[K12OSN] Security of Local Win2K Boxes when using K12LTSP

Henry Burroughs hburroughs at HHPREP.ORG
Tue Feb 24 11:19:00 UTC 2004 

Isn't there a way to encrypt the NTFS filesystem?  That would cut
readability from most bootable devices.




On Mon, 2004-02-23 at 22:11, Terrell Prude', Jr. wrote:

> There's an old story about a new young sysadmin apprenticed to an old, 
> grizzled UNIX guru, who told the young kid, "Boy, if you ain't got 
> physical security, you ain't got diddly!"
> 
> This is as true on Windows, GNU/Linux, OS/2, mainframes, or anything 
> else as it is on UNIX.  Microsoft tried in the mid 1990's to say that 
> the NTFS was totally secure, even with the box out in the open.  This 
> was "true" until Mark Russinovich over at NTInternals.com (now 
> WinInternals.com) wrote an app that same year called NTFSDOS that could 
> not only read, but *write*, to NTFS partitions...from an MS-DOS boot 
> floppy.  Microsoft very quickly removed that "NTFS is invulnerable" Web 
> page from their Web site and started backtracking big time, talking 
> about how important physical security is.
> 
> If you have physical access to the box, then you have the box.  Period.
> 
> --TP
> 
> Ken Meyer wrote:
> 
> >Recently, the net admin at one of the community colleges I am attending
> >(senior tuition waiver) told me that there had been damage to system files
> >on some classroom Win2K boxes.  He alleges this was due to some of the more
> >knowledgeable and well-trained students booting Knoppix and similar distros,
> >which ignore the Win2K permissions and allow such mischief, though I am not
> >sure how he is so sure that it was hackers powered by Linux that did the
> >damage.
> >
> >I would not like to see the Boot-from-CD option turned off on these
> >machines, but I have not discovered any way to protect NTFS files from local
> >Linux boots -- no clever BIOS routine that might tell Linux not to recognize
> >the contents of the NTFS system partition, or whatever.  If there indeed is
> >none and he is forced to turn off the CD Boot option (while leaving the
> >Floppy Boot capability), then I would like to promote the creation of a
> >Linux terminal server in order to serve those who want to have access to
> >Linux from anywhere on campus (and who are not using it just as a hackers'
> >interface).  So, the second question is: if you boot from a floppy to the
> >TS, can you still access the contents of the local drive, as if you had
> >booted Linux on the local box, or is that drive invisible and/or
> >inaccessible.  If there's no difference in the hackability, obviously, my
> >opportunity to sell LTSP will have to be based on other grounds.
> >
> >Ken Meyer
> >
> 
> 
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

-- 
Henry Burroughs
Technology Director
Hilton Head Preparatory School
www.hhprep.org
hburroughs at hhprep.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20040224/9d798477/attachment.htm>

More information about the K12OSN mailing list