Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Happy with PFSense but Server console unsecured

    Forum Feedback
    5
    6
    14095
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gio125 last edited by

      first off I want to say I like what PFSense offers as a complete firewall/perimeter.  But one thing I was surprised about is after installing pfsense to the hard drive the console remains at the menu, and can't be locked behind a username and password.  Isn't anyone concerned that someone can get access to the console and change the ip address or password?

      1 Reply Last reply Reply Quote 0
      • V
        vito last edited by

        System\advance\under miscellaneous

        ""Console menu    Password protect the console menu
        Changes to this option will take effect after a reboot.""

        Is that what you are looking for?

        1 Reply Last reply Reply Quote 0
        • G
          gio125 last edited by

          thanks.

          1 Reply Last reply Reply Quote 0
          • Cry Havok
            Cry Havok last edited by

            Anybody with physical access trumps just about every from of security, other an encrypted hard disk with a key/password to decrypt at boot (and even that can be worked around).  For anything else it's trivial to reboot the machine from removable media (you have secured the BIOS, and then realised that master password lists are available on the Internet?), reset the password/add a root equivalent account and reboot from the hard disk.

            1 Reply Last reply Reply Quote 0
            • D
              djamp42 last edited by

              @Cry:

              Anybody with physical access trumps just about every from of security, other an encrypted hard disk with a key/password to decrypt at boot (and even that can be worked around).  For anything else it's trivial to reboot the machine from removable media (you have secured the BIOS, and then realised that master password lists are available on the Internet?), reset the password/add a root equivalent account and reboot from the hard disk.

              I agree, once physical access is gained to any equipment, no amount of security will help.

              1 Reply Last reply Reply Quote 0
              • K
                kapara last edited by

                Most security devices which allow console via serial can easily have their passwords changed and accessed.  Even Cisco.

                Here is an alternative.

                http://www.topmic.com/lock-c908.html

                Now your device is locked down from serial access.

                Now someone can still take the device and get the drive out but at that point you have much bigger security issues.

                ;D

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy