On Tue, 10 Jul 2001, Todd Littlefield wrote:
> Then we had another idea. Create a lockable boot media (cdrom, jazz, orb,
> etc) with a minimal install (w/ strict fire wall rules in place).
A system based on read-only media will generally be much harder to
compromise then one with writable storage. However, anything which stores
executable code in RAM -- in other words, pretty much anything -- can, in
theory, be modified. In other words, such a firewall will likely be much more
resistant to attack, but don't think it will be impossible to compromise.
Note: I believe IOMega's Jazz media use a software-based write lock.
Another note: Some hard drives have a "Read Only" jumper which can be set.
I have heard of at least one person who wired the front-panel "TURBO" button
to the jumper pins, effectively creating a system with a front-panel "Write
Protect" switch.
Yet another note: The LIDS (Linux Intrusion Detection System) project has
been working on a number of kernel modifications which make a Linux system
more resistant to attack and compromise. You may want to check that out.
<http://www.lids.org/>
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
