Security on Console Screen?

[Zaaphod]

Is there a way to turn on any kind of security on the console screen? I have been using FreeNAS a few years now, but I have a new customer I am setting up a new FreeNAS server on, and they are VERY concerned about security because they recently had a disgruntled employee erase critical data on a company computer and then changed the windows password and even changed the bios password. So now no one will have admin access, and the new system has very strong passwords on absolutely everything, but I noticed there seems to be a huge security loophole if you just plug a monitor and keyboard into the server, then just push 9 and poof! instant root access with no password.. shouldn't it ask for the password? and 7 reset root password.... doesn't ask for existing password first? I realise the intent with the Console Setup screen is to get you going before you have passwords set up, but is there a way to disable these security issues once you have it up and going and know all the passwords? Or even disable the console setup altogether? Any advice on how to secure the console setup screen? On most server motherboards, it's not needed on the VGA port anyway, because you can IPMI to get the output screen... which you can password protect. Perhaps there is a way to disable any physical keyboards and output to the physical screen but still have access with IPMI? (not sure that's even possible)

Any ideas (other than lock the server in a closet... which is probably happening at this point)

 

[m0nkey_]

You need to disable the console menu if you want a log-in prompt: http://doc.freenas.org/11/system.html#advanced

 

[Zaaphod]

m0nkey_ Thank You Very much for the solution and also being so fast! phew you saved me a LOT of agravation! Implementing this system tomorrow and still have a million things to get going on it.

Just set it and got the login: prompt. Excellent!

 

[wblock]

But keep in mind that if the hardware is not physically secure, console login is only one aspect of the problem. What's to stop someone from picking up the hardware and taking it? Or removing the drives?

 

[toadman]

But keep in mind that if the hardware is not physically secure, console login is only one aspect of the problem. What's to stop someone from picking up the hardware and taking it? Or removing the drives?

Or (if it's a disgruntled employee) taking a hammer to the system? Yea, I would lock it in a closet at a minimum, if destruction (of any kind) is the concern. :)

 

[garm]

Ya, physical security is all about restricting physical access.

 

[Chris Moore]

Looks like others have said it but the best way to secure the console is not disabling it, but locking the server in a secure room with all the other servers and networking gear.

Sent from my SAMSUNG-SGH-I537 using Tapatalk