On Sat, 30 Jul 2011, 夜神 岩男 wrote:
Coming originally from secret squirrel land, one of the cardinal security rules for us was simply "If the attacker has physical access, you don't have security".
I don't agree with you completely, there's many sides to security. Data-theft, denial-of-service, hardware-theft, fire/water damage... Different kinds of measures can help you to protect against one or more of these, but simply stating that a GRUB password, a BIOS password or an encrypted filesystem do not help against someone with physical access is not true.
It's the difference between a good lock, a bad lock and no lock. Depending on the determination, the environment and the tools available, a good lock may very well prevent your bike from being stolen. No lock may guarantee it gets stolen (at least in some areas over here).
And that's just hardware, you might be concerned with the data-theft. Filesystem encryption doesn't prevent your data to be stolen, but makes it impossible to be abused when stolen.
So, yes, even considering physical access, a GRUB and BIOS password is very much recommended. And disabling ctrl-alt-del is a good measure to protect against accidental reboots... Everything adds up to the total security.
-- -- dag wieers, [email protected], http://dag.wieers.com/ -- dagit linux solutions, [email protected], http://dagit.net/ [Any errors in spelling, tact or fact are transmission errors]
