gabriel rosenkoetter on Mon, 1 Jul 2002 05:30:08 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] log as root or not ?


On Sun, Jun 30, 2002 at 10:42:00PM -0400, John Lavin wrote:
> Then I guess an attacker still has to compromise a system with the keys
> and break one password.  Same as if the sshed as a normal user and
> attempted to crack the remove root password.  The best thing would
> probably be to both not have a root authorized key *and* password
> protect the private keys, but I don't go that far.

This is the ignoring the concept of a threat model.

Will your attackers will have access to your workstation, or is it
completely hidden behind a firewall and NAT? Certainly, for attacks
from the network, I would expect your servers are far more exposed
than your workstation.

If you're concerned about an inside job (and you should be), it's
unlikely this would even come into play. The internal attacker will
already have access of some sort and exploit that access to gain
privilege; he wouldn't have to start from scratch.

In any case, an internal attack by just jacking the hard drive out
of your workstation (at which point he'd *still* have to run a brute
force attack on your presumably-passphrased key, the public half of
which you'd immediately remove from the servers when you saw your
workstation had been tampered with) is entirely thwarted by using a
floppy (as I suggested in another email just now).

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgpI6jq5chQsU.pgp
Description: PGP signature