Find the answer to your Linux question:
Results 1 to 10 of 10
Imagine if the attacker has your hardware in hand. He can perform an offline attack, and can easy change root password to control the system. How can we prevent this ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2006
    Posts
    3

    Offline attack in Linux


    Imagine if the attacker has your hardware in hand. He can perform an offline attack, and can easy change root password to control the system.

    How can we prevent this ?
    Please give some ideas!

  2. #2
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    Anyone who works in IT Security will tell you that physical seurity is paramount. To be honest there is pretty much no way of preventing your system from being compomised if the attacker has physical access. The only way around this is to prevent that access.

  3. #3
    Just Joined!
    Join Date
    Dec 2006
    Posts
    3
    Quote Originally Posted by bigtomrodney
    To be honest there is pretty much no way of preventing your system from being compomised if the attacker has physical access.
    Sorry, but i don't agree with you. I've heard some ways to prevent offline attack, for example encrypt the hardisk with an encrypted file system or encrypt only some file you want and even some companies have developed some technologies that allow you encrypt and lock the computer using your fingerprint.

    And I heard some another way to prevent this but at the time of reading I didn't care about them so now i can't remember what they are. But i'm sure that there is a way to prevent changing the root password ( and what we care about it is how effective it is ).

    Any other ideas ?

  4. #4
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    You can encrypt partitions, but in order to boot some part of the system needs to be unencrypted. Your initrd for example. So this exposes your system at early points to potential violation. There are lots of measures like this you can take, but bear in mind in order to use the system you need to be able to decrypt it, which would be available at some point of the boot process.

    Protecting the system is as important as protecting your data as it can be used to access that data.

  5. #5
    Linux Newbie burntfuse's Avatar
    Join Date
    Nov 2006
    Location
    Laurel, MD
    Posts
    158
    Right, there's always *some* way to break into a system, but you can make it as hard as possible by working with your filesystem a bit. I think a recent version of the 2.6 kernel (or is it the next version?) has support for an encryption layer that's layered on top of an existing filesystem (like ext3), so you can encrypt all the important files (there are fully encrypted filesystems, but AFAIK everything is encrypted so performance takes a hit). Also, I think with certain filesystems you can mark files as unchangeable or undeletable. Of course, an attacker could get around this last one by using a live CD with a custom-built kernel with the relevant code removed, but again, that makes it a lot harder to break in.

    I think that's one of the uses of a TPM, actually. While its other uses are pretty scary, the one useful one I can think of is secure booting, where the TPM refuses to let the computer boot unless the bootloader can present the correct key. Yeah, someone could hack the TPM chip, but if it's embedded in the processor it would be almost impossible.
    I have sold my soul to the penguin

  6. #6
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    I'm going to agree with burntfuse that there is always some way to break into a system, the game is about making it more expensive (money, time, lackeys getting minced) to break the system than the attacker's resources.

    Personally I have no faith in a TPM. It'll be an extra step, but a determined attacker will have it apart in no time. I'll hedge my bets a little once the TPM is an intergrated part of the CPU, but I still wouldn't trust it.

    I read a paper by two guys from Cambridge University talking about tamper resistance and how difficult it is. http://www.cl.cam.ac.uk/~rja14/tamper.html. I found the most interesting bit to be the arming mechanisims for nuclear weapons.

    For myself, I'm looking at using a smartcard that can perfom encryption on the card, but really I'm only protecting against a lost laptop and a key on a usb stick would cover that. Anyone actively looking to get my data can use a big-stick analysis of my soft bits to recover my passwords.

    The sensible answer is partition encryption and a procedure for keeping the key seperate without being either a huge hassle or causing it to be lost along with the computer. Biometrics fill this role neatly however someone has had their finger cut off by car thieves http://www.schneier.com/blog/archive...y_risks_2.html so consider situations where you may want to concede your key in order to keep yourself intact.

    I remember reading somewhere about IBM developing tech to communicate over skin and forming networks when people shake hands. I thought at the time about how that could be used to make a mouse/watch combo that identified the watch when the user used the mouse.

    The silly answer is a big electromagnet that is wired to a case switch and bolted to the hard disk that will mangle the disk for several minutes under its own power.

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  7. #7
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    How can we prevent this ?
    You can't. And encryption only buys you time. (And once they have physical access they can steal it and take all the time they want.)

  8. #8
    Linux Newbie burntfuse's Avatar
    Join Date
    Nov 2006
    Location
    Laurel, MD
    Posts
    158
    kakariko: Thanks for the link, that's a really interesting article.
    I have sold my soul to the penguin

  9. #9
    Just Joined!
    Join Date
    Jan 2007
    Posts
    6

    can u suggets me some kind of network attaks

    This is for project only

  10. #10
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    Quote Originally Posted by sauravpn
    This is for project only
    I'm afraid your question violates two rules of the forum
    • Hacking
    • Homework Questions


    This thread had already served it's purpose so I am now closing it. Please read the forum rules, link is in my signature.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •