Re: [Full-disclosure] Root password change

On Fri, 31 Mar 2006, Valdis.Kletnieks@vt.edu wrote:

> On Fri, 31 Mar 2006 12:33:28 EST, gboyce said:
> > In which case the person needs to remove the hard drive, and put it into a
> > different system for the modifications (or mirroring).
>
> Time constraints.  The amount of time needed to pop in a disk and hit reboot
> is (or should be, in this case) a lot shorter than the amount of time it takes
> to pull a rack-mount box out and pop the lid and play with the drives.
>
> And if your server has a lockable faceplate like most Dell rack-mounts, that
> can add a lot to the challenge right there (as it stops any quick "snarf a
> hot-swap drive and run" scheme).
>
> > For the most part, if an attacker has physical access to the hardware
> > itself, you just lose.
>
> Almost, but not quite right.  If the attacker has physical access *for long 
> enough*,
> you lose.

I wasn't quite clear enough I think.

By "Physical Access to the hardware", I meant unencoumbered physical 
access.  If a system is in a locked rack, safe, or has a locking case then 
it is indeed much more difficult.

Good point about the time though.  Even an unlocked rack mount server 
without hot swappable drives will take some time to unrack and disassemble 
in order to ge the drives out and back in again.

--
Greg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/