Physical Security


Physical security means you are the security of your actual computer. For some time now, Macintosh desktop computers have been designed to be easy to open, and the internal parts are readily accessible. This ease of use is great for when we need to go into the machine and swap parts, add components, and so on. It also makes it extremely easy for anyone to walk up to your machine and take parts out. Although a user may not know the name and password information required to login to your computer, if they can simply open the machine and walk away with your hard disk, the information contained on your computer is as good as theirs. Most desktop Macintosh computers now come with slots for locks. Adding a lock to your computer, if it’s in a public place is a very good idea. Laptop computers of course are easy targets for theft. It’s critical to ensure that your machine stays where you expect it to be and

isn’t simply walked away with. The other major issue with regard to physical security is that the computer stays turned on. If you are providing any services to other users on your computer, and it is inadvertently turned off, those services will be unavailable. For these reasons, server computers are traditionally kept in a locked room. By locking the room, only those who are authorized to access the computer are granted physical access to the power button, keyboard and mouse. Clearly you wouldn’t want to keep your personal computer under lock and key, but it is helpful to be aware of the potential issues.

Setting an Open Firmware password

Open Firmware is the processor and system-independent boot firmware used in Apple Macintosh products. More information on Open Firmware and Apple’s implementation of the technology is available at http://bananajr6000.apple.com/.

Apple provides a utility to set password security in Open Firmware. This utility will disable any key presses at start up that modify how the computer boots. With security set, the computer for example will not boot from a CD when the C key is pressed. In order to use special key sequences at boot, the application must be run again to disable security. To boot off a disk that is not selected in the Startup Disk preferences pane you can hold the option key on start up to access the Startup Manager. From the Startup Manager, you may select an alternate disk or CD, but you will be prompted for the Open Firmware password that you have established.

Follow the steps below to establish an Open Firmware password.

  1. Download the utility from: www.apple.com/downloads/macosx/apple/openfirmwarepassword.html

  2. Mount the resulting .dmg image.

  3. Launch the Open Firmware Password Application. Figure 26-1 shows the program window.

    click to expand
    Figure 26-1: Setting an Open Firmware password.

  4. Click the Change button and enter your administrator password when prompted.

  5. Select the require password to change Open Firmware settings checkbox.

  6. Enter and verify your password.

Security preferences pane

The Security preferences pane has several options that can be selected to increase the security of your computer.

The first option you can select is to require a password to resume use of the computer from either the screen saver or sleep. Check this option to enable this feature, as shown in Figure 26-2.

click to expand
Figure 26-2: Check require password and log out time.

There is another option labeled Log Out based on inactivity. Select this option and set the time interval. These settings are useful for when you leave your computer because they prevent someone from helping themselves to your system, and perhaps stealing your data or changing system settings to their benefit.

FileVault

FileVault is a new feature in Panther that can keep all of the files in your home directory encrypted. FileVault uses AES-128 bit encryption to encrypt your home directory. The initial encryption process can take up to 20 minutes, however, when it is finished, all newly created files will be encrypted, and you won’t have to wait for the process to complete. As you open files, they are unencrypted invisibly.

This ability offers a great degree of protection especially if you are using a laptop computer or if you share your computer with other users. Only people who know your password can read or copy your files.

This security means that you must keep track of your password. If you lose your password you will be unable to access your documents in a clear text form. For this reason, Apple has implemented the FileVault Master Password. You can set a master password for the entire computer, which you can use to unlock any users files if they have forgotten their password. To set the FileVault master password, open the Security preference pane, and click the Change button, as shown in Figure 26-3.

click to expand
Figure 26-3: Setting Filevault Master Password.

To enable FileVault protection for your home directory open the Security preference pane and click the button labeled Turn On FileVault as shown in Figure 26-4.

click to expand
Figure 26-4: Turn on FileVault Protection.

At the time of this writing, November 2003, serious issues regarding data corruption have been reported on support Web sites. We recommend allowing time for the File Vault technology to mature and to be patched by Apple before you use this cutting edge technology.

Secure Empty Trash

A new feature in Panther is Secure Empty Trash. Traditionally, when you place a file in the trash, and choose empty trash the file is not actually deleted. A disk usage file is updated to reflect that the space on the disk occupied by the file that you’ve “trashed” is now available as free space. Anyone who’s run Norton Utilities or other Macintosh disk utilities is aware that frequently you can recover deleted files. This can be quite useful. However, sometimes you want to throw something away and ensure that it will never be recovered. There have been third-party utilities available to fill this task by actually writing zeros or other data over the place in the disk where the file existed. After data is written to the disk your data no longer exists. The Department of Defense has developed guidelines regarding the secure deletion of files, and Apple now includes this feature built in to Panther. Simply select Secure Empty Trash from the Finder menu to erase all traces of that offending file, as shown in Figure 26-5.

click to expand
Figure 26-5: Secure Empty Trash.




Mac OS X Bible, Panther Edition
Mac OS X Bible, Panther Edition
ISBN: 0764543997
EAN: 2147483647
Year: 2003
Pages: 290

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net