Re: [Micronet] Security and dual booting Mac

From: Aron Roberts <aron_at_socrates.berkeley.edu>
Date: Tue Apr 05 2005 - 12:19:59 PDT

  I concur with Anthony's assessment.

  If occasional use of Mac OS 9 is required, there are some additional
steps you'll need to take to prevent anyone other than an authorized
party from booting a dual-boot capable Macintosh from Mac OS 9 and
thus bypassing the Unix permissions of OS X altogether.

  While this may be optional for some machines, any Macintoshes
which store or access restricted data
<http://ls.berkeley.edu/computing/security-responsibilities.html>
should likely be prepared as described in Mike Bombich's article:

  http://www.bombich.com/software/shadowclassic.html

  Some of his tips are applicable even if Mac OS 9 isn't currently
installed on a Macintosh, in order to help prevent someone from
walking up and booting from a CD or external drive running OS 9.

  In addition to Mike's excellent summary, you can also:

  1. Lock the Startup Disk Prefs pane in System Preferences,
     requiring an Admin user's password to unlock.

  2. Take the other usual steps to locally secure a machine,
     such as reviewing physical security for the area where the machine
     is located and the machine itself; using System Preferences to
     enable a screen saver which requires a password, either on idle or
     when the cursor is moved to a hot corner; and creating a non-Admin
     account and routinely running as that user except when absolutely
     necessary. (Under OS X, running as a non-Admin user is actually
     quite do-able, as most tasks that require Admin privileges will
     prompt for an Admin user's username and password.)

Aron Roberts
Workstation Software Support Group
 
P.S. Another article describing how to run Classic within a disk image,
one of the tips suggested by Mike Bombich, above, is:

http://www.macosxhints.com/article.php?story=20020901083220804

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Tue Apr 5 12:23:55 2005

This archive was generated by hypermail 2.1.8 : Tue Apr 05 2005 - 12:24:06 PDT