[KLUG Advocacy] Re: linux security
Mike Williams
knightperson at zuzax.com
Thu Feb 3 13:54:57 EST 2005
>
>
>From: Adam Tauno Williams <adam at morrison-ind.com>
>Subject: RE: [KLUG Advocacy] Re: linux security
>
>Nah, they just changed the Administrator account password, and then put
>the old value back. You'd never know. The format of the SAM is known,
>boot up without that pesky OS in the way and it is all just blocks on a
>platter - move them around at will.
>
>
Windows 2000 and above has an Encrypted File System option that is
supposed to protect you from this. The actual data on the drive is
encrypted, so you can't read it without the key which is (I think)
supposed to be stored on a physically secured server. If memory serves,
this server is not connected to the network, and the only way to recover
an encryption key if it gets lost is with a floppy that you lock in the
safe unless it's being used. I studied it a while back, though, and I
think I concluded that the data is too easy to recover in the case of
screwup, therefore not very secure.
>*NO* operating system can make a device that can be physically accessed
>secure. You need something built-in way down in the metal if you want
>both security AND physical access: a large crypt key on a USB stick that
>the disk controller uses to encrypt/decrypt block I/O operations to a
>disk - and then when you go away you take the USB stick with you - thus
>'breaking' the system so it cannot work.
>
>
>
This is an inherent problem, like you said. Encryption and security are
handled buy the operating system, and if you have physical access to the
machine, especially the system hard drive, you can read it without the
operating system. The Windows SAM format is probably not published, but
nothing is all that hard to reverse engineer, and it's been done.
Eggheads at places like Intel and Microsoft are working on some scary
techniques (Palladium, Trusted Computing Initiative, etc) that will
implement security at the hardware level. This is the next step, if
they can manage to do it right and not just make it impossible for you
to play your mp3 collection without checking with Big Brother. It is
also possible to "lock" some hard drives so that it doesn't even appear
to the BIOS until a particular code is sent to unlock it. If you lose
that code you're truly screwed! An xbox does this, not that that has
kept them from being hacked. It just slows the hacker down a bit.
>Applications can of course encrypt their data, which may or may not be
>secure depending upon how they do it. But an OS needs to be able to
>boot so they can't be secure without making it a pain for the user - for
>instance you can set a secret on a KDC's principal store - but you need
>to enter/load that secret everytime you restart the KDC (reboot the
>computer), but this is rarely done since it is a REAL PITA.
>
The inherent problem: the more secure a system is, the less convenient
it is. It's not a completely linear relationship, but you can't make
something more secure without increasing the possibility that you'll end
up locking yourself out.
------- Random quote of the day
I have this recurring dream...
Me too. Does yours involve Michelle Pfeiffer and a carton of Cool Whip?
-Gabrielle Enwar, Michael J. Fox: For Love or Money
----
More information about the Advocacy
mailing list