VERY interesting - but security implications to others?!?
Posted Feb 1, 2006 2:20 UTC (Wed) by elanthis
In reply to: VERY interesting - but security implications to others?!?
Parent article: Van Jacobson's network channels
That whole "only root can do stuff to the network" reasoning is complete bunk.
Absolutely nothing stops a user from booting their workstation with a LiveCD that they have root access to. Or plugging in a different machine to the network. Or rebooting into single-user mode.
You cannot rely on a per-machine control like root access to protect your network. If you want to do that, you have to have some sort of encryption/signing on every network packet sent and physically lock down the end-user workstations so that they can't reboot into single-user mode or pop in a LiveCD or modify/replace the hard disk.
to post comments)