MAC OS X Server 10010.3 Panther [Electronic resources] : Visual QuickPro Guide نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

MAC OS X Server 10010.3 Panther [Electronic resources] : Visual QuickPro Guide - نسخه متنی

Schoun Regan, Kevin White

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
توضیحات
افزودن یادداشت جدید


Physical Security


When you purchase Mac OS X Server, it's assumed you'll be using one of the several services on the server. This means data is being stored on the serverwhether it's user information such as the LDAP directory or files stored by usersand that data must be protected.

If you set up your Mac OS X Server where anyone has access to the box, you're leaving it open to a physical attack. There are several ways in which someone can attack your server if they have physical access to the box:

Opening the box and stealing the hard disk(s)

Stealing the drive bays and disks out of an Xserve

Shutting down the server by either holding down the power button or unplugging the power cable, and then booting into a less secure mode (Table 10.1).

Chapter 11, "Running a NetBoot Server.")

View all bootable media

Option

Permits any person to view (and boot from), as icons, any other bootable disks, partitions, and bootable media that contain a blessed and bootable system.


Preventing unauthorized logins


Using the methods listed in Table 10.1, any person can boot off another device and view, erase, change, or otherwise tamper with your server. To thwart these types of intrusion, download and install Open Firmware Password, which you can obtain from Apple's Web site ([http://docs.info.apple.com/articlel?artnum=120095]).

Once Open Firmware Password is installed, any person attempting any of the boot methods in Table 10.1 will be denied. The only variance is that Open Firmware Password allows any user to boot while holding down the Option key. However, when Open Firmware Password is implemented, the user sees only a padlock and an entry field rather than all possible bootable media. The user must know the Open Firmware Password application's password to view all the supported bootable media and subsequently temporarily change the boot disk to one of the available choices.

To use Open Firmware Password:


1.

Download Open Firmware Password from Apple's Web site at [http://docs.info.apple.com/articlel?artnum=120095], and install it on your server (Figure 10.1).


Figure 10.1. Install Open Firmware Password on your server.

The /Applications/Utilities folder is a common location for this application.

2.

Double-click the Open Firmware Password icon to launch the program.

You're presented with the program's initial dialog (Figure 10.2).


Figure 10.2. Open Firmware Password's initial dialog informs you that you must be an administrator to change the password.

3.

Click the Change button .

A window opens in which you can enter a new password or phrase.

4.

Enter a password that you will not forget in both entry fields (Figure 10.3).


Figure 10.3. Set the Open Firmware password using this dialog.

You can also require a password to change this setting in the future by checking the "Require password" check box.

5.

Click the OK button .

A window informs you of your success in setting or changing the password or phrase (Figure 10.4).


Figure 10.4. Open Firmware Password informs you of the success of setting/changing your password.

6.

Restart your computer, and hold down the Option key to view the effects (Figure 10.5).


Figure 10.5. Hold down the Option key lets you view the effects once Open Firmware Password has been successfully enabled.


Tip

Keyboard shortcuts aren't the only way data can be compromised. Xserves came with small keys that let you lock the drive bays so they can't be removed. Regardless of the version of Xserve you have, keeping the key in an extremely safe place is a good idea. Losing and reordering a key can cost you valuable time if you need to work on your Xserve.


Securing the server room


The second piece of physical security is, of course, the room in which the server resides. This isn't just a Mac OS X Server issue, but it's worth mentioning that any good administrator limits access to the room where the servers are stored. Out of site, out of mind, as the old adage goes. If placing the server in a locked room isn't feasible, use the locking methods and remove the keyboard, mouse, and monitor unless they're absolutely necessary.

Remember, you can administer Mac OS X Server with a few main tools, all of which run remotely. Most of the tools can be found in the /Applications/Server directory. The Terminal application and Directory Access both reside in the /Applications/Utilities directory. Apple Remote Desktop, which you must purchase separately, lets you (from a remote computer) see and control the screen, keyboard, and mouse as if you were sitting in front of the server itself. These tools should be on your Mac OS X client computer.


Oops, I lost My Password!


If you lose or forget the Open Firmware Password application's password, you must shut down your server and make a physical change to the hardware of the server. This commonly involves taking out a RAM chip or two, rebooting the server (which erases the password), shutting the server back down, replacing the RAM, and booting the server once again.

Some people feel this makes Open Firmware Password insecure. On the contrary: If anyone can open the box on which you're running Mac OS X Server, they have physical access to the disks, which means they can take them! Open Firmware Password doesn't protect or encrypt the disk(s); it places a password-protected lock on the firmware used to boot the computer.

If you're worried about someone gaining physical access to the innards of your server hardware, purchase a lock if the Macintosh model supports it; or, if it's an Xserve, use the key.


/ 104