OS Restriction
Linux is
a robust OS, but it is still vulnerable to hardware dangers that may lead to damage
on its physical drives or power losses that may cause data corruption
Therefore,
in addition to access controls, server rooms should include the following items
to ensure integrity and availability and provide protections from power
outages, power anomalies,
floods,
and so on:
•
Adequate air conditioning for all servers at peak utilization
•
Sufficient power, UPSs, and PDUs
• Raised flooring
servers
environment, having at least the following access controls to protect security:
• Keycard
access to server room allowing only authorized personnel
•
Real-time cameras and video recording equipment to guard all servers and archive
activity
• Locking
server rack for highly sensitive servers
unauthorized
physical access is still best hindered by
•
Maintaining least privilege physical access controls by locking vital areas and
providing unique keys only to specific personnel who need access
•
Performing background checks, both criminal and financial, prior to granting physical
access
•
Designing the route used to access systems such that it passes more than one employee,
especially employees with access privileges to the respective systems
• Mixing
physical locks with more high-tech ones, so hacking the access control system
does not grant access to places that also require a key
Stealing/Changing Data Using a Bootable Linux CD
Once an attacker
has gained physical access, getting into a box can be as simple as booting to a
CD-based Linux distribution, deleting the root user account password in the /etc/shadow
file
Disabling Bootable Linux CDs
There are
three standard electronic physical access controls:
• BIOS
passwords
•
Disabling boot from removable media
•
Password-protected hard drives (easy to implement for workstations, but for servers
requires hardware-level remote administration ability, such as IP KVM
Preventing the BIOS Password Tricks
disabling
the ability to boot from any form of removable(CDs, DVDs,
floppy
drives, and USB devices ) media is advisable and will keep out many of the
lower-level, script-kiddies attackers. But
like BIOS passwords, if attackers obtain physical access to the box,
they can easily circumvent this security measure.
Platter Locks and Tricks
some
computer manufacturers have introduced password protected
hard
drives (or platter
locks),
particularly for use in laptops. The password is stored in the chip set on the drive and is
accessed or modified by the drive CMOS. This technology requires users to enter
a password before the hard drive can be activated. During a cold or warm boot,
this occurs just after the POST (at the time the hard drive is accessed), and it arrests the machine at that
state until the password has been entered.
Whole Disk or Partition Encryption
The best
way to protect against data tampering or unintended disclosure is to implement one
of the many whole disk or partition encryption methodologies available to Linux
systems. This entails encrypting the entire contents of the hard drive, or
partition, using a cryptography encryption algorithm.
For more details please visit http://www.raju-online.com
