NOTE - that insecuries in OSX mentioned in this paper
have been addressed by Apple and no longer constitute a threat. The portion
of the paper which deals with firmware passwords and the link to additional
information on that subject, may be of interest however.
It has become very clear to me
during
our levy computer
rollout
just how much the Macintosh computer has to offer schools in
terms
of ease of
administration, multimedia (iMovie!), stability
and
security.
However, the new Macs coming into our
schools have both OS 9.2 and OSX
installed and this can present security
challenges.
THE
RUB
While
previous
versions of the Mac OS can be easily secured with Multiple
Users, FoolProof, or other 3rd party
apps, with OSX we have no way of
preventing users from downloading applications from the
Internet or
copying them from
CDs. These applications could be inappropriate games or
pictures, or
hacker exploits which provide privileged
access to the operating system,
allowing a user to alter or destroy portions of the OS or even
to the building LAN.
Because we are uncertain of security in OSX, our current
(temporary)
strategy is to secure OS 9.2 with Fool Proof and to
prevent users from
accessing
OSX altogether. FoolProof or Multiple Users settings alone will not
prevent users from accessing OSX. Fortunately, putting OSX off limits is
quite easy
and consists of these
three steps:
1) Secure
OS 9.2 with Fool Proof or Multiple Users settings
2) Password protect OSX
3) Password protect the Open Firmware
[see details below]
We are aware that if we don't set these
passwords, our students may, at
which time they will administer our machines instead of
us!
SOME
SPECIFICS
There
are
several ways users can get to OSX from OS 9.2:
1) Boot from a CD (hold down c while booting the
computer)
2) Change the
startup disk in the control panels.
3) Hold down x while booting the computer
Setting the control panel startup disk
option can be locked down via Fool
Proof. The other two methods bypass software
security.
Once in OSX,
users may reboot while holding down COMMAND-s to boot into
single user mode and will receive a root
prompt. This gives wide ranging
access to the operating system.
Users may also boot into Open
Firmware by rebooting the computer while
holding down the key combination: COMMAND-OPTION-O-F.
Once at the open
firmware
command prompt, users may initiate various kinds mayhem.
Our experiments suggest that the
three steps outlined above will solve all
the issues mentioned here - except that pressing x will still
get users to
OSX. But
if OSX is password protected they will be immediately be
confronted with a password dialogue
box.
THE DETAILS
1)
SECURE OS 9.2 w FoolProof
2) PASSWORD PROTECT OSX:
* Make an account in OSX by going to System Preferences :
Users. Make the
account
an administrative account from the password tab.
* Go to System
Preferences : Login and and uncheck the "automatically
login" prompt. This will force
a password at bootup.
*A good
option is to make a second, backup account which can also
administer the computer.
* Do not give the passwords to
anyone.
3) PASSWORD
PROTECT OPEN FIRMWARE:
* From
OSX, reboot the computer while holding down
COMMAND-OPTION-O-F.
* You
will be given a white screen with a prompt like this >
*Type:
password yourpassword
where "yourpassword" is some password of your
choosing.
* Then
type:
setenv security-mode command
* and then finally type:
reset-all
If you
do not do these open firmware procedures in the prescribed order
or
if you reset your open
firmware before giving it a password, it may
corrupt your password file and lock yourself out
of ever being able to set
an
open firmware password. See
http://www.securemac.com/openfirmwarepasswordprotection.php
for
disclaimer and information.
At this point, booting while holding COMMAND-S in OSX will not give
a root
prompt, changing
startup disks in the control panel should ask for the
open firmware password, as should booting from a
CD.
All the security holes mentioned above
should now be patched.
***
tony
Security Enhancement for OSX
