You are not logged in.
Hello,
everybody
I`ve got some question regarding some kind of secure systems.
After a short period of time, i had the idea of a system with some
security constructions in regarding some special situations.
This is as most of the time not really importend for me, but sometimes
i like to think about some very paranoid situations just for fun.
so every critisim is enjoyed and nice to hear.
I know that everything is only as secure as the weakest link, this especially the
case with the higher applications which provide services, increased with a network
and based with the underlying system and the physical access to the hardware.
So it will for sure has flaws, but i try to concentrade myself at this time to
the basics and maybe someone has the knowledge what is possible with an increasing
effort known at this time and possibilities of technology today.
Let`s say i have a system providing some services. It is headless so no physical keylogger
could be implemented. It has a bios protection and can only boot from usb. I`ve got
2 usbsticks. One with an encrypted system which autologin as root and the other usbstick
provides the keyfiles needed that the system will boot at all. The system boots into tmpfs
and then use /dev/random to generate a new long passfrase which becomes the new root-password.
The new password will be written to the second usbstick with a date and maybe other unigue
indicators (seperated from the original keyfile). So the new password is different of the
original booting one. This password is only valid for let`s say 12 hours after that the system
has to be rebooted. Maybe at this point the tmpfs rest storage has to be overwritten with
/dev/zero to delete every entry of the old one. (does the system system crash here? i don`t
know). After that the usbsticks are ejected and keeped save by the maintainer. The system has
also be keeped physical safe -- like in a safe.
So what is the main point here. The system gets a new and automaticaly generated password
every working day. The maintainer has the possibility to access the running maching with the
saved new password. The enemy can`t really insert a permanent access to the system because
of the everday changing password. The maintainer can leave the system alone in the safe,
and is only one who has the the sticks. Two sticks a more secure than one unencrypted.
I think this can also be expanded with a diskless system for more network systems, waiting
with sshd for the passphrase procedure keep everything "live" and every service passphrased
of the user, like files access to another system.
I don`t think that not somebody had the same idea, so there has to be flaws.
Oh and by the way:
How can i forbid that the user can use strg+alt+del to reboot?
How can i see when network cable has been unplugged, maybe with an optical indicator
connected as a serial input to the lights of the switch ot maybe a more electrical way
examined with a serial input connected to the main system?
When i load the / system into a tmpfs i know exactly how big it is (there is no logging i don`t
know the size of a running /tmp ) and i will give it only the exactly size and mount the user tmpfs seperate.
So when the enemy gains user privileges he can only expand the user filesystem space for his
use, but he want to expand the root filesystem , the sytem will crash and maybe reboot, which
could maybe be recognized? Ok if he have root he could hardlink to the userspace. Hmmh i don`t know.
Maybe i should post this thread, but i want to know more.
There are many questions remained, but i am no coder and i will try not to go to far of my
knowledge. So ....
thanks for your answers
and
greetings
Offline