12/17/2023 0 Comments Disk formatter![]() ![]() On the other hand, as Orum said above: A whole series of doorknobs, when taken together, might make an attacker waste so much time that they decide to go elsewhere. Having a password for single-user mode is "doorknob security": It makes it look more secure, but anyone who knows can just turn the door knob. Such systems also tend to be very gnarly to administer: if something goes wrong, where do you get the key from? And how do you store the key so it is more secure than the system itself? In high-end installations, that's done by having key managers (like Kerberos servers) in physically secure places, typically welded steel cages around racks. That is, however, a huge hassle, and key management for such systems is very very difficult. If you want security of the data at rest on the disk drive, you really need to go to encryption (for example with self-encrypting drives). For anything other than crazy military systems, that's impractical. Yes, it is possible to put in physical measures that prevent access to the disk drive. That means that person also has the capability of using a screwdriver, physically removing the boot disk, connecting it to another computer, and reading and modifying all the data. That's simply because the keyboard and video cable are typically pretty short. In most cases, a person who has access to the physical console (meaning keyboard and screen) also has access to the server itself. When security concerns exist, perform hardening tailored to the threat model - but please don't assume/expect that everybody else's circumstances align with yours. ![]() Changing the balance to make it both harder to penetrate or recover a system when console access is a concern (and assuming steps have been taken to secure the chain of components that bootstrap the kernel to get to that point) ought to be possible but not a default - securelevel is another example where we expect a system administrator to enable it only when ready and aware of the potential consequences - which go much further than recoverability. ![]() And I've been in the position of needing to recover a system to which I didn't have the root password. Demanding credentials requires a quite a bit more to be intact, with little scope for selecting alternatives. There's clearly a tradeoff here between security (although there exist a myraid of threat models in which an operating system is deployed) and power to recover a badly-damaged installation. Do you have any suggestions of what is the problem? Below is the error message I keep getting. I have some security ideas to offer to FreeBSD programmers which would make BSD more hack-proof.įor some reason when I load the Single User mode it keeps trying to reconnect my Mouse, and this keeps repeating about every thirty seconds. I do also know of other vulnerabilities with UNIX as I had successfully hacked into my High School Computer System which was a UNIX version called "QNX". This type of physical security risk for the Hard Drive is not a problem in a regular household setting. I do realize that you can read / copy a Hard Disk via Software - how do you think I recovered my Windows XP Files after suffering the 'Bluescreen horror' last December? I just brought it to a local Computer place. A shared Computer setting is where a lack of a Password would pose a problem. It would be better if the default setting were 'insecure' in order to ensure that BSD users' Computers are secure in households where there are family members sharing a Computer. ![]() In criticizing this Password situation I'm not thinking in terms of my own Computer situation as I live alone. Your recommended change did work in restoring the Password for Single User mode - thanks again. I should have checked the '/etc/ttys' File before making my last Post. I can only enter the system as a 'single user', and I cannot edit the 'fstab' File which is declared read-only. I added the FreeBSD Slice 'ada1s2a' to the '/etc/fstab' File, and it has screwed-up my boot sequence! It causes an unrecognized file system error (Error 3), and I cannot log in under 'root'. I had to format the Partition / Slice with Windows XP. It had assigned it a Windows Drive Letter, but did not recognize it as NTFS. Is gpart supposed to format the Drive when adding Slices / Partitions? My Windows XP recognized the 'ntfs' Partition / Slice as unformatted. You have to use the MBR Scheme in order to create the 'ntfs' Type, and you cannot use the '-l LABEL' Argument with the MBR Scheme which also returns an error. The gpart create Command does not allow the Microsoft 'ntfs' Type to be used with the GPT Partition Scheme, and it returns an invalid argument error. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |