: -----Original Message-----
: From: listbounce (at) securityfocus (dot) com [email concealed]
: [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of brian (at) clearware (dot) org [email concealed]
: Subject: Mac OS X - Boot Camp Security
:
: I just recently installed Boot Camp 1.1.1 on my Intel based MacBook and
: have some initial observations regarding security.
:
: Windows was installed on an NTFS partition for better file level
: security. However, booting to another operating system bypasses
: Windows security. This becomes evident when in Mac OS X and you see
: the Windows drive on the desktop. Files on the Windows drive can be
: easily viewed and copied while bypassing the NTFS file permissions.
: This introduces the following risks:
:
: 1. Disclosure of information (including data stored in the user's
: profile such as Outlook data files and synchronized network folders)

How is this any different to taking any disk, using any file system, and
attaching it to another machine running another OS?

File System ACLs are enforced by the OS, and if the OS isn't running, there
is no enforcement.

If you are concerned about physical security (i.e. you fear that the disk may
be stolen, or that someone can install another OS onto the disk, or boot
another OS from a CD) then you should use encryption technologies that are
available (e.g. Windows XP has EFS) to ensure that the disk contents are
encrypted. Then you are not relying on ACLs to enforce authorization.

Cheers
Ken

: 2. Brute forcing the Windows SAM for user passwords that mnay be used
: on other systems
:
: In Mac OS X, is it possible to only allow access to the Windows drive
: from specified OS X users?
:
: While booting the MacBook I can press the option key to select which
: drive to boot from. Is it possible to password protect this feature?
: Is it also possible to require a password to boot from CD?

[ reply ]