# hardening embedded device



## eyebone (Jun 27, 2010)

hi folks,

I am building a small device based onto x86 with nanobsd. the device itself shall be placed in hostile enviroments so hardening is a must. besides neat network configurations for freebsd to be even more robust i am looking for protecting the device from somebody attaching an usb keyboard and get a shell, or fiddle with the bootloader or something alike.

i was thinking about reinstalling the sys with boot0sio so nobody can see whats going on if a vga cable is connected. i didnt so far at my prototype, maybe there are some other nice ways to disable output from the OS. harden the bootmanager and the loader, so nobody can access the /boot fs and fiddle around.

cheers,


----------



## SirDice (Jun 28, 2010)

eyebone said:
			
		

> I am building a small device based onto x86 with nanobsd. the device itself shall be placed in hostile enviroments so hardening is a must. besides neat network configurations for freebsd to be even more robust i am looking for protecting the device from somebody attaching an usb keyboard and get a shell, or fiddle with the bootloader or something alike.


Encrypt the disk.



> i was thinking about reinstalling the sys with boot0sio so nobody can see whats going on if a vga cable is connected.


Until someone attaches a serial connection.




> harden the bootmanager and the loader, so nobody can access the /boot fs and fiddle around.


Encryption, there's no other way.


----------

