Re: [Zope] Zope application offline - how to apply alicense ptotection?
Odesílatel: Dylan Reinhardt <zope@dylanreinhardt.com> On Thu, 2003-08-14 at 13:15, J Cameron Cooper wrote:
It is extremely difficult to protect against people with physical or root access to a machine. If I can sit down in front of it, I can get root
Indeed.
I am not as sure. If you have securitelly configured system and case with security lock, you could not get local access in any manner.
Hosting your system on the customer's LAN suggests that your best defense may be a legal agreement. Set up the server to resist most exploits but consider the legal system your primary protection.
True, good agreement is needed. JL.
From: "Jaroslav Lukesh" <lukesh@seznam.cz>
Odesílatel: Dylan Reinhardt <zope@dylanreinhardt.com> On Thu, 2003-08-14 at 13:15, J Cameron Cooper wrote:
It is extremely difficult to protect against people with physical or root access to a machine. If I can sit down in front of it, I can get root
Indeed.
I am not as sure. If you have securitelly configured system and case with security lock, you could not get local access in any manner.
uhm... it will get a bit *harder*, not impossible. Important to note that it will *never* be impossible. As long as there is a console available to the machine it will work. Now, locking things up might give you a *sufficient* enough protection... Your mileage might vary. /dario - -------------------------------------------------------------------- Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech.
On Fri, 2003-08-15 at 10:59, Dario Lopez-Kästen wrote:
From: "Jaroslav Lukesh" <lukesh@seznam.cz>
Odesílatel: Dylan Reinhardt <zope@dylanreinhardt.com> On Thu, 2003-08-14 at 13:15, J Cameron Cooper wrote:
It is extremely difficult to protect against people with physical or root access to a machine. If I can sit down in front of it, I can get root
Indeed.
I am not as sure. If you have securitelly configured system and case with security lock, you could not get local access in any manner.
uhm... it will get a bit *harder*, not impossible. Important to note that it will *never* be impossible. As long as there is a console available to the machine it will work.
+1 If you unplug your server and lock it in a bank vault, it might be impossible to hack. Any running, networked server should be regarded as being somewhat more vulnerable. Providing *any* level of physical access represents increased risk... even if the physical access only extends to the network equipment. You're not going to lock up the routers, are you? It's a rare server that can stand up to even a couple hours of probing by a knowledgeable and sufficiently determined attacker. If you want to know if your server can be rooted the answer is yes, it can. Ultimately, this is a question of mitigating and managing risk. That's why I'd approach it as a legal question. Make it hard enough that nobody is going to break in by accident and take legal measures to provide disincentives against determined attack. $.02 Dylan
participants (3)
-
Dario Lopez-Kästen -
Dylan Reinhardt -
Jaroslav Lukesh