[KLUG Advocacy] Re: linux security

[Mike Williams]

>
>
>From: Adam Tauno Williams <adam at morrison-ind.com>
>Subject: RE: [KLUG Advocacy] Re: linux security
>
>Nah, they just changed the Administrator account password, and then put
>the old value back.  You'd never know.  The format of the SAM is known,
>boot up without that pesky OS in the way and it is all just blocks on a
>platter - move them around at will.
>  
>
Windows 2000 and above has an Encrypted File System option that is 
supposed to protect you from this.  The actual data on the drive is 
encrypted, so you can't read it without the key which is (I think) 
supposed to be stored on a physically secured server.  If memory serves, 
this server is not connected to the network, and the only way to recover 
an encryption key if it gets lost is with a floppy that you lock in the 
safe unless it's being used.  I studied it a while back, though, and I 
think I concluded that the data is too easy to recover in the case of 
screwup, therefore not very secure.

>*NO* operating system can make a device that can be physically accessed
>secure.  You need something built-in way down in the metal if you want
>both security AND physical access: a large crypt key on a USB stick that
>the disk controller uses to encrypt/decrypt block I/O operations to a
>disk - and then when you go away you take the USB stick with you - thus
>'breaking' the system so it cannot work.
>
>  
>
This is an inherent problem, like you said.  Encryption and security are 
handled buy the operating system, and if you have physical access to the 
machine, especially the system hard drive, you can read it without the 
operating system.  The Windows SAM format is probably not published, but 
nothing is all that hard to reverse engineer, and it's been done. 

Eggheads at places like Intel and Microsoft are working on some scary 
techniques (Palladium, Trusted Computing Initiative, etc) that will 
implement security at the hardware level.  This is the next step, if 
they can manage to do it right and not just make it impossible for you 
to play your mp3 collection without checking with Big Brother.  It is 
also possible to "lock" some hard drives so that it doesn't even appear 
to the BIOS until a particular code is sent to unlock it.  If you lose 
that code you're truly screwed!  An xbox does this, not that that has 
kept them from being hacked.  It just slows the hacker down a bit.

>Applications can of course encrypt their data, which may or may not be
>secure depending upon how they do it.  But an OS needs to be able to
>boot so they can't be secure without making it a pain for the user - for
>instance you can set a secret on a KDC's principal store - but you need
>to enter/load that secret everytime you restart the KDC (reboot the
>computer), but this is rarely done since it is a REAL PITA.
>
The inherent problem:  the more secure a system is, the less convenient 
it is.  It's not a completely linear relationship, but you can't make 
something more secure without increasing the possibility that you'll end 
up locking yourself out.


-------  Random quote of the day
I have this recurring dream...
Me too. Does yours involve Michelle Pfeiffer and a carton of Cool Whip?
-Gabrielle Enwar, Michael J. Fox: For Love or Money
----