ÂÂ Secure VM: Secure VM encrypts system virtual memory (memory data temporarily written to the hard disk), not user files. It improves system security by keeping virtual memory files from being read and exploited.

ÂÂ Disk Utility: Disk Utility can create disk images whose contents are encrypted and password protected. Disk images act like removable media such as external hard disks or USB memory sticks, but they exist only as files on the computer. After you create an encrypted disk image, double-click it to mount it. Files you drag onto the mounted image are encrypted and stored on the disk image. You can send this disk image to other Mac OS X users. With the unlocking password, they can retrieve the files you locked in the disk image.

Secure Delete

When a file is put in the Trash and the Trash is emptied, or when a file is removed using the rm UNIX tool, the files are not removed from disk. Instead, they are removed from the list of files the operating system (OS) tracks and does not write over.

Any space on your hard disk that is free space (places the OS can put a file) most likely contains previously deleted files. Such files can be retrieved using undelete utilities and forensic analysis.

To truly remove the data from disk, you must use a more secure delete method. Security experts advise writing over deleted files and free space multiple times with random data.

Mac OS X Server provides the following tools to allow you to securely delete files:

ÂÂ Secure Empty Trash (a command in the Finder menu to use instead of “Empty Trash”

ÂÂ srm (a UNIX utility that securely deletes files, used in place of “rm”)

About Authentication and Authorization

Authentication is verifying a person’s identity, but authorization is verifying that an authenticated person is allowed to perform a certain action. Authentication is necessary for authorization.

In a computing context, when you provide a login name and password, you are authenticated to the computer because it assumes only one person (you) knows the login name and the password. After you are authenticated, the operating system checks lists of people who are permitted to access certain files, and if you are authorized to access them, you are permitted to.

Because authorization can’t occur without authentication, authorization is sometimes used to mean the combination of authentication and authorization.

56

Chapter 4    Enhancing Security

Page 55 Page 57
Page 56
Image 56
Apple 10.6 manual About Authentication and Authorization, Secure Delete
Page 55 Page 57
Top Page Image Contents