[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Different kind of trust

Different kind of trust

Posted Mar 30, 2005 23:24 UTC (Wed) by proski (guest, #104)
In reply to: Security threat? by drathos
Parent article: The good and bad of Linux LiveCDs (ComputerWorld)

Maybe the author is not so stupid? I would think the users are trusted with the data, or they would not work in the company. They are just not trusted with choosing a secure OS for their PC (e.g. because they are not sysadmins and don't read security alerts every morning).

What if a LiveCD has an unsafe old browser that allows attackers from outside the company to access data on the hard drive? What if that LiveCD makes the wireless card work as an unsecured access point? What if it has a modified PDF reader that sends whole documents to bad guys?

to post comments

Different kind of trust

Posted Mar 31, 2005 4:38 UTC (Thu) by chbarts (guest, #28896) [Link] (3 responses)

And what if the user decides to take a screwdriver and remove a hard drive? Even if it's encrypted, that only buys you a set amount of time. Physical access to the machine is the end of being able to secure the computer against that person. Fiddling with the BIOS to disallow alternative boot media is merely an obstacle on the path, and not even the most difficult one to overcome.

In any case, no PC within a company should have a direct line to the outside Internet. There should be at least one firewall between it and the rest of the world that would prevent all of the scenarios you outline in your second paragraph. If the corporate intranet is well-run, it shouldn't be possible for any machine on the inside, no matter how inept or malicious, to send or recieve data from random machines outside the intranet.

Different kind of trust

Posted Mar 31, 2005 5:16 UTC (Thu) by proski (guest, #104) [Link] (2 responses)

Judging by your comment, your employer should not let you use LiveCD. Even if you can be trusted with physical access to company's PCs, you trust firewalls too much. Firewalls don't help against unsecured access points.

Different kind of trust

Posted Mar 31, 2005 7:24 UTC (Thu) by tyhik (guest, #14747) [Link] (1 responses)

Yeah, why would a company need access points on PCs anyway?

Different kind of trust

Posted Mar 31, 2005 13:53 UTC (Thu) by proski (guest, #104) [Link]

If you take time to read the story and all the comments, you'll see that it's a "discussion" between those who get it and those who don't get it. The story was about people running LiveCD without permission of their emlpoyer.

Even if a LiveCD was made in good faith, the consequences on including some packages could have been miscalculated. For your information, HostAP starts by default in Master (AP) mode with ESSID "test" without encryption. If you have a supported card and the LiveCD in question has HostAP included, and it brings up new interfaces automatically, you have a problem.

What's worse, it cannot be assumed that all LiveCDs are made in good faith. I wouldn't trust those that come with flashy magazines.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds