
You can have encrypted file systems, however that will still leave some parts of the system exposed. In the second article, the point was that the entire hard drive is encrypted and only accessable with the USB drive. Which ever method is appropriate, depends on your needs.
As mentioned on the list BIOS passwords is only a small delay Encrypt the root file system and use a different encrypted /home partition. (don't trust the sysadmin/unix-support department) Other option, boot only from removable media. (and remove it when you're done) Like /boot on a USB-stick with fingerprint. Backup's should also be encrypted, if the content is sensitive. I'm not shure about linux, but i thought bsd supported hardware encryption. Finally, one might think about using smartcards for blocking access: Either for specific directories, or preventing booting (like acer notebooks) You CAN make it secure, but it takes some effort... At the other end of the spectrum you can keep auto-logon enabled, with only the root-user defined ;-)) You can put a lock on your frontdoor, but if you leave the key for everybody in the keyhole, it's useless. Hans
Friday 26 Aug 2005 21:37 samaye jdd sur free alekhiit:
when you install suse it asks "do you want an encrypted file system"
When I install which version of SuSE? Parce que I didn't get this on 9.3. -- (o- Penguin #395953 lives at http://samvit.org //\ subsisting on ancient Indian wisdom ... V_/_ and modern computing efficiency! :)
Shriramana Sharma wrote:
Friday 26 Aug 2005 21:37 samaye jdd sur free alekhiit:
when you install suse it asks "do you want an encrypted file system"
When I install which version of SuSE? Parce que I didn't get this on 9.3.
It's there. When you create a partition, there's a check box, for encrypting it. You can also create an encrypted container file, which can act as a partition.
participants (4)
-
Hans Witvliet -
James Knott -
jdd sur free -
Shriramana Sharma