On Tue, Sep 16, 2008 at 05:50:18PM -0700, Rick Stevens wrote: > Dave Feustel wrote: > [snip] >>> 1. Machines do not have X installed and boot to run level 3 I did not write the above point 1. I did write the following: >> Having spent some time running X on OpenBSD, FreeBSD, Fedora, and now SUSE 11, >> I am convinced that using X on any of these platforms enables exploits that >> cannot be disabled. You cannot have both security and X. Take your pick. I do >> not log in as root in X for any reason since there are ways in X to listen in >> on keyboard communications and capture passwords. So far as I have been able to >> tell, this is not possible with non-X console io. > > ANYTHING over the net can be hacked, given enough CPU cycles and time. > You can mitigate it requiring everything be heavily encrypted (including > X). It's not perfect, but it's as close as you're going to get. There > is such a thing as making a machine so secure it's unmanageable. I did not write the following: >>> 2. /etc/inittab modified to NOT spawn gettys on the VTs >>> 3. /etc/inittab spaws serial port getty connected to a serial KVM >>> 4. grub configured to also use the serial port for its console >>> >>> This is in addition to them being in cage with a deadbolt lock on the >>> door, and the cage being in a data center with physical access >>> restrictions, cardkey access and video surveillance. Yes, it's a bit >>> onerous, but it is required. Whether you think they're "good reasons" >>> is irrelevant. >> >> I have read that Congress passed a law in 1995 mandating undetectable >> hardware access to all computers connected to the internet. > > The law, IIRC, was held unconstitutional and the US Attorney stated that > it was unenforceable anyway. Subsequent laws may require it, but only > with a court order. I'm not sure how the Patriot Act (what a joke) > affects this. We don't care. We're PCI-compliant. If they want to see > our systems, they can get a court order and deal with our lawyers first. > > I mean, jeeze! Didn't we beat the Nazis some 65 years ago? Actually, the Allies defeated Germany in the war, but the German Nazis migrated to America. Google "operation paperclip" and/or read the book _Rise of the 4th Reich by Jim Marrs. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
