Therefore, the only real way to secure files on a drive is to enable some form of encryption to prevent files from being read. Regardless of the measures available for either the firmware or operating system to secure files on a disk, if someone gains physical access to the disk then they can attach it to any device they want (even if this means physically removing it from your Mac) and read data from it. Since Safari-only mode is enabled from within the operating system when you click the Guest account, the boot drive switch is made from within the operating system and not by the firmware.įileVault can be enabled in Lion's Security & Privacy system preferences. Firmware passwords will only prevent alternative boot drive selection at startup when the firmware itself is being instructed to make the change, and will not prevent a loaded operating system from designating a boot drive. Since firmware passwords prevent booting to alternative volumes, some people may wonder if having one enabled will allow Safari-Only mode to work. If a Mac is locked down (such as at a desk, or in a computer lab), then a firmware password may greatly help since the only way to alter the system's hardware would be to physically damage it to gain access to the interior. Unfortunately firmware passwords can be reset by altering a system's hardware configuration (e.g., removing and reinstalling RAM), but it is one step that can help prevent a system from being inappropriately accessed. Now to boot to alternate volumes you will have to provide the firmware password, and to reset PRAM or use alternate boot modes you will have to use this utility to disable the firmware password. Follow the instructions in the utility and your password should then be set. To set a firmware password, reboot to Lion's recovery partition by holding Command-R, followed by choosing "Firmware Password" from the Utilities menu. Screenshot by Topher KesslerĪlternate boot options like OS-based Single User and Safe Boot modes, and hardware-based Target Disk mode, boot drive selection, and even resetting the PRAM can be prevented by setting a firmware password on the Mac. The firmware password utility is available when you boot to the OS X Lion Recovery Partition. More easily, a thief can boot the system to Target Disk mode or even remove the hard drive and attach it as an external drive on another system to bypass the OS X security and gain access to the drive. In this mode, someone who knows what he or she is doing can gain access to the whole system if needed. For instance, someone can restart a system into Single User mode, which bypasses the OS X user interface and drops you to the command prompt as the root user. While Safari-only mode itself will not allow direct access to your files, unless you take precautions for securing your files then thieves can still take measures to bypass the operating system's security and gain access to the hard drive. However, since the boot image is stored on the recovery partition that is left unencrypted by filevault, then even though your data is locked away the system can still load Safari and send location information to iCloud to help recover your system.įind My Mac with Safari-only mode is a good option for being able to locate your Mac, but some people have wondered about whether it adds extra security for your files. Generally, full-disk encryption means you would need to provide credentials to first unlock the disk before you can access any files or run any system software on it. Having Safari-only mode run from the Lion recovery partition has the added benefit where it will work even if you have Apple's FileVault 2 disk encryption enabled. Safari-only mode is only enabled if you use the Find My Mac feature of Apple's iCloud service.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |