[K12OSN] Security of Local Win2K Boxes when using K12LTSP
Henry Burroughs
hburroughs at HHPREP.ORG
Tue Feb 24 11:19:00 UTC 2004
Isn't there a way to encrypt the NTFS filesystem? That would cut
readability from most bootable devices.
On Mon, 2004-02-23 at 22:11, Terrell Prude', Jr. wrote:
> There's an old story about a new young sysadmin apprenticed to an old,
> grizzled UNIX guru, who told the young kid, "Boy, if you ain't got
> physical security, you ain't got diddly!"
>
> This is as true on Windows, GNU/Linux, OS/2, mainframes, or anything
> else as it is on UNIX. Microsoft tried in the mid 1990's to say that
> the NTFS was totally secure, even with the box out in the open. This
> was "true" until Mark Russinovich over at NTInternals.com (now
> WinInternals.com) wrote an app that same year called NTFSDOS that could
> not only read, but *write*, to NTFS partitions...from an MS-DOS boot
> floppy. Microsoft very quickly removed that "NTFS is invulnerable" Web
> page from their Web site and started backtracking big time, talking
> about how important physical security is.
>
> If you have physical access to the box, then you have the box. Period.
>
> --TP
>
> Ken Meyer wrote:
>
> >Recently, the net admin at one of the community colleges I am attending
> >(senior tuition waiver) told me that there had been damage to system files
> >on some classroom Win2K boxes. He alleges this was due to some of the more
> >knowledgeable and well-trained students booting Knoppix and similar distros,
> >which ignore the Win2K permissions and allow such mischief, though I am not
> >sure how he is so sure that it was hackers powered by Linux that did the
> >damage.
> >
> >I would not like to see the Boot-from-CD option turned off on these
> >machines, but I have not discovered any way to protect NTFS files from local
> >Linux boots -- no clever BIOS routine that might tell Linux not to recognize
> >the contents of the NTFS system partition, or whatever. If there indeed is
> >none and he is forced to turn off the CD Boot option (while leaving the
> >Floppy Boot capability), then I would like to promote the creation of a
> >Linux terminal server in order to serve those who want to have access to
> >Linux from anywhere on campus (and who are not using it just as a hackers'
> >interface). So, the second question is: if you boot from a floppy to the
> >TS, can you still access the contents of the local drive, as if you had
> >booted Linux on the local box, or is that drive invisible and/or
> >inaccessible. If there's no difference in the hackability, obviously, my
> >opportunity to sell LTSP will have to be based on other grounds.
> >
> >Ken Meyer
> >
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
--
Henry Burroughs
Technology Director
Hilton Head Preparatory School
www.hhprep.org
hburroughs at hhprep.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20040224/9d798477/attachment.htm>
More information about the K12OSN
mailing list