Posted: Tue Oct 11, 2005 3:54 pm Post subject: PAM, securing physical access
I'm looking into ways to secure a disk from physical access. I understand this is rather utopic, but I think some solutions exist (if one is reasonable). So here it is:
- our system runs WinXP installed on NTFS FS.
- I could extract the admin password with a net-available tool, after I booted with Knoppix and copied PAM and other registry files
So, assuming our users are not going to take the HDs home, is it possible to prevent the contents of the disk from being accessed by an external FS, be it windows or *nix? In particular, is there any kind of tool that offers this feature?
I suppose we're not dealing with encryption here, solely with upholding the Win ACLs.
Joined: 17 Oct 2002 Posts: 16777178 Location: California
Posted: Tue Oct 11, 2005 5:19 pm Post subject:
disable the ability to boot from floppy or CD and password protect the BIOS. Put a lock on the case for added measure (to prevent them from resetting the BIOS by removing the battery). This won't completely stop them (they can always download the needed files and modify the boot.ini to boot from their new files if they really want), but it will stop a good 98% of attempts.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum