System with 12 CPUs will not boot
in [General Linux]
|
From: The Natural Philosopher on 13 Jul 2010 10:39 Hadron wrote: > John Hasler <jhasler(a)newsguy.com> writes: > >> Hadron writes: >>> It has a LOCAL monitor (frequently via a monitor/knd switch) in a >>> secure room and NO ssh or vnc access quite frequently. I find it >>> amazing so many idiots in this group dont seem to understand REAL >>> security. >> Who the hell said anything about "security"? I just asked why the > > I did. All this bullshit about servers not having monitors is total > bollox in small businesses in many cases. Some people do not like > opening their servers to ssh access. See if you can guess why? > >> server had a monitor. In most cases a monitor on a server is a waste of >> money, space, and electricity, but there are valid reasons for one. In >> the "locked server room with armed guard" scenario (not the one that >> was under discussion AFAIK), however, the monitor and keyboard probably >> should be locked in a closet in the server room when not in use. The > > Bullshit. That is almost NEVER the case. In a secure room the monitor > (if they have one) remains connected and invariably displays diagnostics > and/or security logs. They really do NOT lock the monitor in a closed > cupboard in a locked secure room. Are you for real? More likely is all > servers share a monitor and keyboard and are switched via a kvm > solution. > >> monitor should certainly not be left hooked to one of the servers >> running a screensaver. > > re:screensaver - Probably not. But if you think for one minute a small screen saver > adversely affects a real server that is properly configured than you're > nuts. More likely is it will be conmfigured by dpms or something to > power off the monitor when not in use. > >>> Its the old case of a little knowledge being a dangerous thing once >>> more. >> As you regularly demonstrate. > > Not at all. But nice try. > > Hear hear. If someone has physical access to a machine its insecure whether or not it has a monitor, logged in as root, or not.
From: John Hasler on 13 Jul 2010 11:09 The Natural Philosopher writes: > If someone has physical access to a machine its insecure whether or > not it has a monitor, logged in as root, or not. All machines are insecure: it's a matter of degree and a question of defense in depth. If a machine has a monitor and keyboard hooked up all the time someone who briefly has unobserved access (no one should be in a secured room alone but people get careless) may be able to do damage that he would not have time to do without it. Is this worth worrying about? Depends on your risk model and the value of the data. In any case asserting that it's all over the instant anyone has physical access is silly. It takes time and tools to open a case, mess around, and cover one's tracks. Attackers don't always have the time or tools. A monitor and keyboard may be just the tool the attacker needs. Why give it to him? (Of course, sometimes the answer is that the convenience is worth the small risk, but the question should be asked.) -- John Hasler jhasler(a)newsguy.com Dancing Horse Hill Elmwood, WI USA
From: Chris Ahlstrom on 13 Jul 2010 12:29 Hadron posted this message in ROT13 encoding: > John Hasler <jhasler(a)newsguy.com> writes: > >> Hadron writes: >>> It has a LOCAL monitor (frequently via a monitor/knd switch) in a >>> secure room and NO ssh or vnc access quite frequently. I find it >>> amazing so many idiots in this group dont seem to understand REAL >>> security. >> >> Who the hell said anything about "security"? I just asked why the > > I did. All this bullshit about servers not having monitors is total > bollox in small businesses in many cases. Some people do not like > opening their servers to ssh access. See if you can guess why? They've been bred by Windows to expect a GUI? >> server had a monitor. In most cases a monitor on a server is a waste of >> money, space, and electricity, but there are valid reasons for one. In >> the "locked server room with armed guard" scenario (not the one that >> was under discussion AFAIK), however, the monitor and keyboard probably >> should be locked in a closet in the server room when not in use. The > > Bullshit. That is almost NEVER the case. In a secure room the monitor > (if they have one) remains connected and invariably displays diagnostics > and/or security logs. They really do NOT lock the monitor in a closed > cupboard in a locked secure room. Are you for real? More likely is all > servers share a monitor and keyboard and are switched via a kvm > solution. Personally, I prefer the command line and secure shell. Makes it much easier to do things when I'm out of town. And it is more secure, too, as I don't have to open up any port other than 22 (and I could obfuscate that onto another port, except one place I work filters non-standard ports). Plus I can restrict access to certain machines, or use a public-key login. As I am doing right now. -- Ah, the Tsar's bazaar's bizarre beaux-arts!
From: The Natural Philosopher on 13 Jul 2010 12:44 John Hasler wrote: > The Natural Philosopher writes: >> If someone has physical access to a machine its insecure whether or >> not it has a monitor, logged in as root, or not. > > All machines are insecure: it's a matter of degree and a question of > defense in depth. If a machine has a monitor and keyboard hooked up all > the time someone who briefly has unobserved access (no one should be in > a secured room alone but people get careless) may be able to do damage > that he would not have time to do without it. Is this worth worrying > about? Depends on your risk model and the value of the data. > If someone wants to do damage, he shouldn't be allowed in a machine room at all. By definition, its a secure erea. > In any case asserting that it's all over the instant anyone has physical > access is silly. It takes time and tools to open a case, mess around, > and cover one's tracks. don't need to open the case. Merely boot with a live CD..and an installable patch. Attackers don't always have the time or tools. > A monitor and keyboard may be just the tool the attacker needs. Why > give it to him? (Of course, sometimes the answer is that the > convenience is worth the small risk, but the question should be asked.)
From: Harold Stevens on 13 Jul 2010 13:27
In <i1hths$pf8$11(a)news.eternal-september.org> J G Miller: [Snip...] > There should be a direct interface to the developer's cortex. M$ tried; called it "Bob" Development, and the rest is history. -- Regards, Weird (Harold Stevens) * IMPORTANT EMAIL INFO FOLLOWS * Pardon any bogus email addresses (wookie) in place for spambots. Really, it's (wyrd) at airmail, dotted with net. DO NOT SPAM IT. I toss GoogleGroup (http://twovoyagers.com/improve-usenet.org/). |