How to protect system from cloning? Post: 302916129

Sponsored Content

Special Forums Cybersecurity How to protect system from cloning? Post 302916129 by Installimat on Sunday 7th of September 2014 10:39:50 AM

09-07-2014

Registered User

Many thanks for your answer, unSpawn, I really appreciate your time and interest.

TPM could be a great solution, but it means adding more hardware since it's not included on motherboard, so it's discard (I need a method that doesn't require special hardware)

The user must be able to use the computer, add new drives or even format hard drive using a tool in a usb drive if he needs. It's even desirable (althought not 100% needed) that user can make a backup of the system disk via cloning, and restoring it when needed. BUT I don't want the user to clone disk and use the operative system and all configurations and programs in a different machine, since it's intended to be used only on this computer (I hope that my explanation is ok, hehe)

I know that there is no infallible method for this, but I'm also sure there is some way. It's better having a security method that can be skipped to have no security method at all. If I add some kind of protection, at least the user will have to make some research.

I've been reading something about hostid, and if I can tie the operative system to something depending on hardware, it is an important "first step" (but you say it's easy to break)

Full disk encryption seems the best way, but, how can I do it?

Must be kept in mind that I can't make a complete reinstall of the system to do it. I mean... I have now my "master" cloning image that y deploy on all the machines, so I need someway to prevent to clone again the install once deployed on every target machine. It's no problem if I have to use some time on everyone of those target machines, but installing operative system and configuring and installing everything in everyone of them is not an option.

Many thanks again, I hope someone can lend me a hand.

Regards

Installimat

View Public Profile for Installimat

Find all posts by Installimat

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

protect dtterm

we have an hp-ux and a user requested me if i can password protect the dtterm. i know that this is possible but can you give me some hints in making this happen? thanks :cool:

2. UNIX for Dummies Questions & Answers

Password protect a file

I have created a PHP page that I use to clean files on my machine. I would like to leave the file there but I want to password protect it so that I am the only one that can run it from the shell. Does anyone know how to do this? Thanks. -Cam

3. UNIX for Advanced & Expert Users

Protect from rm /

We recently had an accidental delete from /. I hold the root password but others are allowed to sudo over to root to perform admin tasks. The only way I want to permit deletion from / is by physically being root (su -). I'd like to add a line to the sudoers file which would permit all commands...

4. AIX

Problem cloning system

Hi everyone, I want to clone a AIX 5.2 system from a machine to another one. So i modified bosinst.data and image.data files (according to future platform) before making mksysb on old platform. After booting on CD and restoring system using mksysb tape, the installation is launched but ever...

5. UNIX for Dummies Questions & Answers

Full System Backup / Cloning HPUX

I am new to UNIX and need help in cloning a HPUX 10.2 Ace 5, can anybody please guide me in making a full system backup. Real Chess

6. UNIX for Advanced & Expert Users

Cloning a solaris system

I have several Solaris 8,9 and 10 servers. I need to refresh them and avoid doing any OS upgrades. I may have to apply patches when I am done due to the new hardware. My current servers have internal disk and my new target servers (same processor types) will have only SAN storage. Once the...

7. UNIX for Advanced & Expert Users

protect process

how to protect my process from others to kill?? Double post, continued here, thread closed

8. AIX

Cloning a system via mksysb backup from one system and restore to new system

Hello All, I am trying to clone an entire AIX virtual machine to a new virtual machine including all partitions and OS.Can anyone help me on the procedure to follow? I am not really sure on how it can be done.Thanks in advance. Please use CODE tags for sample input, sample output, and for code...

9. Solaris

Archiveadm system cloning - Solaris 11.4

Hi all, I am trying to use archiveadm to backup/clone an existing Solaris11.4 system. However, i failed at media creation with the error -> "Media can only be created from archives containing root-only data" root@xxx:/mnt/opt/software# zpool list NAME SIZE ALLOC FREE CAP DEDUP ...

LEARN ABOUT OPENSOLARIS

addbadsec

addbadsec(1M)						  System Administration Commands					     addbadsec(1M)

NAME

       addbadsec - map out defective disk blocks

SYNOPSIS

       addbadsec [-p] [-a blkno [blkno]...] [-f filename] raw_device

DESCRIPTION

       addbadsec  is  used  by the system administrator to map out bad disk blocks. Normally, these blocks are identified during surface analysis,
       but occasionally the disk subsystem reports unrecoverable data errors indicating a bad block. A block number reported in this  way  can	be
       fed  directly  into  addbadsec,	and the block will be remapped. addbadsec will first attempt hardware remapping. This is supported on SCSI
       drives and takes place at the disk hardware level. If the target is an IDE drive, then software remapping is used. In  order  for  software
       remapping to succeed, the partition must contain an alternate slice and there must be room in this slice to perform the mapping.

       It  should  be  understood  that  bad  blocks lead to data loss. Remapping a defective block does not repair a damaged file. If a bad block
       occurs to a disk-resident file system structure such as a superblock, the entire slice might have to be recovered from a backup.

OPTIONS

       The following options are supported:

       -a    Adds the specified blocks to the hardware or software map. If more than one block number is specified,  the  entire  list	should	be
	     quoted and block numbers should be separated by white space.

       -f    Adds the specified blocks to the hardware or software map. The bad blocks are listed, one per line, in the specified file.

       -p    Causes addbadsec to print the current software map. The output shows the defective block and the assigned alternate. This option can-
	     not be used to print the hardware map.

OPERANDS

       The following operand is supported:

       raw_device    The address of the disk drive (see FILES).

FILES

       The raw device should be /dev/rdsk/c?[t?]d?p0. See disks(1M) for an explanation of SCSI and IDE device naming conventions.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Architecture		     |x86			   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       disks(1M), diskscan(1M), fdisk(1M), fmthard(1M), format(1M), attributes(5)

NOTES

       The format(1M) utility is available to format, label, analyze, and repair  SCSI	disks.	This  utility  is  included  with  the	addbadsec,
       diskscan(1M),  fdisk(1M),  and  fmthard(1M)  commands  available for x86. To format an IDE disk, use the  DOS "format" utility; however, to
       label, analyze, or repair IDE disks on x86 systems, use the Solaris format(1M) utility.

SunOS 5.11							    24 Feb 1998 						     addbadsec(1M)