Protection from console password reset for people with physical access

[AlexSelect]

Hi, was not successful with searching info on this issue.
I have my FreeNAS servers running in spaces with unrestricted access.
I found no easy way to prohibit anyone with physical access to the server to connect monitor and keyboard and reset the root password, that will give this person full control and access to all my encrypted files.
It seems that I am missing something super obvious.... but I did not find any reasonable solution for this. Can you kindly help?

Also this issue is applicable if my servers will be physically stolen.

 

[sretalla]

You can elect to turn off the unlocked physical console (although that puts you at risk of lockout from your server in some scenarios which would require it)

Under System | Advanced, untick the first option: Show text console without password prompt.

As a general note, physical access is probably the most important part of server security, so if you don't want to do that, you can't expect to keep your files safe.

Locking your encrypted pools with a passphrase and not unlocking/re-locking them when not needed is the only real protection against physical theft.

Application-layer file encryption is another thing you can do in addition if you're going to have files effectively in the open...

 

[AlexSelect]

Thank you so much! It was exactly what I was searching for