| When you purchase Mac OS X Server, it's assumed you'll be using one of the several services on the server. This means data is being stored on the serverwhether it's user information such as the LDAP directory or files stored by usersand that data must be protected. If you set up your Mac OS X Server where anyone has access to the box, you're leaving it open to a physical attack. There are several ways in which someone can attack your server if they have physical access to the box: Opening the box and stealing the hard disk(s) Stealing the drive bays and disks out of an Xserve Shutting down the server by either holding down the power button or unplugging the power cable, and then booting into a less secure mode (Table 10.1).
Table 10.1. Keyboard Boot MethodsBOOT DESCRIPTION | STARTUP KEYBOARD SEQUENCE | RESULT |
|---|
FireWire Target Disk Mode | F | Computer boots into a mode where any FireWire connection to another running Mac shows the server disk(s) on the running Mac's Desktop. | Single User Mode | Command-S | Boots the computer into a mode where any person can, with a little Unix knowledge, wreak havoc. | Boot off CD/DVD | C | Boots the computer from a bootable Mac OS X or Mac OS X Server CD or DVD, which allows any person to change the password. | Bypass internal disks | Command-Option-Shift-Delete | Lets any person plug in a FireWire disk or other bootable media and force the server to boot off that disk, bypassing the internal boot disks. | NetBooting | N | Requires another Mac OS X Server running NetBoot on the same network. The user boots off the NetBoot image. (See Chapter 11, "Running a NetBoot Server.") | View all bootable media | Option | Permits any person to view (and boot from), as icons, any other bootable disks, partitions, and bootable media that contain a blessed and bootable system. |
Preventing unauthorized logins Using the methods listed in Table 10.1, any person can boot off another device and view, erase, change, or otherwise tamper with your server. To thwart these types of intrusion, download and install Open Firmware Password, which you can obtain from Apple's Web site (http://docs.info.apple.com/article.html?artnum=120095). Once Open Firmware Password is installed, any person attempting any of the boot methods in Table 10.1 will be denied. The only variance is that Open Firmware Password allows any user to boot while holding down the Option key. However, when Open Firmware Password is implemented, the user sees only a padlock and an entry field rather than all possible bootable media. The user must know the Open Firmware Password application's password to view all the supported bootable media and subsequently temporarily change the boot disk to one of the available choices. To use Open Firmware Password: 1. | Download Open Firmware Password from Apple's Web site at http://docs.info.apple.com/article.html?artnum=120095, and install it on your server (Figure 10.1).
The /Applications/Utilities folder is a common location for this application.
| 2. | Double-click the Open Firmware Password icon to launch the program.
You're presented with the program's initial dialog (Figure 10.2).
| 3. | Click the Change button  .
A window opens in which you can enter a new password or phrase.
| 4. | Enter a password that you will not forget in both entry fields (Figure 10.3).
You can also require a password to change this setting in the future by checking the "Require password" check box.
| 5. | Click the OK button  .
A window informs you of your success in setting or changing the password or phrase (Figure 10.4).
| 6. | Restart your computer, and hold down the Option key to view the effects (Figure 10.5).
|
 Tip
Keyboard shortcuts aren't the only way data can be compromised. Xserves came with small keys that let you lock the drive bays so they can't be removed. Regardless of the version of Xserve you have, keeping the key in an extremely safe place is a good idea. Losing and reordering a key can cost you valuable time if you need to work on your Xserve.
Securing the server room The second piece of physical security is, of course, the room in which the server resides. This isn't just a Mac OS X Server issue, but it's worth mentioning that any good administrator limits access to the room where the servers are stored. Out of site, out of mind, as the old adage goes. If placing the server in a locked room isn't feasible, use the locking methods and remove the keyboard, mouse, and monitor unless they're absolutely necessary. Remember, you can administer Mac OS X Server with a few main tools, all of which run remotely. Most of the tools can be found in the /Applications/Server directory. The Terminal application and Directory Access both reside in the /Applications/Utilities directory. Apple Remote Desktop, which you must purchase separately, lets you (from a remote computer) see and control the screen, keyboard, and mouse as if you were sitting in front of the server itself. These tools should be on your Mac OS X client computer. | If you lose or forget the Open Firmware Password application's password, you must shut down your server and make a physical change to the hardware of the server. This commonly involves taking out a RAM chip or two, rebooting the server (which erases the password), shutting the server back down, replacing the RAM, and booting the server once again. Some people feel this makes Open Firmware Password insecure. On the contrary: If anyone can open the box on which you're running Mac OS X Server, they have physical access to the disks, which means they can take them! Open Firmware Password doesn't protect or encrypt the disk(s); it places a password-protected lock on the firmware used to boot the computer. If you're worried about someone gaining physical access to the innards of your server hardware, purchase a lock if the Macintosh model supports it; or, if it's an Xserve, use the key. |
|
