On Jun 12, 2008, at 3:24 PM, David Naylor wrote:

This is a general enquiry. What had sparked my interest in this subject is the above mentioned article. In this case it is a workstation used to access and manage account and cash flows. The threat would be anyone gaining access
to 'divert' funds to incorrect  accounts, for obvious personal gains.

How much money are we talking about? If it is billions of NZD that is one thing, if it is thousands of NZD that is another. The question is would someone with resources make a concerted effort to specifically target your system? If so, you should hire a local professional.

If your concern is more about the kinds of wide spread automated attacks, then really it's just a matter of doing the basic sorts of things. Disabling root SSH logins, have your perimeter firewall check for unusual out-bound traffic, and of course, keeping the system properly updated.

Specifically, the two threats would be remote attach (such as spyware being
deployed, or gaining remote access)

I haven't played around with it, but you might want to look at Mandatory Access Control (described in the Handbook). It's something that has been on my "to learn" list for a while, but I am getting through that list very slowly. From what you've said, it sounds like you are talking about a multi-user system. Something like MAC really may be the best approach to preventing individual users from being tricked into doing stupid things.

or physical access (in which case keeping
the username and password safe will be the only option? Assuming their is no
compromise on the human side)

For a typical machine, physical access means all access. If I have physical access to a machine, I may be able to boot it from my own boot media (a CD for example) and then read everything on the hard disks. I could remove the disks and copy them. I could install a physical keystroke logger between the keyboard and the box. There really is a lot that can be done with physical access.

So if you have reason to believe that attackers would have physical access to the machine, you should use encrypted file systems.

Note that with both MAC and encrypted file systems you run an increased risk of locking yourself out of the system by accident.

So what measures you wish to take, with their additional costs and risks, depends on a careful and realistic view of what the threats are.

I've enjoyed this discussion.



freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to