OS XTopics: Security

OS X: Admin privileges

• Unlocking Screen Lock
• What can one do with Privileges?

Unauthorized Boot Media

• Open Firmware Passwords
• Case key lock on XServe
• Padlock on Power Mac G4 case

Data Privacy / Security

• Encrypted Disk Images
• Use scp instead of FTP

Remote Login

• Use ssh

• do NOT use Telnet

Wireless Security

• Closed Network
• Restricted Access Network
• Radius Authentication

Web Resources

• Computer Emergency Response Team/Coordination Center at Carnegie Mellon Software Engineering Institute
• Security Updates at Apple
• Networking and Security Downloads at Apple
• Security Announce mailing list at Apple

Member

ACTC / APP

Encrypted Disk Images

The best way to secure most any computer system is to put it in a locked room shielded from electromagnetic radiation, filter power going into the room and disconnect all lines of communication. That works just dandy for Three Letter Agencies of the government, but is not a practical solution for the rest of us who are trying to communicate with one-another out here in the Big Blue Room .

Additional Security for Confidential / Private Files

Securing your Data on OS X Systems

For lap tops (or desktops) additional security for sensitive documents may be obtained by creating an encrypted disk image with the Disk Copy utitlity. The Encrypted Disk Image, like other disk images, is opened by double-clicking on the *.dmg file in the Finder, though the Encrypted Disk Image will request the password to allow you to view and use the protected data. This may be used to store sensitive files, etc. If necessary, you can add the Encrypted Disk Image to your login items so that the Disk Image will be opened (if authenticated) when you log-in. For additional security you will want to:

Do not allow the Disk Copy to automatically open the disk via the KeyChain.

If this is currently set this way, you may delete the password for the encrypted disk by removing the entry with the name of the disk from your Keychain.

(1) From the Utilities folder under Applications, open Keychain Access

(2) Then if necessary select 'Keychains', and from the list presented select your keychain, unlocking it if asked.

 

(3) Then highlight the entry for your disk and select the Delete icon.

Set the KeyChain to Lock after a few minutes

(1) From the Utilities folder under Applications, open Keychain Access

(2) Then if necessary select the 'Keychains' icon, and from the list presented select your keychain, unlocking it if asked.

(3) Go to Edit in the menu bar, and select the "..." settings option, (for me it is "caloccia"-settings )

(4) Choose to Lock after 5 minutes of inactivity and to Lock when sleeping

Set the Screen Saver to require a password

(1) In System Preferences open the Screen Effects pane

(2) Select the Activation Tab

(3) Under 'Password to use when waking the screen effect:' check 'Use my user account password'

 

On User Login

For the disk to be mounted at login, add it to the login start-up items in the system preferences pane. As long as it is not in the Keychain (and it should not be) then the user should be prompted at/after login for the password to unlock the disk. Also - no programs which require the disk to be present should be started before the disk has completed mounted (e.g. such as if you Mail pile is on the disk, don't start or run Mail.app if the disk is not present - bad things can happen [Mail.app will create its directories under /Volumes//Mail/... and then it will fetch mail and drop it there instead of on your encrypted disk...]

Page last updated March 2003, Screen Captures from OS X 10.2.1