PDA

View Full Version : I need help locking down OSX..


Falleron
Oct 9, 2003, 11:50 AM
Ok, I want to install OSX on a number of machines. They need to be secure. How do I stop people bringing along an OSX cd + resetting the password?

Thanks

iJon
Oct 9, 2003, 01:09 PM
download (possibly on the cd as well) apple's firmware password. it will set a password in the firmware and if anyone trys to access another method of booting whether it being another hard drive or cd, it will ask for a password.

iJon

SilentPanda
Oct 9, 2003, 01:16 PM
Also check out http://www.macosxlabs.org/ for a good bit of info on making it more secure for public type use.

Falleron
Oct 9, 2003, 04:00 PM
Cheers. Does anyone else have any pearls of wisdom??

LimeLite
Oct 9, 2003, 04:48 PM
You could remove your optical drive. That way no one could boot from the CD! :D
I'm kidding, of course.

Falleron
Oct 9, 2003, 04:54 PM
Originally posted by LimeLite
You could remove your optical drive. That way no one could boot from the CD! :D
I'm kidding, of course.
Looked into that option!!

Rower_CPU
Oct 9, 2003, 05:26 PM
Another vote for macosxlabs.org from me. Great site.

rainman::|:|
Oct 9, 2003, 05:36 PM
kill everyone on earth with an OS X CD?

go firmware password. simple, works.

pnw

yamabushi
Oct 9, 2003, 05:56 PM
While MacOSX is in general more secure than most versions of Windows, it does not yet have a level of security equal to specialized secure versions of UNIX. OSX is about as secure as it gets for the consumer market, though. Just be aware of the fact that your system will not be 100% secure no matter what you do. Getting a little paranoid and building in extra layers of security isn't a bad idea. Make sure to check the clients for unauthorised apps and activity often.

I have administered both Windows and Mac open labs. I have often been surprised at the level of skill and determination demonstrated by 1% of users. In my case, protection of the data stored on most of the computers was not critical, which made things much easier. Critical data was placed on a fileserver in a physically secured location. Nevertheless, unauthorised usage was a problem. We had a number of talented hackers at the school I was working at that liked to cause mischief, especially with the OS7-OS9 computers. On the OS8 machines I usually installed a clean disk image daily since they were the most popular targets. As soon as OSX came along things got easier after the transition, but still not perfect.

Falleron
Oct 10, 2003, 11:20 AM
Thanks everyone for the help.