Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Happy with PFSense but Server console unsecured

    Scheduled Pinned Locked Moved Forum Feedback
    6 Posts 5 Posters 15.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gio125
      last edited by

      first off I want to say I like what PFSense offers as a complete firewall/perimeter.  But one thing I was surprised about is after installing pfsense to the hard drive the console remains at the menu, and can't be locked behind a username and password.  Isn't anyone concerned that someone can get access to the console and change the ip address or password?

      1 Reply Last reply Reply Quote 0
      • V
        vito
        last edited by

        System\advance\under miscellaneous

        ""Console menu    Password protect the console menu
        Changes to this option will take effect after a reboot.""

        Is that what you are looking for?

        1 Reply Last reply Reply Quote 0
        • G
          gio125
          last edited by

          thanks.

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            Anybody with physical access trumps just about every from of security, other an encrypted hard disk with a key/password to decrypt at boot (and even that can be worked around).  For anything else it's trivial to reboot the machine from removable media (you have secured the BIOS, and then realised that master password lists are available on the Internet?), reset the password/add a root equivalent account and reboot from the hard disk.

            1 Reply Last reply Reply Quote 0
            • D
              djamp42
              last edited by

              @Cry:

              Anybody with physical access trumps just about every from of security, other an encrypted hard disk with a key/password to decrypt at boot (and even that can be worked around).  For anything else it's trivial to reboot the machine from removable media (you have secured the BIOS, and then realised that master password lists are available on the Internet?), reset the password/add a root equivalent account and reboot from the hard disk.

              I agree, once physical access is gained to any equipment, no amount of security will help.

              1 Reply Last reply Reply Quote 0
              • K
                kapara
                last edited by

                Most security devices which allow console via serial can easily have their passwords changed and accessed.  Even Cisco.

                Here is an alternative.

                http://www.topmic.com/lock-c908.html

                Now your device is locked down from serial access.

                Now someone can still take the device and get the drive out but at that point you have much bigger security issues.

                ;D

                Skype ID:  Marinhd

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.