Ensuring Physical Security


If an attacker gains physical control of a computer, he can bypass any firmware- or OS-based security (such as an Open Firmware password, a login password, file permissions, and so on). With the actual hardware in hand, an attacker can remove the hard drive and attach it to another computer, then read or change any file on the drive. Less drastic attacks include changing the computer's RAM configuration and then resetting parameter RAM (PRAM), which removes the Open Firmware password.

To prevent this, Macintosh towers and minis have lock attachment points that control access to the hard drive and memory slots as well as prevent theft of the entire computer:

  • In the Power Mac G5, the attachment point consists of a foldout padlock loop on the back panel. When a padlock or cable is connected to this loop, it prevents the access latch from being opened.

  • In the Power Mac G4, a pullout padlock point on the back panel physically secures the hardware. When held out by a padlock or cable, the point locks the computer's side panel in a closed position.

  • In the Macintosh mini and the iMac G5, installing a latch in the security slot in the back panel locks the computer's top and bottom cases together.

Physically locking the internals of many other Mac models is not possible. In many cases, you can gain some measure of protection by modifying the enclosure, or replacing the case screws with "security" screws.

Disconnecting or removing alternate boot devices (FireWire devices and CD drives, for example) will also limit an attacker's opportunities to take control of an incompletely secured computer. However, these measures should not be considered sufficient to protect critical computers and information.

If real data security is required when good physical security is not possibleparticularly with PowerBook and iBook models, which have a high risk of theft or other lossusing data encryption (such as FileVault) in addition to the normal OS-based security is strongly recommended.




Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net