RE: fedora-list@xxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yep...., except that the real information that is being transmitted by the
firewall is inside an encrypted VPN.  Also the file system itself is
encrypted.  The firewall won't accept SSH from just any system.  It's locked
down.   I'm just trying to make it extremely difficult for an unauthorized
user to get access to it.  

Rick.

| -----Original Message-----
| From: ryan [mailto:ryanag@xxxxxxxxxxxxxxxx]
| Sent: Sunday, March 13, 2005 6:16 AM
| To: fedora-list@xxxxxxxxxx; rick@xxxxxxxxxxx
| Subject: fedora-list@xxxxxxxxxx
| 
| "How do I lock or disable unused ports such as keyboard, video and USB
| ports?
| 
| 
| Here is the scenario; I have several firewalls built upon Fedora that are
| in
| closets physically unmonitored.  An unscrupulous individual could plug in
| a
| keyboard, mouse and monitor into one of these systems and start getting
| access to it.  Even worse the individual could plug in other devices to
| log
| all packets flowing through the firewall.   This gives me chills just
| thinking about it!
| 
| I would like to disable any I/O devices that aren't actually needed."
| 
| 
| Way too much work with no tangible benefits. If you did all this, what is
| to keep a malicious attacker from dropping in a $10 hub, then setting up a
| monitoring station. He/She could just walk in occaisionally and get the
| logs off, or worse, set up a cheap access point and just pull into the
| parking lot, SSH into their sniffer machine, and get the logs that way.
| 
| Physically secure the machines or don't think too hard about it. Stripping
| the servers down to a CPU/RAM/HD and ethernet ports won't provide much
| additional security.
| 
| 





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux