Security on Console Screen?

Status
Not open for further replies.

Zaaphod

Contributor
Joined
Dec 15, 2015
Messages
109
Is there a way to turn on any kind of security on the console screen? I have been using FreeNAS a few years now, but I have a new customer I am setting up a new FreeNAS server on, and they are VERY concerned about security because they recently had a disgruntled employee erase critical data on a company computer and then changed the windows password and even changed the bios password. So now no one will have admin access, and the new system has very strong passwords on absolutely everything, but I noticed there seems to be a huge security loophole if you just plug a monitor and keyboard into the server, then just push 9 and poof! instant root access with no password.. shouldn't it ask for the password? and 7 reset root password.... doesn't ask for existing password first? I realise the intent with the Console Setup screen is to get you going before you have passwords set up, but is there a way to disable these security issues once you have it up and going and know all the passwords? Or even disable the console setup altogether? Any advice on how to secure the console setup screen? On most server motherboards, it's not needed on the VGA port anyway, because you can IPMI to get the output screen... which you can password protect. Perhaps there is a way to disable any physical keyboards and output to the physical screen but still have access with IPMI? (not sure that's even possible)

Any ideas (other than lock the server in a closet... which is probably happening at this point)
 
Last edited by a moderator:

Zaaphod

Contributor
Joined
Dec 15, 2015
Messages
109
m0nkey_ Thank You Very much for the solution and also being so fast! phew you saved me a LOT of agravation! Implementing this system tomorrow and still have a million things to get going on it.

Just set it and got the login: prompt. Excellent!
 

wblock

Documentation Engineer
Joined
Nov 14, 2014
Messages
1,506
But keep in mind that if the hardware is not physically secure, console login is only one aspect of the problem. What's to stop someone from picking up the hardware and taking it? Or removing the drives?
 

toadman

Guru
Joined
Jun 4, 2013
Messages
619
But keep in mind that if the hardware is not physically secure, console login is only one aspect of the problem. What's to stop someone from picking up the hardware and taking it? Or removing the drives?

Or (if it's a disgruntled employee) taking a hammer to the system? Yea, I would lock it in a closet at a minimum, if destruction (of any kind) is the concern. :)
 

garm

Wizard
Joined
Aug 19, 2017
Messages
1,556
Ya, physical security is all about restricting physical access.
 

Chris Moore

Hall of Famer
Joined
May 2, 2015
Messages
10,080
Looks like others have said it but the best way to secure the console is not disabling it, but locking the server in a secure room with all the other servers and networking gear.

Sent from my SAMSUNG-SGH-I537 using Tapatalk
 
Status
Not open for further replies.
Top