Re: Best practices for private server deployment on LAN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2005-03-23 at 17:56, dan wrote:
> Hello, all -
> 
> I'm trying to do some research on some of the best practices to 
> deploying a server that would be on a private LAN.  This server would 
> not have any Internet connectivity - it would be used to facilitate the 
> workings of a proprietary client program that would contact this server 
> for specific information.
> 
> I have managed to bring down the install of a FC3 release to just under 
> 500M.  Although I am not satisfied with this yet, that is pretty small 
> compared to what I've done and seen in the past.  I'll keep working on 
> that one.
> 
> The problem that I'm faced with is that no one should be allowed to 
> tamper with this server.  No one should be able to log in, change 
> settings, or anything of the like.

Most of the things you went on to describe are taken care of by locking
the server away and restricting physical access to it.  Short of that
about all you can do is make is slightly harder for some one to get
access into the system.  

Physical security of computer systems is 90% of the task.  The rest is
taking care of network and user security.  Without physical security
there is no way to keep someone that is motivated enough from stealing
the system and systematically breaking through any encryption or other
security mechanisms you put in place.

About the only thing you did not mention was placing an access bomb on
the system which would attempt to erase the data during the next boot up
if you don't enter a pass phrase.  :)

And even those can be defeated since most good computer forensic
specialists make bit level copies of hard drives prior to trying to
access them, and then they don't boot from those drives.

There was another thread along the same lines.  If you are unable to
physically secure the system you might try putting epoxy in the various
ports you don't want anyone to have access to.  But that is not going to
prevent someone from taking the whole system.

-- 
Scot L. Harris
webid@xxxxxxxxxx

He draweth out the thread of his verbosity finer than the staple of his
argument.
		-- William Shakespeare, "Love's Labour's Lost" 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux