The assumption is the attacker does not have physical access, obviously. And even then the CD is not secure, see below. Arno On Mon, Sep 21, 2009 at 05:31:06PM +0200, Sven Eschenberg wrote: > > How could this possibly help - One could still switch the CD, plug in a > USB disk with an alternate boot environment, and as a last resort change > the boot firmware. > I hardly see a chance of this suceeding, when physical access control is > lost. > > Regards > > -Sven > > On Mon, September 21, 2009 17:20, Arno Wagner wrote: > > > > There are possibilities to fight this, e.g. a hard power-cycle every > > few hours and hardware that makes the HDDs unavailable until the CD has > > successfully booted. But I doubt that is an adequate solution here > > and it has drastic negative impact on reliability. > > > > Better just do a careful restrictive firewall configuration, and > > make sure your system is patched. > > > > Arno > > -- > > Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: > > arno@xxxxxxxxxxx > > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 > > 338F > > ---- > > Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > > > > If it's in the news, don't worry about it. The very definition of > > "news" is "something that hardly ever happens." -- Bruce Schneier > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@xxxxxxxx > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt