Lesson 13. Securing the Local System
The Mac OS X local security model has four layers. The layers are not independent; an attacker can use a weakness in one layer to bypass the protections provided by some or all of the other layers. So setting up a secure Mac OS X computer requires that all four be locked down properly. The four layers in the Mac OS X security model are:
If all four layers are secured, then the local system can be considered secure. The only exception to this rule is data security via encryption, such as that provided by the Mac OS X Keychain, FileVault, and encrypted disk image features. When securing all four layers is not practical (as with a PowerBook, where physical security is difficult), encryption may be the only option to reliably protect user data. |