From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: <7d3530220908061701t314fdc42i7bce59ad9ba7df9e@mail.gmail.com> References: <200908051920.10243.corey@bitworthy.net> <200908060052.55018.corey@bitworthy.net> <6a3ae47e0908060119s431551e1ge53d11bf0b2e477a@mail.gmail.com> <200908061628.14132.corey@bitworthy.net> <7d3530220908061701t314fdc42i7bce59ad9ba7df9e@mail.gmail.com> Date: Thu, 6 Aug 2009 17:17:19 -0700 Message-ID: <7d3530220908061717j383ca700qd647622392b8aa09@mail.gmail.com> From: John Floren To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [9fans] a few Q's regarding cpu/auth server Topicbox-Message-UUID: 3b077eac-ead5-11e9-9d60-3106f5b1d025 On Thu, Aug 6, 2009 at 5:01 PM, John Floren wrote: > > Oh, if we're just protecting against people wandering by who are > obviously there by mistake--since we're discounting anyone coming > prepared for serious maliciousness--how about just not having a > terminal connected to your file server? My cpu/auth/file servers don't > have anything connected except an ethernet cable and a remote serial > console. Oh, sure, there's a crash cart over in the corner that you > could drag over and plug in, but you've decided that we're only > talking about opportunists who see a prompt and decide to type some > stuff, so it's not a problem. > > The whole friggin' point of a colo is that you trust the people > running it--also, that they don't leave terminals connected to every > single one of their hundreds of customer machines. It's a locked room > in a corporate building... this ain't your little brother banging on > keys (a far more realistic reason for password-protecting a cpu > server, if you're going to be dumb enough to leave the head attached). > > I have a Plan 9 server sitting in a lab at my university. Over the > last 2+ years, it has been in the same place, powered on, connected to > a keyboard, mouse, and monitor. The only deterrent to unauthorized > users has been that I keep the monitor off, and in those 2 years I > have not found a single sign that anyone has so much as touched the > keyboard, much less done "rm -r /" or whatever it is you're afraid of. > I'm afraid you'll have to forgive me if I find the probability of > someone improperly accessing your headless colo'd box rather low. > > I invite you, though, to create some form of logging protection system > for the box. Put the box in a colo, and then in 3 years send us your > logs. I guess we'll see how many people tried to get into your cpu > server. > > > John A note, please don't take this as a flame. I asked exactly the same sort of thing in 2005/2006, and what I wrote here is the synthesis of my experiences and changing viewpoints since then, shaped to apply to the specific situations posed. Basically, even in the environment of a university lab, considerably more hostile than a trusted colo, your house, or your corporate machine rooms, I haven't had a problem, which I attribute partially to the monitor/keyboard/mouse all being old scruffy refugees, and partially to the fact that I keep the monitor off. Realistically, I should have the peripherals unplugged and moved away from the server, because it's *not* a particularly safe place--it should either be headless, or indeed use some form of locker. Everybody asks these questions, I think, if only to themselves. The answers usually become evident, though--in my case, I had to get grouched at by the curmudgeonly 9fans before I "got" it. hasta~ John -- "Object-oriented design is the roman numerals of computing" -- Rob Pike