Nico Meijer wrote: > What good would physical access to any 'standard' (ie. no RaQ or equivalent > with all kinds of nifty buttons on the front) server do without any or all > of the following: > > - serial cable connected to laptop/desktop > - ethernet connected to laptop/desktop > - screwdriver > - axe > - etc... > as far as "changing software specifications" on that server is concerned? > With that, I mean: load a different kernel, install software (rootkits, > trojans, etc.); you know the drill.
Put in a floppy. Reboot from the floopy. The floppy has a kernel that sends the system out to the 'net to upload rootkits, trojans, etc. Actually not hard at all for a "standard" system with a floppy drive. > *anyone* with physical access to a RaQ[*] can make it reboot and load a > different kernel (ROM kernel). Easy. You can do it from the front panel. How do you think the CD-Rom restore works? > To me, that is scary, however small the > chance may be that someone illegally can get physical access to my RaQ. Many hosting companies, especially the inexpensive ones, just have open RaQs of machines. A few months ago I was hired by a company to do a system rebuild, and the VP had to accompany me to their colo. Even though the colo company had never seen him (they had seen me) before, they let us both in to their server room (without making any authorization calls to see if indeed I had authority to access the box that day, or if that guy even was the VP), closed the solid door (no windows) to keep the airconditioning in, and we had access to every system in there for over an hour. The VP had the system moved to another colocation center post haste. When we colocate systems we put them all into one locked cabinet (locked front and back by the way; always check the back). However, if you come in to work on your system colocated with us you do have access to all the systems in the same cabinet <frown>. The only way to do that is to rent an entire cabinet, and now you're talking big money. Jeff -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
