(Paranoid) physically locking down harddrives through the FS

Similar Messages

• How to use configurator to lock down settings on the iPad?

  Hi All,
  I'm pretty new to the iPad / Configurator scene but have grasped the basics on how to deploy profiles etc using configurator. My question is this - I would like to be able to lock the 'settings' feature to not allow general user access without a passcode @ least, is this possible?
  In an educational environment i would really like this to be done because we all know how tech savvy students are now!
  Sorry if this has been asked before but after an hour or so of searching, i've given up
  Thanks,
  Dave

  The ipad is still a personal device. A knowledgeable student can delete configuration profiles hence all associate apps and settings. you will want a standard restore image to fix the device.
  Use VPP.  Select an MDM.  Read the google doc below.
  IT Resources -- ios & OS X -- This is a fantastic web page.  I like the education site over the business site.
  View documentation, video tutorials, and web pages to help IT professionals develop and deploy education solutions.
  http://www.apple.com/education/resources/information-technology.html
     business site is:
     http://www.apple.com/lae/ipad/business/resources/
  Excellent guide. See announcment post -- https://discussions.apple.com/thread/4256735?tstart=0
  https://docs.google.com/document/d/1SMBgyzONxcx6_FswgkW9XYLpA4oCt_2y1uw9ceMZ9F4/ edit?pli=1
  good tips for initial deployment:
  https://discussions.apple.com/message/18942350#18942350
  https://discussions.apple.com/thread/3804209?tstart=0
  Educational institutions in the USA can use the App Store Volume Purchase Program (VPP) to buy Apps.
  https://support.assistiveware.com/index.php?pg=kb.page&id=54
  There are three ownership models:
      *     Personal
      *     Institution
      *     Layered. combines personal & institution.
  Watch this apple video on layered ownership.  It education based, but that's OK.
  http://www.apple.com/education/resources/videos/#ios-layered-ownership

• Locking Down & Creating Exceptions

  We have seven school district buildings which includes an administration
  building. Each school has it's own server set on NW6.5SP5 and BM3.8SP4 as
  well as Zen 7. The admin bld has two servers, one for the building and one
  is our web/e-mail server using GW 7.0.2HP and Apache2. It also has GWava
  running with Kaspersky A/V (e-mail) and both servers are our DNS servers.
  If I set the default filters (to lock down the system) with BM, all
  connectivity is lost, which it should be. However, I've not been able to
  figure out the correct filters to set to allow traffic into and out of the
  web server and e-mail, i.e., if I lock down the building server no one can
  get to their e-mail or access the web server but can access the Internet via
  the BM proxy.
  I have Craig's books but guess I need a little more detail and pictures. Is
  there a book out there for those of us with A.D.D. that will walk me through
  creating a filter one-step-at-time including saying what each step is
  for/doing or what will be accomplished?
  I need to lock down each of the servers, but can't because, although users
  can get out to the Internet via the BM Proxy, they still don't have access
  to GroupWise from the client and / or Novell's iFolder, and Instant
  Messaging, of course. If I go to iManager 2.6 and attempt to creating
  exceptions for GW, iFolder and IM, the filter exceptions are created but
  don't make a difference.
  Sorry to drag on so long, but we've had an incident happen in the last month
  and we need to make the network more secure but still allow users to such
  things as the Internet, GW, iFolder, etc.
  Any suggestions and/or ideas would be appreciated,
  Tim

  >> In article <[email protected]>, Tim Ferguson wrote:
  >> When I say "Yes" to create a secure system when running BRDCFG, all outside
  >> access is blocked or isn't it supposed to be?.
  >> When you do that, it blocks all traffic to and from the public interface, and
  >> then adds some default exceptions intended to allow the VPN and certain
  >> proxies to work. (It will not overwrite any exceptions you might already
  >> having in place that would allow too much traffic through).
  >> The only way to the Internet
  >> is through the proxy, and VPN traffic is ok. Traffic on the VPN and the
  >> private IP network is fine, or should be, correct?
  >> Should be, correct.
  >> For Example:
  >> I have a user at 192.168.30.150 that needs to access his GW e-mail using the
  >> GW client to the server at 209.xxx.xxx.163, port 1677, but can't once the
  >> "secure system" is set. Realistically, we should set his client to check
  >> the private IP of the e-mail server at 192.168.20.1, port 1677, correct?
  >> Well...
  >> I'm not clear if you are trying to have the client access the GW process from
  >> inside or outside the LAN. Normally if you have a client on the inside of the
  >> LAN, that client should always be pointed to the internal IP address of a
  >> process, not the public IP address.
  I was talking about each teacher's workstation GW client, all of which are inside the VPN-created LAN
  >> If the GW process (POA, here) is running on the BMgr server itself, it is most
  >> likely listening on all IP addresses, and you need to make sure the internal
  >> address (unfiltered) is being used when inside the LAN.
  We have seven buildings, six schools and the administration building. Each building has it's own BorderManager server. Each building has it's own T-1 circuit. The buildings are connected by a BorderManager VPN (IKE). The web/mail server at the administration building is the VPN master.
  Currently each workstation's GW client (in each building) is set to the GW server's (MTA, POA, GWIA, WEBACC) public IP. Setting the filters to create a secure system would kill this capability, correct?
  >> If the process is being static NAT'd to that public address, you should not be
  >> able to access it from the inside (using the public address) with filters up
  >> or not.
  We are using "dynamic" NAT in each building. I only use "static" NAT when I create a secondary IP to my office computer so I can access it from home. NAT is then set to "dynamic and static" and not "static" only.
  >> If the process is being proxied to the public address, you could access it on
  >> the public address, as long as filter exceptions were added to allow the
  >> traffic from private to public, but it would be better to just point to the
  >> internal address.
  The process is not being proxied to the public address, was never able to get that configured and working.
  >> Often this means you just set up an internal DNS server.
  Explain further, please. Each of the two servers at the administration building is a public DNS server. To create an internal DNS server, it would be set just to the private IP's of most of the same objects on the public DNS servers?
  >> Should I then: (1) Create an exception on his building's server (the
  >> gateway) using the public interface to let his client out on port 1677? And
  >> (2) Create an exception on the mail server using the public interface to
  >> allow port 1677 in, and use a stateful filter exception on both so traffic
  >> goes both ways? or (3) ???
  >> If the client is on the inside of the LAN, you definitely should be pointing
  >> the client to an internal IP address.
  >> If the client is on the outside of the LAN (laptop taken home, for instance,
  >> or a home PC using GW client), then you have options:
  >> 1. GW running on a BMgr server
  YES
  >> 2. GW running internally, proxied to a public address
  NO
  >> 3. GW running internally, static NAT'd to a public address.
  NO
  From home or otherwise outside the private LAN, we use the GW server's public IP from the GW client.
  >> With 1 and 2, the filter exceptions are the same. With 3, they are different.
  >> I have examples for each in the filtering book.
  >> With 2, you not only have to have filter exceptions (public to public), you
  >> also have to have proxy configured and running AND access rules.
  >> With 3, you just need to have static NAT configured, filter exceptions, and a
  >> default route on the GW server. This option is the most common one I see.

• What is Locked Down mode?

  What is Locked Down? What is installation in Locked Down Mode? I only know it is something related to security.
  Thanks!

  Yi wrote:
  Thanks for your great attention.
  There is only some comments by other guy which give me the idea how to check. "During tests, make sure that installation in a locked down mode is possible."
  "Lock Down mode is the most secure mode, with only essential services/functionality enabled OOTB. When installed in this mode, all non-essential functionality/account/data should be explicitly added and configured by the customer."
  That's all the context above. That's all the context? some vague comment by some "other guy"? The statement "should be explicitly added and configured by the customer" sounds like this is from installation instructions for some third party product.
  I'm sorry, I still can't answer your question of "What is Locked Down Mode". Maybe you should ask your "other guy" that used the term that gave you the idea to check.
  So is my understanding correct? "In my opinion locked down mode should enable users to select essential or must modules to install, and what is unnecessary to customer can be deselected. So to check if a software can be installed in locked down mode means to try if the software enable the above installation options." Since I don't know what "other guy" nor you mean by "locked down mode" there is no way I can comment on whether or not your understanding is correct.
  >
  BTW, our product is a PLM software.That's nice. I drive a Honda.

• Why is it that my powerbook does not recognize when i insert external hard drives through the USB 2.0 port

  when i insert an external harddrive through the usb port, my mac doesnot recognise that its even there but when a flash disk is inserted, it recognises it perfectly.
  why does that happen?

  Michael is on the right track. Some external hard drives lacking their own power supply simply cannot get enough power from a single USB port. It is most noticeable in the "name brand" drive that the office supply and computer superstores put on sale every other week. Their chipsets seem to be better optimized for Windows than Macs.
  Flash drives work because the don't have a power-hugry motor that must turn.
  There are two easy and inexpensive cures that allow you to keep your current drive:
  get a "Y-cable" that let you connect one drive to two of the computers UWB ports. Example:1 Meter USB 2.0 A to 5 Pin Mini B Cable - Auxiliary USB "Y" Power Design for external hard drives.
  get a self-powered USB hub. It has a separate power supply that boosts what goes to the drive. Example: Macally TriHub - 4 Port Hi-Speed USB 2.0 Hub for Mac & PC
  If you need the computer and drive to work together in an environment lacking a power source for the hub, and the y-cable isn't an option because you have too few available USB ports, then your only option is to replace the current drive with one better optimized for Macs, like these:
  http://eshop.macsales.com/shop/firewire/on-the-go
  This particular one has the option of running on power from the computer's USB ports or, with an optional power supply, wall power. A good compromise for both remote and desktop use.

• HT1212 my ipad is disabled permantly and i dont want to loose my pictures i keep going through the 5 steps and each time it says "itunes cannot connect to ipad because it is locked with a passcode" WHAT DO I DO PLEASE HELP ME. thank you. sorry about spell

  my ipad is disabled permantly and i dont want to loose my pictures i keep going through the 5 steps and each time it says "itunes cannot connect to ipad because it is locked with a passcode" WHAT DO I DO PLEASE HELP ME. thank you. sorry about spelling.

  FORCE IPAD INTO RECOVERY MODE
  1. Turn off iPad
  2. Turn on computer and launch iTunes (make sure you have the latest version of iTune)
  3. Plug USB cable into computer's USB port
  4. Hold Home button down and plug the other end of cable into docking port.
  DO NOT RELEASE BUTTON until you see picture of iTunes and plug
  5. Release Home button.
  ON COMPUTER
  6. iTunes has detected iPad in recovery mode. You must restore this iPad before it can be used with iTunes.
  7. Select "Restore iPad"...
  Note:
  1. Data will be lost if you do not have backup
  2. If you did not do step 4 properly, start all over again.

• Like to know about the physical lock for imac behind

  Like to know about the physical lock for imac behind?

  The only product I'm aware of is the Griffin Cable Lock.
  My personal preference is for a bike cable lock through the hole in the stand to an eyebolt in the wall behind.

• What is the best way to lock down an iMac?

  What is the best way to lock down an iMac to a desk?

  Run a cable through the hole in the stand and lock it to the desk. There are lots of security products out there to do this, here is a good sample to look for:
  imac security lock cable

• Firefox can't open normally without going through the "this is embarrassing" routine; nor does it close down properly; it also sticks frequently, i.e. screen freezes for a minute or more; should I uninstall and re-install to try and debug?

  Firefox can't open normally without going through the "this is embarrassing" routine; nor does it close down properly; I get the "end program" message and have to say "end now"it also sticks frequently, i.e. screen freezes for a minute or more; should I uninstall and re-install to try and debug?
  - I've used Firefox exclusively for around 2 years.
  - My outlook express has no problems
  - other programs seem unaffected; it seems peculiar to Firefox.
  - my main use is surfing the net, primarily entering competitions on line via specialist competition sites.
  - every day at some stage(s) I have to switch computer off as Firefox has got very slow/sticky/freezes.
  I'm not techy by any means, but I can only thing of un- and re-installing to hopefully start with a clean slate.

  Sounds like something is keeping Firefox from closing properly. See this: <br />
  https://support.mozilla.com/en-US/kb/Firefox+hangs#Hang_at_exit

• I am using a Photoshop cs2, and I wonder if it is possible to keep the settings of the guidelines when closing an image, with the actual document ? It would be nice to have the guidelines locked down, I find it than when opening the same or another image,

  I am using a Photoshop cs2, and I wonder if it is possible to keep the settings of the guidelines when closing an image, with the actual document ? It would be nice to have the guidelines locked down, I find it than when opening the same or another image, the guidelines are not locked, it is annoying to have to lock them down again. and it would actually be nice, to ba able to give specific directions when placing the guidelines. Thanks

  Then why are the guides unlocked when I reopen a document that I saved with the guides locked ?
  Thanks.

• How do you modify the web.xml to lock down the pages from a user role

  how do you modify the web.xml to lock down the pages from a user role

  I'll make a stab at your question:
  The following is an example of where a URL is protected within a web.xml deployment descriptor. In this example, the URL /protectedA within the application is protected:
  <!-- security constraints -->
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>protectedA</web-resource-name>
  <url-pattern>/protectedA</url-pattern>
  </web-resource-collection>
  <!-- authorization -->
  <auth-constraint>
  <role-name>sr_developer</role-name>
  </auth-constraint>
  </security-constraint>
  Sun's explaination here:
  http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security4.html

• I wonder how pro photographers use aperture?I shoot raw and my harddrive is alreay full.I'm not able to import new pictures.Is it ok if i create a vault and delete all my projects in the HD.Can I use an external HD use aperture through the vault??

  I wonder how pro photographers use aperture?I shoot raw and my harddrive is alreay full.I'm not able to import new pictures. I don't know what to do. I created a vault. My plan was to create a vault(put all my master files into an external harddrive) and then delete all my projects in my mac pro's harddrive. Is it the correct way to do it ? What should I do if I have thousands of raw files ? How should my workflow be? Can I use an external HD and use aperture through the vault,without keeping the master files on my computer's hard drive?? Or should I shoot raw+jpeg and store raw files in an external backup harddrive and import only jpegs into my aperture library?

  There's a bit to learn.  It will slowly make sense.
  Aperture is an empty field.  You're given a tractor and a whole bunch of attachments. What you grow, how, and where, is entirely up to you.
  Vaults are for back-up and only for back-up.  They have nothing to do with storing your working files.
  When your Library outgrows your system drive (and for good performance, you should leave c. 20% of every drive empty), it's time to convert some of your image's Masters from Managed to Referenced.  ("Managed" and "Referenced" refer to Masters, not to Libraries.)
  There are hundreds of posts in the forum, and several pages in the User Manual on using Masters.
  Many people run Aperture with the Library on their system disk, and most (or all) of their images' Masters on external FW drives.  This is a good set-up.  Note that you will likely have to take steps to back-up the data on your external drives.
  If you do the above, there should be no reason to delete any Projects.
  The choice of RAW or RAW+JPEG or JPEG depends on the kind of work you are doing.  I capture RAW only -- but I don't do any commercial shoots.  Pros on deadlines report that the RAW+JPEG works well for them.  Capture JPEG if it saves you time.  IMHO, there is not a good reason to shoot JPEG to save space (space is cheap; time expensive).
  Short-term solution: buy and use a FW800 external 1 TB drive, formatted "Mac OS Extended (Journaled)", and using Aperture relocate the Masters of all images older than 30 days to that drive.  (Be sure to change your back-up strategy to include this new drive; you may need a second new drive.)
  This general post of mine might help you understand more about Aperture.

• My phone was stolen and I discontinued cell service to the phone through my provider. Before discontinuing service, I locked my phone from the icloud. Now that it is no longer being serviced by the service provider, will it remain locked?

  My phone was stolen and I discontinued cell service to the phone through my provider. However, before discontinuing service, I locked my phone from the icloud. Now that it is no longer being serviced by the service provider, will the phone remain locked?

  Thanks, James. Sadly, I had not upgraded to iOS 7 as I only had an iphone 4 and those I knew with the 4 who upgraded had major issues with battery life, so I decided not to upgrade. However, I know the phone was locked because the new "owner" called and hung up on me while calling the number I listed in the "This phone is stolen message" set by the cloud. Are you saying that my phone will remain locked if they don't know how to break into it? Or are you saying that it will no longer stay locked once I turned off service to the phone?

• My ipod app no longer works. Everytime I go to open the ipod app it stays open for a second and then shuts down. I am not able to get anything to play either through the standard ipod controls or the multitasking control panel. I'm sure there will be an u

  my ipod app no longer works. Everytime I go to open the ipod app it stays open for a second and then shuts down. I am not able to get anything to play either through the standard ipod controls or the multitasking control panel. I'm sure there will be an update soon to correct this, i just wanted to see if anyone else was having the same problem.
  wen i open ipod in my iphone ,, it gets stuck ,, and get backs to the menu ,,, and doesnot play anything ,, not video nor song

  If your phone is not officially unlocked by the carrier in the UK, you can not use the phone using another SIM, unless you modify the software or the SIM, which can lead to unexpected results, such as non functioning apps.
  Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues
  Problems resulting from those modifications can't be discussed in these forums, due to the Terms of Use

• What are the security settings to lock down a form with fillable fields and yet allow someone with Reader to fill in the fields as will as save the form and print it?

  What are the security settings to lock down a form with fillable fields and yet allow someone with Reader to fill in the fields as will as save the form and print it?

  You want to allow someone to open your document and fill out the form (in the fields you have created), but not change or edit the form, right? Here's the answer - assuming you are using Acrobat Pro and someone will be opening the PDF using at least Acrobat Reader 9 and up:
  Tools > Protection > Encrypt < Encrypt with Password
  Answer YES to change the security.
  A new window opens:
       Do NOT select Document Open (or that will require a password to open the document.)
       Select: Permissions (Check the box next to "Restrict editing and printing of the document.")
       Change the following 2 settings from the drop-down box:
            Printing Allowed: Select High Resolution
            Changes Allowed: Select Commenting, filling in form fields, and signing signature fields
            Leave selected: "Enable text access for screen reader devices for the visually impaired"
            Change Permissions Password (insert a strong password)
            Leave all other settings alone in "Options"
            OK - OK
            Re-enter the Permissions Password (the one you entered above)
            OK - OK
            Save the PDF to apply the security [notice that (SECURED0 will appear after the document title]