Back to article
ActivCard Gets Physical (Security) with Linux
If This Had Been an Actual Emergency
June 26, 2003
There is a tale that gets told around the offices of LinuxPlanet that never fails to bring a chuckle when it's shared. I will share it, but names have been hidden to protect the innocent and the pompous.
A couple of years back, at a technical trade show, there was a Linux PC sitting at a booth that was inaccessible to the booth's tenants. Somehow or other, no one could get into it because no one knew any of the passwords, including root.
A well-known industry pundit happened along and was asked to assist. Whereupon, the industry pundit proclaimed to all within earshot that without the root password, there was simply no way to get into this machine to start using it.
Said he. While the pundit was loudly complaining about the plight of the PC's users, a certain editor of another industry Web site calmly walked up, typed a few commands, and gained console access to the machine, enough to reset the root password.
The pundit, atypically, was speechless. He then proceeded to inform the editor and all who would listen that there was no way that machine could get back on the network of the trade show floor.
Be--(sound of typing: netcfg)
Five minutes later, the editor--and the pundit--were... done.
This is an amusing anecdote about the occasional puffery of egos that IT pundits tend to get, but it actually serves a point: given a little knowledge and a lot of physical access, any machine can be cracked. Physical access is one of those security rules that always gets mentioned during Security 101, but seems to get paid little attention. After all, we think, we would know if someone were trying to get onto our machines.
Perhaps, and perhaps not. Even if we are savvy enough to detect an intrusion after the fact, the simple truth is at that point, the damage may have already been done. Your data has been seen and therefore you have been compromised.
There are, of course, a myriad of solutions to physical security. Locked server rooms, keycard access to offices with workers handling sensitive data, that sort of thing. But what about the lone computer, sitting out there in the office cubicle, accessible by anyone while you're out to lunch?
In situations such as this, a not-so-new technology known as the smart card can come into play. Earlier this week, an old hand at smart card technology, ActivCard, inntoduced the first-ever commercial product for a smart card on the Linux desktop: ActiveCard Gold for Linux.