I'm sure Dan knows this, but other interesting ways to tamper with your data once you have physical access include removing the disk and putting it in some other machine for perusal and booting a different OS (knoppix would be good here). These attacks work against NT as well which carefully doesn't give you a way into the admin account even when you have physical access to the machine :-) Setting the BIOS password would slow someone down for a laptop (it's dead easy to reset the BIOS, including the password, on any desktop or server and the motherboard manuals are almost always available on the web).If someone has physical access to your box, eventually they'll get in regardless of the OS.
Your only help here would be encrypted data.
Encrypting the disk makes it harder for a lot of would-be attackers. But for anyone serious, they've got the cipher text now (and you haven't) and can do all the usual attacks (probably password guessing) now. Chances are the clear-text password (or lightly encrypted password) is lying around on the disk somewhere anyway -- there are a lot of badly engineered password storage tools out there with easy attacks.
In the end, if someone has physical access to your machine, you've lost your data. If the disk is protected by good encryption mechanism (and I'm talking system here, not the relative merits of, say, AES and Blowfish) then you have some time when no one else has your data either.
jch
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
