[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Trust rack space provider?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Trust rack space provider?
- From: "Marsh J. Ray" <marsh-obsd_(_at_)_mysteray_(_dot_)_com>
- Date: Tue, 25 May 2004 20:07:25 -0400
Richard Welty wrote:
On Tue, 25 May 2004 19:00:44 -0400 "Marsh J. Ray" <marsh-obsd_(_at_)_mysteray_(_dot_)_com> wrote:Access control to the password is pointless if you don't control access
to a the box itself that can be compromised with a boot floppy.
Write the root password on the front of the CPU box. Put it on the back
of a business card and tape it on upside down and backwards so you can
flip it up to read it.
that's fine as long as there is decent access control to the password, but
you'll never catch me doing that.
i'm familiar with an incident where a "friendly" foreign power infiltrated agentsAnd how hard would it have been for them to use a boot medium to vacuum
the data, insert a backdoor, etc., and explain later that they
accidentally "tripped" over the power cord or something?
onto the staff of a janitorial firm that did the outsourced service for a US Army
research facility. they got quite a lot of data out of the trash cans.
from http://text.staticfree.info/computer.folklore.from.net.rumors.html :
Reminds me of the Arpanet site that used to crash frequently
right around the end of the day. Seems the cleaner plugged the
floor buffer into a convenient 100AC outlet - the one inside the
this is why i'm hell on people who put passwords on postits on their monitors.
I didn't suggest putting them on the user's monitor, I said the server
Your physical safe idea is a good one, too.
I guess this is security related, maybe a little off-topic, but a
Question: how (or even) can I host a server at a "rack space" provider
without complete trust in their staff?