Hello,

I am not sure if this is the correct forum to post this in to, but I couldn't see one that it definetly fits in to...so I apologise if it is wrong!

I am doing a project on ways in which the usefullness of log files can be circumvented and ways to protect against these.

Obviously knoppix is a great tool that is able to circumvent the current OS.
I read an article online:
http://cyberdefensemag.com/march2004/citech.php
Which was very useful and helpful.

However, I understand that using Knoppix it is possible to bypass security constraints as it doesn't even deal with the hard drive, but I was wondering whether you could explain how in fact it would be possible to put in security constraints to prevent people from attacking a computer using Knoppix.

If anyone could suggest methods in which it would be possible to prevent against attacks on systems using knoppix, that would be really helpful.

If anyone has any hints and tips in general or useful articles concerning my project I would really appreciate it.

Thanks

Fennis

Prevent physical access to your system.

hmmm, is that the only way?? there must be others?!

What about if you don't want to stop people using knoppix (or you do WANT to, but are unable to), but is it possible to detect them having used knoppix? like if osmeone wanted to use knoppix to do something on a system without getting logged etc, will knoppix hide that fact and if so, is there a way to find this out?

thanks

Set a password in the BIOS and disable boot from floppy & cdrom.

I have no idea about win but presumably files on the hdd would be timestamped.

hi,

thansk for ur replies.

yeah i suppose physical access is the best form of protection.

in terms of bios password and setting not to boot from cd etc, is it not possible to - if you have access to the motherboard - flip one of those jumpers on the motherboard to reset the bios? somebody told me that ....i think.

On another note, if someone has used knoppix to access the computer, i presume the only thing that would be able to detect it would be the RAM? is this right? how would it be possible to flush what is in RAMN out to see if knoppix was run. any ideas?

any help much appreciated.

fennis

If there's physical access the data can always be accessed. Even encrypted data although it takes a bit more effort.
Yes, the bios can be resetted but that will also reset the password in it so you would know if you check it later.
Some stores sell clamps you can put around the box so it can't be opened without a grinder or some such, again quite easy to tell :wink:
The only way to keep your data 99% safe is to have it on a removable media, put it in a safe and sink it in the deepest part of an ocean, although I've seen stuff on x-files that would be able to fetch it.

On another note, if someone has used knoppix to access the computer, i presume the only thing that would be able to detect it would be the RAM? is this right? how would it be possible to flush what is in RAMN out to see if knoppix was run. any ideas?

any help much appreciated.

fennis

When your system is rebooted the RAM is completely emptied. There would be no way to tell if someone booted Knoppix or not. That is actually one of the strong points of RAM based OS's. In the event that someone was able to hack your system all it would take is a reboot and whatever they've done is gone.

awesomefennis, I'm not sure if you're talking about having a "secure" os. If you are, then there is a version of linux that has been modified by the nsa that has been deemed secure according to their criteria. I ran across it a while back but have since then lost the link. A google search should help you to recover same.