Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!xlink.net!fauern!rrze.uni-erlangen.de!late.e-technik.uni-erlangen.de!eilts
From: eilts@late.e-technik.uni-erlangen.de (Hinrich Eilts)
Newsgroups: comp.os.386bsd.questions
Subject: Re: Security question
Date: Mon, 6 Dec 1993 09:19:26 GMT
Organization: LATE, Uni-Erlangen, Germany
Message-ID: <2duteuEig7@uni-erlangen.de>
References: <2dodgn$s9s@bigboote.WPI.EDU> <1993Dec4.065700.11472@news.csuohio.edu> <CGD.93Dec3232517@eden.CS.Berkeley.EDU>
NNTP-Posting-Host: late4.e-technik.uni-erlangen.de
Lines: 26
cgd@eden.CS.Berkeley.EDU (Chris G. Demetriou) writes:
>you have to do the following to make a PC secure:
> (1) jumper the turbo and reset switches, so that users can't
> change their settings
> (2) have the power supply set up so that it's always on.
> (i.e. remove the switch)
> (3) seal the case in some way so that users can't phyically
> open it.
> (4) set your bios to boot off of c: before a:
> (5) set the bios passwd, so users can't change it.
> (6) adjust the boot block so that it doesn't accept input
> regarding boot device and the debugging flag
> (7) set up init so that single-user boots are 'secure' (man ttys
> for more info).
(8) lock SCSI-bus
to (2): there are plugs, fuses, ..., also
to (8): it's only neccessary if your kernel allows booting from an
(external) SCSI-device.
But, of course, there is (x), the unknown ...
--
Bye | G i b D O S |
Hinrich Eilts | k e i n e |
(e-mail: eilts@late.e-technik.uni-erlangen.de) | C h a n c e ! |