Re: Security problems with applesharing?

Subject: Re: Security problems with applesharing?
From: "Timothy K. Wilkinson" <email@hidden>
Date: Wed, 24 Apr 2002 08:46:26 -0400
Mmdf-warning: Parse error in original version of preceding line at mail.virginia.edu
User-agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022

Chris is right that about all of those ways to physically break into a new
OS X installation. However both of those can be fixed by setting an open
firmware password that prevents booting into single user mode or booting
from a CD without a password.

Apple has a TIL and utility to do this.

Documentation:

http://docs.info.apple.com/article.html?artnum=106482

Utility:

http://docs.info.apple.com/article.html?artnum=120095

Tim Wilkinson
ITC-ACHS
University of Virginia
email@hidden
email@hidden

> From: "Chris Morrison (h)" <email@hidden>
> Date: Tue, 23 Apr 2002 21:49:21 -0400
> To: "Chris G. Sellers" <email@hidden>, Ruth Shear
> <email@hidden>
> Cc: <email@hidden>
> Subject: Re: Security problems with applesharing?
>
> Hello,
> True, Mac OS X is unix-based, but note that there are a number of ways to
> physically break in to a factory-fresh OS X installation:
> start up while holding cmd-S: dumps you into single-user mode (no GUI at
> all) as UNIX superuser, without requiring password.
> start from os x install CD, immediately use reset-password menu choice to
> reset the admin password
>
> (sources: http://macosxlabs.org,
> http://www.securemac.com/macosxsingleuser.php
> (scroll down to section "EXPLOIT")
> Pogue, David, MAC OS X, THE MISSING MANUAL...)
>
> At 8:43 PM -0400 4/23/02, Chris G. Sellers wrote:
>> Not any more than any other platform. Telnet is clear text. Insecure,
>> sniffable on a non-switched network easily. Windows logins from Windows9X
>> clients are not usually encrypted. Mac logins from old clients and
>> servers are not encrypted.
>>
>> but new clients use encryption, and switched networks make it difficult to
>> 'sniff' traffice for passwords.
>>
>> one thing they may be getting at is that Windows systems themself are more
>> prone to attach and exploits because of Microsoft's software and viruses.
>> (i.e. IE exploits, ISS problems, etc). Macs (Classic) are not as secure
>> in terms of authentication at the console - but that is more a physical
>> issue not a network issue. MacOS X is basically BSD, which is very
>> flexable with security.
>>
>> Also, implicitly, central servers can control security better, so not to
>> have 3 windows and 2 mac servers around the department which require
>> upgrades, watching, etc, but rather one to watch and keep track of.
>>
>> Sellers
>>
>> On Tue, 23 Apr 2002, Ruth Shear
>> wrote:
>>
>>> G'day
>>>
>>> Our department IT guys wants to go to a centralized fileserver for
>>> file storage, backup, sharing, and calendar synchronization and is
>>> considering a number of groupware options.
>>>
>>> One of things when asked why, was the improved security. He claims
>>> that there are big security problems when doing filesharing on
>>> windows and on macs.
>>>
>>> Is this true - are there security problems with using appleshare
>>> (other than the obvious ones of using easily guessable passwords)?
>>>
>>> Thanks
>>>
>>> DrRuth
>>> --
>>> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>>> Ruth Shear (nee McKay) as ci email@hidden
>>> Dept of Chem & Biochem imapofa http://krypton.cm.utexas.edu/~drruth/
>>> University of Texas ustrali Ph: (512) 471-5755
>>> Austin TX 78712 a Fx: (512) 471-0985
>>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>>> _______________________________________________
>>> maclabmanager mailing list | email@hidden
>>> Help/Unsubscribe/Archives:
>>> http://www.lists.apple.com/mailman/listinfo/maclabmanager
>>> Do not post admin requests to the list. They will be ignored.
>>>
>>
>>
>>
>> { SELLERS, CHRIS G. IM BuddyName : MillenniumOU }
>> { Oakland University Information Technology : UNIX System Programmer II }
>> { 220 Dodge Hall Rochester, MI. 48309 FAX:248.370.4209 }
>> { Get IT updates daily @ http://www.oakland.edu/it }
>> _______________________________________________
>> maclabmanager mailing list | email@hidden
>> Help/Unsubscribe/Archives:
>> http://www.lists.apple.com/mailman/listinfo/maclabmanager
>> Do not post admin requests to the list. They will be ignored.
_______________________________________________
maclabmanager mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/maclabmanager
Do not post admin requests to the list. They will be ignored.

Prev by Date: Telematics requirements for evidence nonsensical?
Next by Date: Re: Telematics requirements for evidence nonsensical?
Previous by thread: Re: Security problems with applesharing?
Next by thread: Re: Security problems with applesharing?
Index(es):
- Date
- Thread

Home