Fabian ==>
Thank you, for your insights . . .
Fabian Linzberger wrote:
>
> What actually worries me most, is that somebody might break in at night,
> take out the floppy, modifies it as he pleases and reboots the router.
> Turning around the floppy drive helps, but most people know how to use a
> screw driver. But as soon as someone is able to get physical access to
> your computers, your in a lot of mess anyhow.
>
> Has somebody thought about something like creating checksums of you
> floppy and checking it regularly? Of course an attacker might modify the
> floppy and make it still send the old checksum, or even better:
> duplicate the floppy, modify the copy and reboot from it and replace
> with the original. Who knows how long it would take
> anyone to notice the difference?
These are some reasons we chose to go with LRP-CD. *Everything* is
first written to bootable CD-R, except for several kB's of site specific
detail.
In our cases, the only thing that resides on floppy is the real-time
generated sshd key in sshd-1.lrp -- the goal, anyway ;>
In reality, we make tweaks to etc.lrp that reside on floppy -- for a few
days -- until we burn a new CD-R. As we get more settled on our
configuration, these changes/tweaks will become very rare. We are also
working on getting that key back onto CD-R, where it belongs ;>
Even now, we can login in remotely, mount the floppy to see its contents
and reboot as necessary . . .
--
Best Regards,
mds
mds resource
888.250.3987
"Dare to fix things before they break . . . "
"Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . . "
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
