Mon, 28 Jun 1999 16:06:51 +0200
Rich Derr <firstname.lastname@example.org> wrote:
> Think outside the box. An attacker can walk into your server
> room and walk out with your box without breaking root.
Werner Koch <email@example.com> replied:
> Sure, but I would install a trojan horse which has the advantage that
> nobody will notice it (in most cases). A missing machine (or disk)
> should be detected very soon (in most cases).
Hmm... I'd expect it to be pretty expensive to hire a criminal with
sufficient computer skills for this. It would be much cheaper to equip
an ordinary burglar with an external tape drive and a diskette which
contains a simple program to dump the entire hard disk contents onto the
tape drive. The burglar's intructions would simply be "plug in tape
drive, insert diskette, switch power on, then wait until computer beeps
twice, then deliver the tape drive (leaving the office exactly like it
was before). The burglar wouldn't even need to switch the monitor on
(reducing his risk of being noticed).
The kind of set-up which Rich Derr suggested (encrypted filesystems for
all filesystems with the exception of swap partitions, and making
sure that no sensitive data ever goes to the swap area) seems pretty
good to me, in the sense that it would significantly increase the cost
of getting at the secret files. Any trojan horse installed (e.g. by
tampering with the boot loader) without breaking the encryption key used
for those encrypted filesystems would be easy to detect. Hence the
attacker would need to use a TEMPEST attack or a keyboard bug in order
to obtain the filesystem encryption key.
May blessings from the eternal God surprise and overtake you!
Norbert Bollow, Coach http://thinkcoach.com Backup email: firstname.lastname@example.org