[ILUG] Hard Disk Protection in Live CD Boot Ups
Paul O'Malley - gnu's not unix -
ompaul at eircom.net
Tue Jan 13 23:52:11 GMT 2009
Kuda Dube wrote:
> Hi,
>
> It is possible to modify a harddisk-based Linux configuration during
> Live CD bootup session, e.g., today when I lost sudoer entry for my
> Ubuntu account, I used a live CD to re-instate it (... no clue how the
> entry disappeared!). If I want to ensure that no one can change my
> configuration files using live CDs, how can I do this? I know this
> ability is useful but it is also dangerous.
>
> Regards
> ---
> Kuda
>
bios password, grub password and hard drive encryption, in some cases a
key and locking arrangement to block access to the disk --- however ask
yourself this
what can you actually prevent if the attacker has physical access
if an attacker has physical access they can disable the bios
(or pay a company to do so if you paid enough money for the bios ;-))
format your hard drive
take one screwdriver to the machine, remove the offending parts and
install new ones
game over
the real question is this:
what are you trying to protect against, why, and what is the cost to
benefit ratio?
to put it another way
disk encryption fails when you forget the password - not if
one day you will get mixed up not a lot just a little and that is too much
a secret is not a secret when three people know it
More information about the ILUG
mailing list