Page 1 of 1

Behavior of RBAC offline

PostPosted: Tue Feb 10, 2009 5:15 am
by evilangel
Hey all,

If:
1/ I deploy RBAC on the filesystem of a server
2/take the harddrive hosting the OS with RBAC out
3/plug-it on another machine, as an extra storage (not as the OS of the machine)

I imagine RBAC is bypassed, right ?

Only ciphering harddrive would fit to avoid data leakage in such a case, no ?

Thanks

Re: Behavior of RBAC offline

PostPosted: Tue Feb 10, 2009 10:59 am
by cormander
Yes, but this requires physical access to the machine. Mounting up a drive like your saying will bypass any software security system, and even ciphering a harddrive offers little protection against an experienced hacker; google "cold boot attck" (http://en.wikipedia.org/wiki/Cold_boot_attack has some general info)

Re: Behavior of RBAC offline

PostPosted: Wed Feb 11, 2009 11:35 am
by evilangel
Thanks Cormander