On the last 3 dells I have had, there is both the bios boot password and
an option to encrypt the disk (at the ide interface I think): if he cant
even get to a grub screen he is lost.  I have been told that dell
laptops (inspiron series) cannot have the password bypassed easily, even
with access.

Once up, run a dynamic firewall: if he probes any of the ports that you
dont want, he is dropped in an iptables blackhole and the system refuses
to have anything further to do with him - on any port or service.  You
do have to put excludes in for important services so you dont DOS
yourself, but it drasticly cuts exposure and possible attack vectors.
This has the advantage over a normal firewall in that once someone
probes and gets blackholed, he does not get another chance, otherwise he
can hit every port in turn until he maybe finds a way in.  Simplest way
is to use metalog to run a script when a new item is to be logged: if
the script sees it as a iptables log event it doesnt like, it generates
a DROP for that IP.

In X, disable the CTRL-ALT-Fn console access unless really needed, and
the CTRL-backspace reset.  I suspect that with everything discussed so
far, X or console will be the weakest link.

BillK

On Mon, 2005-02-14 at 22:33 +0100, me wrote:
> Well the deal more or less is:
> 
> 1) Laptop is turned off: - try to break in without opening it or 
> anything so bios password prevents this, laptop boots only from harddisk)
> 2) Laptop is booting: - try to break in  (without changing boot order) 
> grub pw prevents single user mode (encrypted partitions would prevent 
> attack via windows)
> 3) Laptop is running, logged in with my user (member of wheel): -try to 
> get root
> 4) Laptop is running: -try to break in remotely and get user- or root-access
> 
> Points 3 and 4 are my main concern as 1 and 2 are relatively easy to prevent
> 
> Thx for the infos so far
> 



--
[email protected] mailing list

Reply via email to