If an attacker gains physical control of a computer, he can bypass any firmware- or OS-based security (such as an Open Firmware password, a login password, file permissions, and so on). With the actual hardware in hand, an attacker can remove the hard drive and attach it to another computer, then read or change any file on the drive. Less drastic attacks include changing the computer's RAM configuration and then resetting parameter RAM (PRAM), which removes the Open Firmware password. To prevent this, Macintosh towers and minis have lock attachment points that control access to the hard drive and memory slots as well as prevent theft of the entire computer:
Physically locking the internals of many other Mac models is not possible. In many cases, you can gain some measure of protection by modifying the enclosure, or replacing the case screws with "security" screws. Disconnecting or removing alternate boot devices (FireWire devices and CD drives, for example) will also limit an attacker's opportunities to take control of an incompletely secured computer. However, these measures should not be considered sufficient to protect critical computers and information. If real data security is required when good physical security is not possibleparticularly with PowerBook and iBook models, which have a high risk of theft or other lossusing data encryption (such as FileVault) in addition to the normal OS-based security is strongly recommended. |