Lesson13.Securing the Local System

Lesson 13. Securing the Local System

The Mac OS X local security model has four layers. The layers are not independent; an attacker can use a weakness in one layer to bypass the protections provided by some or all of the other layers. So setting up a secure Mac OS X computer requires that all four be locked down properly. The four layers in the Mac OS X security model are:

• Physical security: An attacker who has physical access to the computer can bypass any firmware- or OS-based protection in any of the other layers.

• Open Firmware security: Open Firmware controls the boot process; unless this is secured (with an Open Firmware password), an attacker can use alternate boot modes to bypass normal access controls.

• Password-based user authentication: If attackers can steal or guess passwords, they can gain access by impersonating other users. (Some third-party solutions can augment this with pass-card or biometric authentication.)

• User accountbased access controls: Access controls such as file permissions and administrative access regulate what a user can do. If these are set inappropriately, users may not only be able to access files they should be locked out of, but they may also reset other users' passwords or modify Open Firmware security settings.

If all four layers are secured, then the local system can be considered secure. The only exception to this rule is data security via encryption, such as that provided by the Mac OS X Keychain, FileVault, and encrypted disk image features. When securing all four layers is not practical (as with a PowerBook, where physical security is difficult), encryption may be the only option to reliably protect user data.