FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-08-2012, 12:46 PM
Stayvoid
 
Default Securing Debian Manual: 3.1 Choose a BIOS password

Hello.

"Before you install any operating system on your computer, set up a
BIOS password. After installation (once you have enabled bootup from
the hard disk) you should go back to the BIOS and change the boot
sequence to disable booting from floppy, CD-ROM and other devices that
shouldn't boot. Otherwise a cracker only needs physical access and a
boot disk to access your entire system." [1]
Is there a way to prevent such actions while using a VPS?

I won't have a physical access to the machine.
Is there a need to set a BIOS password for a VPS? (I've never used a
VPS, but someone told me that it's possible for some of them.) I've
been told that it's not necessary because if someone reboot the
machine I'll have no chance to enter the password.

[1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html

Cheers

P.S. Sorry for those who already seen this post.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAK5fS_HxOQK+K7Bgi3spM2xq1X=PPip9Th0Nx1EVfkxb3HK_b Q@mail.gmail.com">http://lists.debian.org/CAK5fS_HxOQK+K7Bgi3spM2xq1X=PPip9Th0Nx1EVfkxb3HK_b Q@mail.gmail.com
 
Old 03-08-2012, 01:44 PM
Tom H
 
Default Securing Debian Manual: 3.1 Choose a BIOS password

Are you trying to beat some number-of-posts-record?!


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAOdo=Sx3vvxCKE+8Wn_Zrc-_nXP0bOrAOkqNw7zQCxq=qHBA4A@mail.gmail.com">http://lists.debian.org/CAOdo=Sx3vvxCKE+8Wn_Zrc-_nXP0bOrAOkqNw7zQCxq=qHBA4A@mail.gmail.com
 
Old 03-08-2012, 02:12 PM
Camaleón
 
Default Securing Debian Manual: 3.1 Choose a BIOS password

On Thu, 08 Mar 2012 16:46:24 +0300, Stayvoid wrote:

> Hello.

(...)

Hi.

Before going any further, would you care to explain what's going on here?
Were you bitten by a dancing bug or something like that?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: jjai86$ek5$6@dough.gmane.org">http://lists.debian.org/jjai86$ek5$6@dough.gmane.org
 
Old 03-08-2012, 02:50 PM
Kelly Clowers
 
Default Securing Debian Manual: 3.1 Choose a BIOS password

On Thu, Mar 8, 2012 at 07:12, Camaleón <noelamac@gmail.com> wrote:
> On Thu, 08 Mar 2012 16:46:24 +0300, Stayvoid wrote:
>
>> Hello.
>
> (...)
>
> Hi.
>
> Before going any further, would you care to explain what's going on here?
> Were you bitten by a dancing bug or something like that?
>

Agree on that.


Stayvoid, If you really need to comment on more sections of the
manual, maybe you could collect them all in one email. Or perhaps
make each email a reply in one thread... One email is probably
better though.


Cheers,
Kelly Clowers


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAFoWM=-oR8prM7TCG1Ke5SzjwDuVj4q4k9uZBFmixXyHqWq-EA@mail.gmail.com">http://lists.debian.org/CAFoWM=-oR8prM7TCG1Ke5SzjwDuVj4q4k9uZBFmixXyHqWq-EA@mail.gmail.com
 
Old 03-13-2012, 07:52 PM
Darac Marjal
 
Default Securing Debian Manual: 3.1 Choose a BIOS password

On Thu, Mar 08, 2012 at 04:46:24PM +0300, Stayvoid wrote:
> Hello.
>
> "Before you install any operating system on your computer, set up a
> BIOS password. After installation (once you have enabled bootup from
> the hard disk) you should go back to the BIOS and change the boot
> sequence to disable booting from floppy, CD-ROM and other devices that
> shouldn't boot. Otherwise a cracker only needs physical access and a
> boot disk to access your entire system." [1]
> Is there a way to prevent such actions while using a VPS?
>
> I won't have a physical access to the machine.
> Is there a need to set a BIOS password for a VPS? (I've never used a
> VPS, but someone told me that it's possible for some of them.) I've
> been told that it's not necessary because if someone reboot the
> machine I'll have no chance to enter the password.
>
> [1] http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html
>
> Cheers
>
> P.S. Sorry for those who already seen this post.

If you don't have physical access to the computer, there is very little
you can do to fully secure it (at least to the extent that you seem to
want to do). How do you plan to stop someone taking the top off and
attaching a logic analyser to it? How do you plan to stop someone simply
creating a DoS by forcibly inserting a foreign object (e.g. hitting the
computer with an axe)?

I'm not saying securing Debian won't help, but work out what you're
securing it FROM.


--
Darac Marjal


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120313205258.GB32229@darac.org.uk">http://lists.debian.org/20120313205258.GB32229@darac.org.uk
 

Thread Tools




All times are GMT. The time now is 12:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org