Re: If St. Peter were a human resources manager...
- From: "Oliver Wong" <owong@xxxxxxxxxxxxxx>
- Date: Mon, 13 Feb 2006 16:14:17 GMT
"Randy Howard" <randyhoward@xxxxxxxxxxxxxxxxx> wrote in message
news:0001HW.C01600D6015A9008F0488550@xxxxxxxxxxxxxxxxxxx
Oliver Wong wrote
(in article <x%0If.4999$Be4.2850@clgrps13>):
"Randy Howard" <randyhoward@xxxxxxxxxxxxxxxxx> wrote in message
news:0001HW.C0153DB3012CD3C0F0488550@xxxxxxxxxxxxxxxxxxx
So, it took me precisely 4:18 seconds
to boot a linux disk and reset the password on her NTFS
partition and reboot back around into Windows. That made a
rather startling impression on her after I said "so much for
Windows security" with a smile on my face. Once she got over
being happy to be back on her computer, the reality set in.
To be fair...
a lot of computer security experts agree that once an attacker has
gained physical access to your computer, it's game over anyway.
So there is no point to have a login password on a regular
desktop account in a cube farm, because everybody has physical
access to the machine?
No, there is a point. But generally, you want to secure the weakest part
of your system. If you have no login mechanism at all, then that's your
weakest point, and so you add in a login. But once you have that in place,
you're far better off concentrating on attacks from the network (e.g. look
into firewalls, virus scanners, etc.) than worrying about someone popping in
a Linux boot CD and resetting your password on the NTFS partition (depending
on what kind of organization you work at, of course; I'm assuming a "normal"
IT company, and not, for example, the CIA).
If you really do have a problem with people popping CDs into a
workstation in a cube farm, then don't equip the computers with CD drives,
except for some central technician's computer. The workers then pass the CD
to the technician, who then shares his/her CD drive to that specific user
across the network.
And if you have problems with people coming into your cubicle, using a
screwdriver, extracting the harddrive and connecting it to their laptop,
etc., then add locks to the machines, and so on.
But like I said, once an attack her physical access to your harddrive,
and can run whatever equipment they want against it, you're in big trouble.
It's not an insurmountable problem, but given the value of the data that the
average user has on their workstation, most solutions are not cost-effective
in terms of convenience to the user versus security.
Imagine that the user you helped really did secure her box. She'd be
greatly inconvenienced if you told her "Sorry, the security on that machine
is just too good. We can try to brute force your password, but in all
likelihood, it'll take longer than the age of the universe to crack. So
basically, all your data is gone." That's very secure, but very inconvenient
for her. And many users are simply not willing to put up with that kind of
inconvenience.
- Oliver
.
- References:
- If St. Peter were a human resources manager...
- From: Ian Pilcher
- Re: If St. Peter were a human resources manager...
- From: CBFalconer
- Re: If St. Peter were a human resources manager...
- From: Randy Howard
- Re: If St. Peter were a human resources manager...
- From: blmblm
- Re: If St. Peter were a human resources manager...
- From: Randy Howard
- Re: If St. Peter were a human resources manager...
- From: Oliver Wong
- Re: If St. Peter were a human resources manager...
- From: Randy Howard
- If St. Peter were a human resources manager...
- Prev by Date: Re: c programming
- Next by Date: Re: c language
- Previous by thread: Re: If St. Peter were a human resources manager...
- Next by thread: Re: If St. Peter were a human resources manager...
- Index(es):
Relevant Pages
|
