Happy with PFSense but Server console unsecured



  • first off I want to say I like what PFSense offers as a complete firewall/perimeter.  But one thing I was surprised about is after installing pfsense to the hard drive the console remains at the menu, and can't be locked behind a username and password.  Isn't anyone concerned that someone can get access to the console and change the ip address or password?



  • System\advance\under miscellaneous

    ""Console menu    Password protect the console menu
    Changes to this option will take effect after a reboot.""

    Is that what you are looking for?



  • thanks.



  • Anybody with physical access trumps just about every from of security, other an encrypted hard disk with a key/password to decrypt at boot (and even that can be worked around).  For anything else it's trivial to reboot the machine from removable media (you have secured the BIOS, and then realised that master password lists are available on the Internet?), reset the password/add a root equivalent account and reboot from the hard disk.



  • @Cry:

    Anybody with physical access trumps just about every from of security, other an encrypted hard disk with a key/password to decrypt at boot (and even that can be worked around).  For anything else it's trivial to reboot the machine from removable media (you have secured the BIOS, and then realised that master password lists are available on the Internet?), reset the password/add a root equivalent account and reboot from the hard disk.

    I agree, once physical access is gained to any equipment, no amount of security will help.



  • Most security devices which allow console via serial can easily have their passwords changed and accessed.  Even Cisco.

    Here is an alternative.

    http://www.topmic.com/lock-c908.html

    Now your device is locked down from serial access.

    Now someone can still take the device and get the drive out but at that point you have much bigger security issues.

    ;D


Locked