Jump to content


Photo

Mac Security/Target Mode


  • Please log in to reply
6 replies to this topic

#1 Julie Falling

Julie Falling

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,398 posts
  • Gender:Female
  • Location:Tennessee
  • Interests:Numerous!
  • Accordance Version:11.x

Posted 17 January 2013 - 09:52 AM

Hey -

 

There was a time when we moved stuff from an old Mac to a new one by booting up the old one in Target Mode, and Set-up Assistant (or some such utility) moved everything.  

 

I didn't have to do that this time when I moved all my stuff from my G5 to my Mac mini.  I was wondering if ML still had Target Mode, but thinking of the security issues it presents.  So, this morning I did boot my MBP up in Target Mode, then connected it via a firewire cable to my Mac mini.  That enabled me to see the entire contents of my MBP via the mini without entering a password.  

 

I don't have any of our tax/financial records on my computers, and I doubt anyone would want to hack my machines.  However, my husband has all those records on his.  We have put the stuff that needs to be secure inside an encrypted disk image on his machine, but is there something else that can be done?    

 

I tried FileVault a couple of OSes ago, and it was pretty clunky.  Is it worth doing now?  Drawbacks?  That also means that the TimeMachine back-ups are encrypted, too, right?  And you can't just replace one document or file anymore?

 

Thanks for the help.

 

 


Julia Falling

 

Accordance 11

MacBook Air Yosemite

mid-2013 1.7 GHz Intel Core i7 (2 cores)

8 GB RAM; 512 G SSD

 

Mac mini Yosemite Acc 11

late-2012 2.3GHz Intel Core i7 (4 cores)

16 GB RAM; 1.12  TB Fusion Drive

 

iPad Air 1 iOS 8.1

64 GB

 

 

 

 


#2 craigminah

craigminah

    Bronze

  • Active Members
  • PipPip
  • 57 posts
  • Gender:Male
  • Location:Utah
  • Accordance Version:10.x

Posted 22 January 2013 - 12:55 PM

I use Tao Effect's Espionage program which makes encrypting folders pretty transparent.  There are some quirks (e.g. when other programs scan folders and encounter an encrypted folder Espionage will ask for the password; you can configure which programs to ignore - Parallels, WhatSize, etc.)  AgileBits has a similar program called Knox.  I didn't like it as much because it wasn't quite so seemless as Espionage.

 

Get a trial of each and see if you like them.  I use Espionage to encrypt my finances folder and my resume folder and didn't feel the need to encrypt everything else and slow down my computer. 



#3 Julie Falling

Julie Falling

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,398 posts
  • Gender:Female
  • Location:Tennessee
  • Interests:Numerous!
  • Accordance Version:11.x

Posted 22 January 2013 - 02:30 PM

Craig -

 

How does this compare with using an encrypted disk image created with Disk Utility?  

 

It's definitely better to only encrypt what needs to be kept secure which is why we haven't used File Vault.  Maybe it has improved since I last tried to use it, but it seems like overkill.

 

Thanks for the suggestions and for taking the time to reply.  I'll get this stuff to my husband so he can decide which way he wants to go.


Julia Falling

 

Accordance 11

MacBook Air Yosemite

mid-2013 1.7 GHz Intel Core i7 (2 cores)

8 GB RAM; 512 G SSD

 

Mac mini Yosemite Acc 11

late-2012 2.3GHz Intel Core i7 (4 cores)

16 GB RAM; 1.12  TB Fusion Drive

 

iPad Air 1 iOS 8.1

64 GB

 

 

 

 


#4 craigminah

craigminah

    Bronze

  • Active Members
  • PipPip
  • 57 posts
  • Gender:Male
  • Location:Utah
  • Accordance Version:10.x

Posted 22 January 2013 - 05:32 PM

Craig -

 

How does this compare with using an encrypted disk image created with Disk Utility?  

 

It's definitely better to only encrypt what needs to be kept secure which is why we haven't used File Vault.  Maybe it has improved since I last tried to use it, but it seems like overkill.

 

Thanks for the suggestions and for taking the time to reply.  I'll get this stuff to my husband so he can decide which way he wants to go.

Espionage actually uses encrypted disk images but does it in a way that makes it seem like it's not...it's done very cleverly and is transparent to the user.  I don't know how Knox works but that company, AgileBits, is fantastic and is best known for 1Password...I can't say enough good about them but I preferred Espionage from TaoEffect more.  There are other options out there but the ones I've tried aren't as good as Knox or Espionage.


Edited by craigminah, 22 January 2013 - 06:35 PM.


#5 Alistair

Alistair

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 610 posts
  • Gender:Male
  • Accordance Version:11.x

Posted 23 January 2013 - 09:42 AM

I seem to remember you can edit the Open Firmware to prevent startup in Target mode, that might be worth looking into.



#6 Julie Falling

Julie Falling

    Platinum

  • Active Members
  • PipPipPipPipPip
  • 1,398 posts
  • Gender:Female
  • Location:Tennessee
  • Interests:Numerous!
  • Accordance Version:11.x

Posted 23 January 2013 - 09:55 AM

Thanks for the replies.  We'll look into all this.  I wonder if Mac users in general know about this vulnerability?


Julia Falling

 

Accordance 11

MacBook Air Yosemite

mid-2013 1.7 GHz Intel Core i7 (2 cores)

8 GB RAM; 512 G SSD

 

Mac mini Yosemite Acc 11

late-2012 2.3GHz Intel Core i7 (4 cores)

16 GB RAM; 1.12  TB Fusion Drive

 

iPad Air 1 iOS 8.1

64 GB

 

 

 

 


#7 Joel Brown

Joel Brown

    Administrator

  • Admin
  • 3,048 posts
  • Gender:Male
  • Location:Houston, TX
  • Accordance Version:11.x
  • Platforms:Mac OS X, Windows

Posted 23 January 2013 - 10:49 AM

Well, in my opinion its not exactly a vulnerability.  To me, if you have physical access to the device, just about anything can be broken.  If it supports Target Disk mode, that of course makes it easy, but someone could also just pull out the physical drive and plug it into their computer, or into an external hard drive enclosure.  Or, they could boot from an OS X install disk and reset the admin password.

 

A hard drive or disk image encryption is important if you want to ensure that even in physical access it will be difficult to crack (but never impossible), but I don't feel target disk mode offers creates any vulnerabilities that aren't there already.


Joel Brown

By day: Consultant for Oaktree
By night: Freelance Trombonist and Private Instructor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users