|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Single user modes appears to be a bit dangerous.
I was just able to recover my forgotten username and password credentials by using single user mode. What would stop an unauthorized employee who has physical access to my router from doing the same thing??? It was way too easy to do that. Does OpenBSD not protect against such a possible attack vector?
|
|
||||
It is pretty simple, so that is a good question.
I am not sure what others will say for answers, but where I used to work , the owner of the business had the router, and modems in a cabinet, that was locked,.. Quote:
Do you leave cash in you desk drawer, ? What would stop unauthorized persons from just opening the drawer and taking the cash ? Most people keep things like that locked. Similar, the "automated teller" machines for banks, they all have a computer inside,..obviously they do not give unauthorized people physical access to that. How ever, if and when something goes wrong, a technician , that is authorized and has the key, can open it up and make any repairs necessary.
__________________
My best friends are parrots |
|
|||
If somebody has physical access to hardware, by default there is nothing set up to protect data on most systems (Windows, Gnu/Linux, OpenBSD), except passwords by hashing function. Of course legitimate user can use encryption (Bitlocker, LUKS/dm-crypt, softraid-based crypto) to protect data, but it is not done by default.
Adversary can reinstall OS anyway, whether data is encrypted or not. Adversary with enough resources can also try "Evil maid" attack. As a measure against using malicious bootloader implanted by adversary one could use bootloader on separate, physically-secured memory such as pendrive in your pocket, but even this is not perfectly safe.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
|||
Quote:
Furthermore, in regards to single usermode, is there a way to disable it? I have no need for such a feature, should I forget my password again, I'll just re-install. Thank-you. |
|
||||
Full Disk Encryption is also in the FAQ: http://www.openbsd.org/faq/faq14.html#softraid |
|
|||
And are, no doubt, not easily accessed by hoi polloi.
|
|
|||
I meant to say boot partition
|
|
||||
I guess one could use the Bios Boot Selector to first boot a live CD or USB stick (which never leaves one's possession), and this could (optionally check and) restore the MBR and any other critical unencrypted sectors to what they should be. Then reboot. This assumes the BIOS itself is ok.
|
|
||||
Good question. The local servers have the physical security of a locked home.
The remote server, however, is in the "cloud" and runs in a virtual machine provided by a remote service provider. This is worth discussing. It is as vulnerable as any other guest VM running anywhere. I cannot control physical access, I cannot control access to data flowing through and in the VM. Adding FDE requires intervention for every reboot, and I perceive it would add little security benefit for me if I were to add it. In that environment it would only protect data at rest -- and that is vulnerable because the keys are in kernel memory. |
|
|||
Quote:
Example: https://www.cs.unc.edu/~reiter/papers/2012/CCS.pdf Quote:
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
This is the most dangerous time for our planet - Stephen Hawking | J65nko | Off-Topic | 10 | 23rd July 2017 11:17 AM |
Open source licences: the GPL appears to be declining | J65nko | News | 0 | 20th December 2011 08:10 AM |
Single and Multi User Mode Logging | chicago | OpenBSD General | 2 | 13th May 2011 06:51 PM |
OpenBSD + BCM4312 [it appears that its BCM4315] | marc | OpenBSD Installation and Upgrading | 22 | 14th March 2009 05:10 PM |
The Internet is a dangerous place | jggimi | Off-Topic | 20 | 22nd June 2008 04:42 AM |