Physical System Vulnerabilities


Many people invest a considerable amount of time and thought into securing their network connections through encryption, and restricting access to their machines via extravagant password systems, yet neglect physical security. If an intruder wants the contents of a file on your computer and can't break into it at the login prompt, Apple's "easy open " G4 cases make the job of simply walking away with your hard drive awfully easy.


If you're concerned about physical security, be glad you've got an "easy open" Macintosh, and not an early 1990s Silicon Graphics workstation. Older SGIs were so well designed that all a hardware thief needed to do was open a door on the front of the machine, flip a release lever, and the drives would slide out the door like toast out of a ( sideways ) toaster. Apple's gone a long way toward making the drives in the XServe as convenient to steal as well, but you're probably more likely to restrict access to your rackmount servers than to your desktop machines.

Some aren't even so considerate as to steal only your drive, and instead are happy to get the spare computer along with your data when they grab your G4 by those convenient carry handles and head out the door.

Networks are vulnerable to physical tampering, and in the worst case can allow someone to collect all traffic into and out of your machine without your knowledge.

If the problems of keeping your hardware from walking away and keeping your machine from being vulnerable to network attacks aren't enough, a poorly designed facility, or a poorly designed user policy, encourages crackers to steal your data through routes such as videotaping user logins to capture passwords, or engaging in social engineering to convince a valid user to give them access to the system.

It's been said that the best response to the question "How can I secure this system?" is "Put the machine in a safe, pour the safe full of cement , lock it, drop it in the middle of Hudson Bay, and even then, you can't be sure." Without going to that extreme, you can do a reasonable job of making access to your hardware and data inconvenient for the would-be cracker. This chapter tries to give you some ideas of how you can approach the problems of physically securing your machines and user policies that will encourage your users to help you keep them secure.


Mac OS X Maximum Security
Maximum Mac OS X Security
ISBN: 0672323818
EAN: 2147483647
Year: 2003
Pages: 158 © 2008-2017.
If you may any questions please contact us: