[ previous ] [ next ] [ threads ]
 
 From:  Hilton Travis <Hilton at QuarkAV dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] console access (was "m0n0wall feature request"
 Date:  Sat, 24 Jan 2004 17:09:49 +1000
Hi Dick,

On Sat, 2004-01-24 at 16:49, Richard Morrell wrote:
> Melvin Backus wrote:
> 
> > At 08:36 PM 1/23/2004, Michael A. Alderete wrote:
> >
> >> The way I see it, you could both lock and unlock from the webGUI, but 
> >> only
> >> lock it from the console. When locked, the console could say "Console is
> >> LOCKED. Unlock via webGUI."
> >
> To not lock the webgui is insane.
> 
> It's a simple issue and if it isn't sorted this project will fail

Actually, Melvin's suggestion was regarding locking the console, not the
webGUI.  (I think this is what you meant.)  Locking the console is
really something that nededs to be done, for both security and
"appearance" of security reasons.

Of course, this is more applicable to "real" PCs running m0n0wall than
to Soekris boxen as they have no local console, only serial port access.

Either approach - Soekris/PC needs to have a lockable/logged out console
- having a permanently logged in console is a security risk, however
small (yes, physical access to your server room by a malicious user
means you have failed dismally in your mission to protect your network
adequately), but it is another layer of security that needs to be added.

-- 

Regards,

Hilton Travis                   Email: Hilton at QuarkAV dot com
Manager, Quark AudioVisual      Phone: +61-(0)7-3343-3889
         Quark Computers        Phone: +61-(0)419-792-394
(Brisbane, Australia)            http://www.QuarkAV.com/

Open Source Projects:		http://www.ares-desktop.org/
				http://www.mamboband.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.