Freminlins wrote: > You made the point with reference to security, not system recovery. That > is what I am contradicting.
Security is often misunderstood to mean protecting against unauthorized access. But this is only part of information security. You need to protect your information assets such as to ensure continuity of business operations, and this covers: * Confidentiality * Integrity * Availability The last two evidently have to do with data and system recovery, and this was the question being raised in OP. Which is more important depends on the data. In some cases unauthorized disclosure is less costly than downtime. The security professional evaluates the potential losses for each breach against the cost of protecting against that breach. Integrity of the base installation is important because it ensures integrity of the base system against the most common failures - say power out, and provides for faster recovery of systems hence addressing availability - and not to mention it is cheap! If you configure your server using LDAP or NIS for user management then you only need to mount the root file system rw when updating the base system or changing root password. Add the MAC and you will likely be able to protect further against the attack you mention. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
Description: S/MIME Cryptographic Signature