Physical Access

Perhaps the most serious threat is from a cracker who has physical access to a computer. Given such access, a few simple tools, and a few minutes alone, an intruder can open a computer and steal its hard disk, or even walk off with the entire computer. An intruder who wants to be a bit less obvious could reboot using a Linux emergency system, such as those described in Chapter 17, "Protecting Your System with Backups." Once the emergency system is booted, a cracker can copy otherwise protected data files or modify the system's configuration files to give the intruder remote root access in the future.

Physical access can also be an issue in storing backups and other removable media. Most backups are unencrypted, and ordinary file ownership and permissions are ineffective on backups. Likewise, these measures mean little on floppy disks, CD-Rs, and other removable media.

In order to guard against unauthorized physical access to a computer, you can take several steps, including:

Securing Building and Room Access Be sure the building in which the computer resides has adequate security, such as locks and alarm systems. The rooms in which sensitive computers reside need extra security, as well. Be sure that people who are authorized to be in the building or machine room understand the importance of security and don't give unauthorized individuals entry. Social engineers may pretend to have lost keys or use other ploys to gain physical access to a computer.

Installing Antitheft Devices You can obtain locks and chains with which to tie a computer to a desk or, better, to a wall or floor. These devices can slow down would-be thieves who want to walk off with an entire computer, but a well-prepared thief can probably cut through such devices. Nonetheless, they can be important deterrents, particularly for computers in public areas.

Installing Antitamper devices Most computer cases open easily once a handful of screws are removed. You can replace these screws with ones that require special tools, such as Torx-head screws, for a modest increase in security. Better yet, some computer antitamper devices can seal a case closed with a lock. As with antitheft devices, such measures aren't foolproof, but they can act as a deterrent or slow down an intruder long enough to increase the chance of detection.

Setting BIOS Options Modern Basic Input/Output Systems (BlOSes) include security options. One of these is a BIOS password, which you must enter before changing the BIOS settings. A second option is the boot order. To prevent an intruder from booting an emergency system, configure the computer to boot only from the hard disk. Most BlOSes include a virus-detection option that might spot viruses or other unauthorized code on the hard disk's boot sector; however, such options sometimes misidentify a Linux boot loader as a virus, making them worthless. A few other hardware components, such as some laptop hard disks, can also be password-protected.

Using Encryption The last resort against physical access is data encryption. If you use data encryption tools, an intruder can't do much with the encrypted data—at least, not without the decryption password or some way to bypass it.

Like most other security measures, physical access protections should be applied in layers. No one measure is foolproof, and even a combination of all physical access protections can be overcome, given enough effort. The real question isn't whether your system is secure, but whether it's secure enough. This assessment is somewhat subjective and depends upon your comfort level and the amount of time and money you're willing to invest in security, versus your perceived risk and the potential damage that might be done by a breach.

Team LIB

0 0

Post a comment