Jump to content

Mac Security/Target Mode


Julia Falling

Recommended Posts

Hey -

 

There was a time when we moved stuff from an old Mac to a new one by booting up the old one in Target Mode, and Set-up Assistant (or some such utility) moved everything.

 

I didn't have to do that this time when I moved all my stuff from my G5 to my Mac mini. I was wondering if ML still had Target Mode, but thinking of the security issues it presents. So, this morning I did boot my MBP up in Target Mode, then connected it via a firewire cable to my Mac mini. That enabled me to see the entire contents of my MBP via the mini without entering a password.

 

I don't have any of our tax/financial records on my computers, and I doubt anyone would want to hack my machines. However, my husband has all those records on his. We have put the stuff that needs to be secure inside an encrypted disk image on his machine, but is there something else that can be done?

 

I tried FileVault a couple of OSes ago, and it was pretty clunky. Is it worth doing now? Drawbacks? That also means that the TimeMachine back-ups are encrypted, too, right? And you can't just replace one document or file anymore?

 

Thanks for the help.

 

 

Link to comment
Share on other sites

I use Tao Effect's Espionage program which makes encrypting folders pretty transparent. There are some quirks (e.g. when other programs scan folders and encounter an encrypted folder Espionage will ask for the password; you can configure which programs to ignore - Parallels, WhatSize, etc.) AgileBits has a similar program called Knox. I didn't like it as much because it wasn't quite so seemless as Espionage.

 

Get a trial of each and see if you like them. I use Espionage to encrypt my finances folder and my resume folder and didn't feel the need to encrypt everything else and slow down my computer.

Link to comment
Share on other sites

Craig -

 

How does this compare with using an encrypted disk image created with Disk Utility?

 

It's definitely better to only encrypt what needs to be kept secure which is why we haven't used File Vault. Maybe it has improved since I last tried to use it, but it seems like overkill.

 

Thanks for the suggestions and for taking the time to reply. I'll get this stuff to my husband so he can decide which way he wants to go.

Link to comment
Share on other sites

Craig -

 

How does this compare with using an encrypted disk image created with Disk Utility?

 

It's definitely better to only encrypt what needs to be kept secure which is why we haven't used File Vault. Maybe it has improved since I last tried to use it, but it seems like overkill.

 

Thanks for the suggestions and for taking the time to reply. I'll get this stuff to my husband so he can decide which way he wants to go.

Espionage actually uses encrypted disk images but does it in a way that makes it seem like it's not...it's done very cleverly and is transparent to the user. I don't know how Knox works but that company, AgileBits, is fantastic and is best known for 1Password...I can't say enough good about them but I preferred Espionage from TaoEffect more. There are other options out there but the ones I've tried aren't as good as Knox or Espionage.

Edited by craigminah
Link to comment
Share on other sites

I seem to remember you can edit the Open Firmware to prevent startup in Target mode, that might be worth looking into.

Link to comment
Share on other sites

Thanks for the replies. We'll look into all this. I wonder if Mac users in general know about this vulnerability?

Link to comment
Share on other sites

Well, in my opinion its not exactly a vulnerability. To me, if you have physical access to the device, just about anything can be broken. If it supports Target Disk mode, that of course makes it easy, but someone could also just pull out the physical drive and plug it into their computer, or into an external hard drive enclosure. Or, they could boot from an OS X install disk and reset the admin password.

 

A hard drive or disk image encryption is important if you want to ensure that even in physical access it will be difficult to crack (but never impossible), but I don't feel target disk mode offers creates any vulnerabilities that aren't there already.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...