Is FireWire target disk mode a Security Weakness?

Networking/Security Forums -> Macintosh

Author: 2bitwannabeLocation: UK PostPosted: Mon Sep 18, 2006 1:54 pm    Post subject: Is FireWire target disk mode a Security Weakness?
    ----
Hello,
Is FireWire target disk mode a weakness in Security?
The reason I ask is that I understand that practically any security can be broke if phyical access to the device is obtainable but wouldn't this feature just make it easlier for them to do some or all of the following
1) Obtain Access to the HDD Contents
2) Copy the Hard Drive for hacking the data later(if FileVault is used)
3) Erase the HDD

Has anybody looked into this and if so could they provide some feedback to this situation

Thanks
Dean

Author: Ex0dusLocation: Down Under PostPosted: Thu Sep 21, 2006 10:00 am    Post subject:
    ----
yep can be a major security weakness. which is why you need to prevent them getting access to the machine in the first place.

this article here however talks about Open Firmware Password Protection. prevents the use of such things as target mode. but as always, not 100% full proof. i've never used it, but looks half decent. but could become a hassle if you need to use different things such as target mode regularly.

http://docs.info.apple.com/article.html?artnum=106482

Author: Sherman HomanLocation: Norwell, MA PostPosted: Tue Sep 26, 2006 7:18 pm    Post subject:
    ----
Target mode is a security problem! Of course it is also a solution to a whole bunch of other problems. Open Firmware is easily defeated by simply zapping the PRAM (repeatedly ~5 times) or pulling a ram chip out. (The Intel chip Macs don't do Open Firmware in any event.)

So, in answer to your question, Target Mode makes it much easier to access a protected machine. Open Firmware is easily defeated. Changing the Admin's password is trivial with the Start Up disk. However, File Vault is very strong medicine!



Networking/Security Forums -> Macintosh


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group