On Tue, Sep 15, 2009 at 11:37:17AM +0100, Dan Hatton wrote:
On Tue, 15 Sep 2009, Chris G wrote:
Exactly what I was going to say. Apart from anything else they can walk away with the machine under their arm! :-)
Yes - although that would at least be readily detactable.
Even without taking the machine away it's pretty trivial to boot from a CD (or memory stick, or floppy even) that they've brought with them and get to single user/root.
Not entirely trivial - I have the boot order password-protected in the BIOS. The sunk cost I'd put into achieving that is partly why it came as such a shock to find grub behaving like this.
Presumably all that's needed to circumvent that though is to reset the BIOS isn't it?
If the *data* is really confidential then lock the machine up and encrypt the filesystem.
One of the many things I have to be thankful for in my life is that I don't have to handle "really" confidential data.
Quite! :-) My security and backups are aimed more at keeping my data safe if either my main machine catches fire (or other less spectacular but equally destructive disaster) or some malicious attacker gets at it somehow. To that end all important data is copied to more than one 'off site' store.