On 07/29/07 02:20 pm Jim Lux wrote: >> If you interrupt the boot sequence (look it up), you get to a Unix-like >> prompt with root/Administrator privileges, from which you can change >> passwords, delete accounts, and create new accounts with Administrator >> privileges. There is no equivalent -- at least in a MacBook -- of the >> typical PC's password protection in the BIOS that can be set to prevent >> the machine being booted at all. I can't see how a business could >> possibly rely on such a machine, especially when most of the backup >> "solutions" aren't -- as admitted even by Mac enthusiasts.
> Businesses that are concerned about security realize that physical > access control is where it's at. It doesn't matter what sort of > software stuff you put in, if you've got physical access to the machine, > you can break in. It might be harder or easier, but at some point, you > can just yank the drive out and slap it into a suitable platform and > read it out. > > So, if you control physical access, and you control who has that access > (presumably you trust your employees...) then whether you make it easy > or tough to get into administrator mode isn't all that important. > > Some form of on-the-fly hardware encryption with two factor > authentication is where it's at. And, all that has to be in > non-modifiable hardware (at some level), because if you allow someone to > dismantle the lock, it's hard to keep it secure. Of course one can remove a drive, but that takes a little longer than doing what I mentioned. And stealing data isn't the only way of ruining a business. I'd say that someone could wreak total havoc in a minute or less. What if one could no longer access one's files and the backup were close to useless? Symlinks, ACLs, and file ownership attributes all may fall victim to the defects of most Mac backup software, as may file creation dates -- or so I have read. 73 Alan _______________________________________________ FlexRadio mailing list [email protected] http://mail.flex-radio.biz/mailman/listinfo/flexradio_flex-radio.biz Archive Link: http://www.mail-archive.com/flexradio%40flex-radio.biz/ FlexRadio Knowledge Base: http://kb.flex-radio.com/ FlexRadio Homepage: http://www.flex-radio.com/
