You aren't completely powerless against the threat of physical attacks on your computer. The following are some of the steps you can take to protect yourself:
Remove removable media. If a computer has no floppy drive, no Zip drive, no CD-ROM drive, no tape backup drive, and so on, it will be difficult for an intruder to either boot the computer from anything other than its hard disk or walk out with data on a removable disk. Of course, an intruder could bring a hard disk for booting, but that would require opening the computer's case, thus slowing down the operation. Short of removing the drives, you can buy special locks that make them accessible only when the user has a key.
Restrict BIOS boot options. Most BIOSes include options to enable and disable particular boot media. If your computer must have removable media, you can set the BIOS to boot only from the hard disk. This will slow down an intruder, but these settings can be easily changed, so this measure has a noticeable security impact only if used in conjunction with the use of BIOS passwords (discussed next). This measure may still be worthwhile as a protection against viruses, however, some of which are transmitted on floppies. Although these viruses can't infect Linux, a few can damage LILO and render a system unbootable.
Use BIOS passwords. Most BIOSes have an option to set a password that must be entered before the system will boot or before BIOS settings can be changed. Setting this can go a long way toward preventing tampering, but it's not perfect. Motherboard BIOSes can be reset by modifying a jumper setting, so an intruder who can open the case can overcome this measure.
Use a LILO password. If a boot image includes the option password = pass, LILO will only boot that image if the user enters the password (pass). If the boot image also includes the restricted keyword, LILO only applies this password rule if the user tries to issue any boot parameters, such as single, which normally boots the system into a singleuser mode.
Secure the computer. To prevent tampering with the insides of a computer, you can replace the normal screws used on most computer cases with screws that require special tools. Check with a locksmith or hardware store for such screws. You can also buy a hinge with a lock, if you need heavy-duty case security. Many computer shops sell kits that consist of chains and additional hardware to secure a computer to a desk or wall in order to deter outright theft of the entire computer.
Secure the room. Locks on the doors can go a long way towards keeping a computer secure. If an intruder can't touch the computer, the intruder can't do any of the other nasty things I've been describing. You may need to secure windows, as well—or better yet, place the computer in a room that doesn't have windows. Don't just install the locks, but be sure to use them, too.
Use data encryption. Assuming that an intruder can gain physical access to the computer, the best protection may not be a lock or a BIOS setting; it may be data encryption. Many applications provide some way to encrypt data. Some of these schemes are good, but some aren't. There are also separate programs that can encrypt any data file. In mid-2001, no standard Linux filesystem supports automatic data encryption, but this feature may arrive in the future. There's also a tool that lets you add automatic encryption to files through a loopback device. Check http:// www.linuxdoc.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html for details.
The bottom line is that no security is perfect. You'll have to judge just how much security you need. In some environments, with some systems, you might be content to lock the door. In others, you may need to take extreme measures, up to and including routinely encrypting your data files.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.