Home > Articles > Operating Systems, Server

This chapter is from the book

3.3 Physical Actions

DANGER LEVEL

Several well-known ways that crackers take over a system from the keyboard are discussed here.7 Only some of the intrusions require access to the system's floppy or CD-ROM drives. Certainly, high-security systems should be kept in locked rooms but even in most engineering labs that are considered reasonably secure, there are enough unfamiliar faces that someone could pop a rogue floppy into a system without being noticed. Certainly, if an intruder has time, she simply could take the cover off a box and steal the disk containing proprietary data. Most laptop disks are tiny and with a little practice can be removed in under a minute and hidden in a pocket. Keep that in mind the next time you are on the road.

Confidential data on laptops and other systems that could be compromised always should be stored on disk in encrypted form. PGP is quite popular for this. There are some hardware cards available for encrypting all data going to a disk and decrypting data read from it, so that if someone steals the disk, they cannot read your data. See "Encrypted Disk Driver" on page 274 for discussion on a Linux device driver that automatically encrypts all data written to the disk, including data written to the swap partition.

In March of 2000, Intel announced a new laptop security system using a new chip set. It is expected to become quite popular. Do not be paranoid, but there is the keyboard ghost that is capable of recording up to 500,000 keystrokes on a keyboard without the user knowing.

http://www.keyghost.com/

See "Law of the Jungle—Physical Security" on page 121 to learn how to keep them away.

3.3.1 Booting an Intruder's Floppy or CD-ROM

DANGER LEVEL

If a cracker can get physical access to your system, unless you have taken special precautions, he merely needs to insert his bogus floppy, tape, or CD-ROM into your system and type Ctrl-Alt-Delete, momentarily unplug your system, press the reset button, or pull a circuit breaker, to get his rogue operating system without all your carefully installed security enhancements. Note that this will work even if you disable the keyboard and reset button.

Within a minute he "owns" you. Think about your physical environment for a moment. Do you periodically see people near the computers that you do not recognize but do not interrogate because you assume they are someone's boyfriend, roommate, or the guy in to fix the copier again? Inside of 10 seconds, he could pop in a floppy and hit the reset button or wiggle the power cord and be heading out of the building because he does not even need to wait for the boot sequence to finish.

3.3.2 CMOS Reconfiguration

DANGER LEVEL

The solution to physical intrusions and intruder boot floppies is for you to boot up and enter the CMOS configuration screen, commonly done by pressing the Delete key when prompted. The commands discussed here are specific for the Award® brand of BIOS. This brand of BIOS is in many PCs. The AMI® approach is similar. If yours is different, probably it, too, will be similar. If not, perhaps there is a manual around or help on the manufacturer's Web site. A common prompt message is

Press DEL to enter SETUP

Then press the down arrow until the menu selection

BIOS FEATURES SETUP

is highlighted and hit Enter. Of the bewildering menu of options, select

Boot Sequence

by pressing the down arrow until this item is highlighted and press Enter. This is the sequence of devices that the machine will try to boot from.

For those blissfully ignorant of the DOS world, device "A" is the first floppy drive (also called a diskette and usually the top unit as opposed to the bottom unit), device "B," if any, is the second floppy. Device "C" is the hard disk, and for those living large, device "D" is the second hard disk. Most recent BIOS versions also offer "SCSI" and "CD-ROM."

Press the + key, or, possibly, the PageUp key, repeatedly until it displays the single device that you normally will boot from, usually "C" or "SCSI." You do not want to select the option "C, A" because then if an intruder can trash the hard disk Master Boot Record (MBR) she can force the machine to boot from the floppy. If a subsequent corruption problem requires booting from a set of rescue disks (floppies), you can change this device order in the CMOS settings at that time. Press the Esc (Escape) key to exit this menu and return to the main menu. Then follow the instructions for saving the changes and exiting; commonly this is pressing the F10, Y, and Enter keys.

Also, it is a good idea to configure the CMOS to disable all serial and parallel devices that you do not need. This will prevent someone from connecting a modem to a serial port or connecting a floppy drive, zip drive, or CD-RW burner to the parallel drive.

3.3.3 Adding a CMOS Password

DANGER LEVEL

To prevent an intruder from altering the CMOS settings that you have configured for security and correct operation, you need to add a CMOS password by following the steps below. This will cause the CMOS code to ask for this password before doing anything of significance.

  1. Reboot your system and, when prompted, press the Delete key to get into the CMOS menu. A common prompt for this is Press DEL to enter SETUP.

  2. Move the down arrow until a menu selection is highlighted that reads something like CMOS Password or SUPERVISOR PASSWORD.

  3. Press Enter and enter the desired password. Immediately write the password down and file it securely where you will remember to look for it at 3 A.M. in a year's time when you need to boot from rescue disks. Enter the password a second time.

  4. Move the down arrow until the menu selection SAVE & EXIT SETUP is highlighted, press Enter, Y, and a second Enter (or F10, Y, Enter).

Now an intruder will be unable to alter the CMOS settings, say, to enable booting off a floppy to get control of the system with his own UNRescue Disks.

What if an intruder sets a CMOS password after changing the CMOS settings to only boot from nonexistent hardware? What if the other SysAdmin forgot to tell you the password before his vacation in the Outback?

Some motherboards have a jumper that can be set temporarily to erase the CMOS password. Some will turn off the password if the Insert button is held down while booting. With still others, you simply remove the CMOS battery (with the system powered down) for 30 seconds or so. Physical security is required to prevent these intrusions. Keep in mind that removing the battery will cause other important configuration settings to be lost too. (It is a really good idea to record the BIOS settings of each of your systems somewhere.)

3.3.4 Defending Against Single-User Mode

DANGER LEVEL

Linux normally boots up multiuser mode. This allows for a secure system because it skips single-user mode where a root shell would be offered without the bother of entering the root password.8 Sometimes a system will not complete the boot-up sequence to multiuser mode either due to an error in the configuration or due to corruption in the root partition. To allow one to "get control" of such a system, LILO9 allows one to request that Linux come up in single-user mode. Instead of lots of daemons coming up, in single-user mode /etc/init brings up only a few things. To boot into single-user mode, at the LILO prompt type linux single instead of linux.

Red Hat and most other distributions do invoke fsck and do more operations than they should. Most UNIX versions do an absolute minimum when starting single-user mode to minimize problems in the event of file system corruption or misconfiguration.

There are a few different ways to prevent this. All of them involve making changes to LILO's configuration file that typically is stored in /etc/lilo.conf and then issuing the command lilo to store these instructions in the Master Boot Record (MBR). Although a reboot is not strictly necessary, you certainly will want one to verify that the changes worked.

The most flexible method is to require that a password be entered if boot options are passed to the boot loader. This is particularly useful because it prevents unauthorized personnel from booting into single-user mode while allowing anyone to boot multiuser mode, say, after a crash. Add the following two lines. Either may be either global or per-image.

restricted      
password=secret

Be sure that the configuration file can be read only by root via

chmod 600 /etc/lilo.conf      
chown root /etc/lilo.conf

Another way to guard against single-user mode is to not allow anyone to issue any commands to LILO at the keyboard by setting a timeout of zero with the following option in global commands section at the top of /etc/lilo.conf. (This is a requirement for Orange Book C2 security.)

timeout=0

Finally, disallow automatic rebooting by adding the line

prompt

to /etc/lilo.conf, in the global commands section at the top (before the per-image sections). Thus, if a cracker somehow found a way to remotely alter the Master Boot Record, installed a new kernel, or otherwise arranged to create havoc, she cannot boot the new system configuration. Naturally, because Linux is so reliable you should investigate after any crash for the off chance that it was cracker-induced.

All of the entries in /etc/lilo.conf that someone could select, that is, bootable systems, need to be securely-configured kernels, such as Linux kernels or similar. In other words, none of them should offer single-user mode or file systems with lax file permissions. None should be insecure operating systems. For those on non-Intel hardware, there may be similar capabilities.

3.3.5 Defeating Theft by Floppy

DANGER LEVEL

Most people do not take floppies very seriously any more. After all, a 3-1/2-inch floppy holds only 1.44 MB; it would take 14,000 of them to store the data of a common 20 GB disk. Still, it would hold the name, home address, home phone number, and job title of about 10,000 employees, without even using compression, and could make a headhunter (recruiter) very happy. A floppy could hold a lot of source code, customer lists, or specifications. Plenty of company data has been stolen this way over the years.

Some other ways of stealing data include connecting a modem to a serial port and sending data that way or plugging a printer, parallel-port CD-ROM burner, or disk drive into the parallel port and printing or copying the data that way. Do consider the possibilities that USB offers, too. The solution to these problems is to enter the CMOS menu as discussed in the past few sections and disable the peripheral devices that are not needed.

3.3.6 Defeating Ctrl-Alt-Delete Attacks

DANGER LEVEL

The fixes discussed previously will prevent a physical intruder from being able to intrude after forcing a reboot but forcing the system to shut down certainly is a DoS attack. On unprotected systems, the standard Ctrl-Alt-Delete sequence will shut the system down in a few seconds.

This sequence can be disabled by commenting out the default entry in /etc/inittab (that has the ctrlaltdel tag) that allows it so that it looks like the following:

#no C-A-D: ca::ctrlaltdel:/sbin/shutdown -t5 -rfn now

After editing /etc/inittab you need to tell init to reread it with the command

telinit q

Alternatively, the shutdown command could be replaced with another one, perhaps a shell script generating e-mail, that will notify you either that a user new to Linux needs your help or someone evil is at the keyboard.

Although there is a /proc/sys/kernel/ctrl-alt-del file starting in the 2.2 kernel, toggling its value between 0 and 1 does not seem to inhibit the system from rebooting when it is given the three-finger salute.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020