Re: Write root password on the front of the box

[Richard Welty <rwelty_(_at_)_averillpark_(_dot_)_net>]

On Tue, 25 May 2004 19:00:44 -0400 "Marsh J. Ray" <marsh-obsd_(_at_)_mysteray_(_dot_)_com> wrote:
> Write the root password on the front of the CPU box. Put it on the back 
> of a business card and tape it on upside down and backwards so you can 
> flip it up to read it.

that's fine as long as there is decent access control to the password, but
you'll never catch me doing that.

in my view, the correct solution is to setup sudo properly, write the root
password down, seal it in an envelope and stick it in the safe. hopefully
you'll never need to unseal the envelope, but it's there just in case
someone foobars /etc/sudoers.

one very often forgotten aspect of physical security is what i call the "janitor
effect". do you know who is cleaning your offices out at night? is anyone
vetting them? of course not, the CFO turned the whole thing over to the
lowest bidder and promptly forgot about it.

i'm familiar with an incident where a "friendly" foreign power infiltrated agents
onto the staff of a janitorial firm that did the outsourced service for a US Army
research facility. they got quite a lot of data out of the trash cans.

this is why i'm hell on people who put passwords on postits on their monitors.

richard
-- 
Richard Welty                                         rwelty_(_at_)_averillpark_(_dot_)_net
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security