Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!fernwood!intuit!ddg From: ddg@intuit.intuit.COM (David DelGreco) Newsgroups: comp.sys.novell Subject: Re: Auto backups to tape Message-ID: <372@intuit.intuit.COM> Date: 8 Dec 90 21:22:11 GMT References: <826@macuni.mqcc.mq.oz> <368@intuit.intuit.COM> <7029@plains.NoDak.edu> Organization: Intuit Int., Menlo Park, CA Lines: 46 >>>Now, I have this problem, where, whilst it is waiting for a backup, someone >>>can come along and CTRL-C and break into an account with full supervisor >>>priveleges. Now I need a way to disable CTRL-C and CTRL_BREAK in order to >>>stop anyone from doing this. >>Why not just disconnect the keyboard? If it's sole purpose is to wait >>for a certain time at which point to backup, then no one should be using >>it anyway, should they? >If you just unplug the keyboard, someone could plug in a keyboard from >another machine, and use the account with supervisor privilages. If you >have a computer with a keyboard lock, you can lock the keyboard, but that >is not very secure, since the key locks are not very strong, and could be >turned with almost anything like a screwdriver, etc. Also, there aren't >very many different kinds of keys used for keyboard locks, so it's very >likely that someone else has an identical key. >The only sufficient solution that I can think of is to lock the computer in a >room that only supervisors have keys to. You are absolutely right. I was not clear. I should have said "take the keyboard with you", but someone could still plug a keyboard in. Putting the machine in a locked room, like a phone room that people normally stay out of, is the best solution. And if people are determined to get into your system via the backup machine, then it is your ONLY solution. If you use a TSR that locks the keyboard until a certain time, the "burglar" only has to reboot the machine, break out of the autoexec, rewrite the autoexec to disable the TSR, and he's in. If you have the machine boot in without having the password in a file, then at least he's stuck for finding out the password, but he could write a routine to mimic the TSR. Locking the keyboard, as stated, is not all that effective. In short, if someone is skulking about your place of business trying to break into the supervisor account, there is NO way to stop him unless you put the machine in a secure place. Consider a house or a car. You can't keep someone out, can you? You make it hard to get in, you can force them to break the glass, thus alerting anyone nearby, but you can't actually keep them out. Same with a computer, unless you remove all the "doors" and "windows". David DelGreco ddg@intuit.com