Lesson 2 | Network security - console access |
Objective | Why is it important to protect your console. |
Network Security Console Access
Explain why it is important to protect your console.
Anyone who has access to the console can access the entire machine and the operating system.
This means that with a couple of keystrokes, the system can be seriously damaged.
There are several steps you can take to help make the system more secure; however, you must be careful not to make security on the machine so tight that you are unable to work with it effectively.
The following discussions on password protecting BIOS and LILO explain the possible security holes and suggest protective solutions.
BIOS password
On system boot, a user can simply hit a key, usually Delete, to enter the system setup. Here they can make major changes to your hardware configuration.
However, most hardware suppliers provide systems to password protect the BIOS.
These are only marginally effective, but can stop novices from snooping around where they do not belong.
Be sure to always change your setup password, since most of the manufacturers' default passwords are known.
LILO password
At the LILO prompt, a user can simply type linux single
to boot into the system with root privileges without typing a password. One solution to this security hole is to remove the LILO prompt entirely;
however, this is a rather drastic measure and can cause difficulties when you need to correct LILO problems. Another solution is to password protect the LILO prompt by inserting
password=somepassword
in the /etc/lilo.conf
file.
Remember that this is not an encrypted password, so make sure that /etc/lilo.conf
is owned by root and that its permissions are set to 600, to prevent other users from easily gaining access to your machine.
Whatever you do, do not use the same LILO password that is used for the root user.
The next lesson describes security concerns related to network access.