Micronet Mail Archive: Re: Security and dual booting Mac

From: Aron Roberts <aron_at_socrates.berkeley.edu>
Date: Tue Apr 05 2005 - 12:19:59 PDT

I concur with Anthony's assessment.

If occasional use of Mac OS 9 is required, there are some additional
steps you'll need to take to prevent anyone other than an authorized
party from booting a dual-boot capable Macintosh from Mac OS 9 and
thus bypassing the Unix permissions of OS X altogether.

While this may be optional for some machines, any Macintoshes
which store or access restricted data
<http://ls.berkeley.edu/computing/security-responsibilities.html>
should likely be prepared as described in Mike Bombich's article:

http://www.bombich.com/software/shadowclassic.html

Some of his tips are applicable even if Mac OS 9 isn't currently
installed on a Macintosh, in order to help prevent someone from
walking up and booting from a CD or external drive running OS 9.

In addition to Mike's excellent summary, you can also:

1. Lock the Startup Disk Prefs pane in System Preferences,
requiring an Admin user's password to unlock.

  2. Take the other usual steps to locally secure a machine,
     such as reviewing physical security for the area where the machine
     is located and the machine itself; using System Preferences to
     enable a screen saver which requires a password, either on idle or
     when the cursor is moved to a hot corner; and creating a non-Admin
     account and routinely running as that user except when absolutely
     necessary. (Under OS X, running as a non-Admin user is actually
     quite do-able, as most tasks that require Admin privileges will
     prompt for an Admin user's username and password.)

Aron Roberts
Workstation Software Support Group

P.S. Another article describing how to run Classic within a disk image,
one of the tips suggested by Mike Bombich, above, is:

http://www.macosxhints.com/article.php?story=20020901083220804

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Tue Apr 5 12:22:43 2005

This archive was generated by hypermail 2.1.8 : Tue Apr 05 2005 - 12:22:46 PDT