Hmm... I like this discussion!

Originally posted here by problemchild


Just because someone can get to the console it's normal for them to be able to gain Administrator access? I beg to differ. What's the point of having different users and ACLs at the console if that's true?
That's a good point, problemchild, but if I can reboot the machine, what's to stop me from modifying the password files for the Administrator account using an NTAdmin recovery disk? Those controls are helpful, but they're hardly foolproof. I've always thought that one of Windows' biggest flaws was that they tried to take an environment that was built to be an individual desktop environment and make it a multi-user environment. If you think about it, the Windows "single user mode" would probably be most closely related the 'Recovery Disk' that you're supposed to create on installation.

Originally posted here by problemchild

As for Linux, I disagree. You set your BIOS boot sequence to exclude floppy and CD-ROM so that it only boots from the hard drive and put a setup password on the BIOS so nobody can change it. Then you set your lilo delay to zero and password protect single-user mode. Thay way, nobody can boot some other meduim or OS and reset your passwords. The only way around it would be to take the cover off and reset the CMOS jumper, which if you have even a modicum of physical security should be pretty consipcuous.
Just as I mentioned above, if you have physical access to the machine, you can reboot it and compromise any console security for just about every OS. You mentioned that hopefully everyone would have a modicum of physical security to prevent tampering to the CMOS jumpers. I agree wholeheartedly, and that's exactly my point. You need to have a great deal of physical security to protect the console. It is one of the greatest vulnerabilities in your system. It's sort of like lockpicking. All pin-tumbler locks are made to have just a little bit of play in them so that a professional locksmith will have the ability to open the lock without a key. If you don't have some way of bypassing system security, you could potentially lose a great deal of data should you ever forget or lose the password. Especially for those systems that encrypt stored data. Without some kind of physical security (proportional to the value of the system and the potential threats) surrounding the console, you might as well be giving out guest accounts!