[Gllug] USB Securikey
Tethys
tet at accucard.com
Mon Jul 21 19:59:14 UTC 2003
Adrian McMenamin writes:
>> > We initially looked at SecureID, but in the end, the solution we
>> > went with was a 20 line shell script I wrote instead :-) Basically,
>> > your login shell is now a script that generated a random one time
>> > password. This is then sent to your mobile phone via SMS, and if
>> > you can't type in the second password, you don't get in.
>>
>> A really cool idea. Is it in releasable form? Can you put up a web
>> page about how you did it?
>>
>Can't this just be beaten by using a floppy boot disk or messing with GRUB
>(dunno about LILO)?
Yes, if you have physical access to the machine. In our case, you don't.
Firstly, it's in a secure hosting centre. Secondly, we try to give our
servers fixed boot orders and BIOS passwords to prevent that being changed.
Of course, if you have physical access to the machine, you can always take
the hard drive out and put it in a machine of your choice. At which point,
the idea of encrypting the filesystem is about the only way to prevent your
data being lost (even if people would probably start to notice the machine
being down pretty quickly :-)
Tet
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list