Results 1 to 10 of 10
Imagine if the attacker has your hardware in hand. He can perform an offline attack, and can easy change root password to control the system. How can we prevent this ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-01-2006 #1
- Join Date
- Dec 2006
Offline attack in Linux
How can we prevent this ?
Please give some ideas!
- 12-01-2006 #2
Anyone who works in IT Security will tell you that physical seurity is paramount. To be honest there is pretty much no way of preventing your system from being compomised if the attacker has physical access. The only way around this is to prevent that access.
- 12-01-2006 #3
Originally Posted by bigtomrodney
- Join Date
- Dec 2006
And I heard some another way to prevent this but at the time of reading I didn't care about them so now i can't remember what they are. But i'm sure that there is a way to prevent changing the root password ( and what we care about it is how effective it is ).
Any other ideas ?
- 12-01-2006 #4
You can encrypt partitions, but in order to boot some part of the system needs to be unencrypted. Your initrd for example. So this exposes your system at early points to potential violation. There are lots of measures like this you can take, but bear in mind in order to use the system you need to be able to decrypt it, which would be available at some point of the boot process.
Protecting the system is as important as protecting your data as it can be used to access that data.
- 12-01-2006 #5
Right, there's always *some* way to break into a system, but you can make it as hard as possible by working with your filesystem a bit. I think a recent version of the 2.6 kernel (or is it the next version?) has support for an encryption layer that's layered on top of an existing filesystem (like ext3), so you can encrypt all the important files (there are fully encrypted filesystems, but AFAIK everything is encrypted so performance takes a hit). Also, I think with certain filesystems you can mark files as unchangeable or undeletable. Of course, an attacker could get around this last one by using a live CD with a custom-built kernel with the relevant code removed, but again, that makes it a lot harder to break in.
I think that's one of the uses of a TPM, actually. While its other uses are pretty scary, the one useful one I can think of is secure booting, where the TPM refuses to let the computer boot unless the bootloader can present the correct key. Yeah, someone could hack the TPM chip, but if it's embedded in the processor it would be almost impossible.I have sold my soul to the penguin
- 12-03-2006 #6
- Join Date
- Apr 2004
I'm going to agree with burntfuse that there is always some way to break into a system, the game is about making it more expensive (money, time, lackeys getting minced) to break the system than the attacker's resources.
Personally I have no faith in a TPM. It'll be an extra step, but a determined attacker will have it apart in no time. I'll hedge my bets a little once the TPM is an intergrated part of the CPU, but I still wouldn't trust it.
I read a paper by two guys from Cambridge University talking about tamper resistance and how difficult it is. http://www.cl.cam.ac.uk/~rja14/tamper.html. I found the most interesting bit to be the arming mechanisims for nuclear weapons.
For myself, I'm looking at using a smartcard that can perfom encryption on the card, but really I'm only protecting against a lost laptop and a key on a usb stick would cover that. Anyone actively looking to get my data can use a big-stick analysis of my soft bits to recover my passwords.
The sensible answer is partition encryption and a procedure for keeping the key seperate without being either a huge hassle or causing it to be lost along with the computer. Biometrics fill this role neatly however someone has had their finger cut off by car thieves http://www.schneier.com/blog/archive...y_risks_2.html so consider situations where you may want to concede your key in order to keep yourself intact.
I remember reading somewhere about IBM developing tech to communicate over skin and forming networks when people shake hands. I thought at the time about how that could be used to make a mouse/watch combo that identified the watch when the user used the mouse.
The silly answer is a big electromagnet that is wired to a case switch and bolted to the hard disk that will mangle the disk for several minutes under its own power.
Chris...To be good, you must first be bad. "Newbie" is a rank, not a slight.
- 12-03-2006 #7How can we prevent this ?
- 12-03-2006 #8
kakariko: Thanks for the link, that's a really interesting article.I have sold my soul to the penguin
- 04-05-2007 #9
- Join Date
- Jan 2007
can u suggets me some kind of network attaks
This is for project only
- 04-05-2007 #10Originally Posted by sauravpn
- Homework Questions
This thread had already served it's purpose so I am now closing it. Please read the forum rules, link is in my signature.