[K12OSN] Security of Local Win2K Boxes when using K12LTSP
Steve Wright
paua at quicksilver.net.nz
Mon Feb 23 20:17:19 UTC 2004
On Mon, 2004-02-23 at 19:29, Ken Meyer wrote:
> Recently, the net admin at one of the community colleges I am attending
> (senior tuition waiver) told me that there had been damage to system files
> on some classroom Win2K boxes. He alleges this was due to some of the more
> knowledgeable and well-trained students booting Knoppix and similar distros,
> which ignore the Win2K permissions and allow such mischief, though I am not
> sure how he is so sure that it was hackers powered by Linux that did the
> damage.
I would be tempted to be very rude to him..
> [...] I have not discovered any way to protect NTFS files from local
> Linux boots -- no clever BIOS routine that might tell Linux not to recognize
> the contents of the NTFS system partition, or whatever.
you might remove the ntfs module, or build a kernel without ntfs
installed for your systems.
> [....] the second question is: if you boot from a floppy to the
> TS, can you still access the contents of the local drive, as if you had
> booted Linux on the local box
no. There is no ide module even on the terminal system, and it is near
impossible for the user/cracker to break into the actual terminal system
and insert a module, even if there was one to insert. No IDE module =
no IDE access - full stop, final.
> or is that drive invisible and/or
> inaccessible. If there's no difference in the hackability, obviously, my
> opportunity to sell LTSP will have to be based on other grounds.
Big difference. Knoppix is an *excellant* security tool, and booted
over an XP/2K/whatever box - your net admin has a valid point.
You are onto a good thing, because LTSP should take all your worries
away regarding this. BTW, you don't even need a boot floppy if they are
modern machines.. simply use the BIOS PXE Boot-from-LAN.
best,
Steve
More information about the K12OSN
mailing list