[K12OSN] Security of Local Win2K Boxes when using K12LTSP
Terrell Prude', Jr.
microman at cmosnetworks.com
Mon Feb 23 22:11:03 UTC 2004
There's an old story about a new young sysadmin apprenticed to an old,
grizzled UNIX guru, who told the young kid, "Boy, if you ain't got
physical security, you ain't got diddly!"
This is as true on Windows, GNU/Linux, OS/2, mainframes, or anything
else as it is on UNIX. Microsoft tried in the mid 1990's to say that
the NTFS was totally secure, even with the box out in the open. This
was "true" until Mark Russinovich over at NTInternals.com (now
WinInternals.com) wrote an app that same year called NTFSDOS that could
not only read, but *write*, to NTFS partitions...from an MS-DOS boot
floppy. Microsoft very quickly removed that "NTFS is invulnerable" Web
page from their Web site and started backtracking big time, talking
about how important physical security is.
If you have physical access to the box, then you have the box. Period.
--TP
Ken Meyer wrote:
>Recently, the net admin at one of the community colleges I am attending
>(senior tuition waiver) told me that there had been damage to system files
>on some classroom Win2K boxes. He alleges this was due to some of the more
>knowledgeable and well-trained students booting Knoppix and similar distros,
>which ignore the Win2K permissions and allow such mischief, though I am not
>sure how he is so sure that it was hackers powered by Linux that did the
>damage.
>
>I would not like to see the Boot-from-CD option turned off on these
>machines, but I have not discovered any way to protect NTFS files from local
>Linux boots -- no clever BIOS routine that might tell Linux not to recognize
>the contents of the NTFS system partition, or whatever. If there indeed is
>none and he is forced to turn off the CD Boot option (while leaving the
>Floppy Boot capability), then I would like to promote the creation of a
>Linux terminal server in order to serve those who want to have access to
>Linux from anywhere on campus (and who are not using it just as a hackers'
>interface). So, the second question is: if you boot from a floppy to the
>TS, can you still access the contents of the local drive, as if you had
>booted Linux on the local box, or is that drive invisible and/or
>inaccessible. If there's no difference in the hackability, obviously, my
>opportunity to sell LTSP will have to be based on other grounds.
>
>Ken Meyer
>
More information about the K12OSN
mailing list