|
||||||||
Hi Dick, On Sat, 2004-01-24 at 16:49, Richard Morrell wrote: > Melvin Backus wrote: > > > At 08:36 PM 1/23/2004, Michael A. Alderete wrote: > > > >> The way I see it, you could both lock and unlock from the webGUI, but > >> only > >> lock it from the console. When locked, the console could say "Console is > >> LOCKED. Unlock via webGUI." > > > To not lock the webgui is insane. > > It's a simple issue and if it isn't sorted this project will fail Actually, Melvin's suggestion was regarding locking the console, not the webGUI. (I think this is what you meant.) Locking the console is really something that nededs to be done, for both security and "appearance" of security reasons. Of course, this is more applicable to "real" PCs running m0n0wall than to Soekris boxen as they have no local console, only serial port access. Either approach - Soekris/PC needs to have a lockable/logged out console - having a permanently logged in console is a security risk, however small (yes, physical access to your server room by a malicious user means you have failed dismally in your mission to protect your network adequately), but it is another layer of security that needs to be added. -- Regards, Hilton Travis Email: Hilton at QuarkAV dot com Manager, Quark AudioVisual Phone: +61-(0)7-3343-3889 Quark Computers Phone: +61-(0)419-792-394 (Brisbane, Australia) http://www.QuarkAV.com/ Open Source Projects: http://www.ares-desktop.org/ http://www.mamboband.org/ Non Linear Video Editing Solutions & Digital Audio Workstations Network Administration, SmoothWall Firewalls, NOD32 AntiVirus Conference and Seminar AudioVisual Production and Recording War doesn't determine who is right. War determines who is left. |