Physical Security

Similar Messages

• IMac physical security options

  The campus where I work has recently experienced a rash of iMac thefts from our labs. These computers were locked down with security cables, but the thieves clearly have a good pair of bolt cutters, and the cables failed to deter them.
  As a result, we've been looking at non-cable-based physical security options for iMacs, of which we've found only two:
  - The Noble Security Plate for iMac, http://store.apple.com/us/product/H4848LL/A
  - the Anchorpad iMac Plate System, http://www.anchorpad.com/products/security-for-mac-computers/lockdown-plates/ima c-plate-system
  We've also tried the Cavalier Lockdown Plate, which is not specifically for the iMac: http://www.computersecurity.com/lockdown/plates.htm
  The problem is this: in our testing, all three of these were easily defeated with a small crowbar. I can't really call this a design failure on the manufacturer's part; I understand that any security kits are deterrents and not guarantees against theft. However, it seems reasonable that thieves equipped with bolt cutters would probably also have crowbars.
  So my question is this: are there any iMac security solutions that could deter thieves of this caliber? I'm thinking of perhaps going with a home-grown solution: drilling through the iMac's foot and the table that it's on, and securing it with bolts large enough to deter bolt cutters.
  Any suggestions/comments would be greatly appreciated!

  Drill two quarter-inch holes in the base of the iMac's stand. Drill two corresponding holes in the desk top where you want the iMac to be positioned. Insert two quarter-inch hex head hardened bolts through the holes in the iMac's base and the desk top. Use bolts that are long enough to extend about an inch below the underside of the desktop.
  From the underside of the desk, install a quarter-inch "body" washer (ask at your local hardware store) and then a conventional washer and a fiber-core security nut. Before tightening the fiber-core nut, apply a drop of Lock-Tite Thread and Bearing Mount to the threads of the bolts. The Thread and Bearing Mount will require the application of heat to remove it. (Ask me how I know.)
  Once the fiber-core nuts are tight, use a pair of Vise-Grip locking pliers to destroy the exposed threads on the bolts by crushing them between the jaws of the Vise-Grips. That will  make the nuts impossible to remove.
  When it's time to upgrade to new iMacs, sell the old ones and the desks they're attached to together as a package deal.

• How do you physically secure the new Mac Pro's?

  I am looking to buy the new Mac Pro, and went to see one in the apple store today, I asked the shop assistant how I would physically lock the Mac Pro to something too keep it safe and secure in an office environment and he said he didn't know how you would. It doesn't seem to have a laptop style hole to use a cable lock or anything like that. They are incredibly small and easy to pick up and pop in a bag...
  So has anyone come across anything like this to answer my question?
  https://discussions.apple.com/thread/5695967?tstart=0
  This discussion doesn't seem to be a reasonable solution.
  Cheers

  @Will172
  I am not a DIYer especially not when it comes to locking something as valuable as a Mac Pro.
  My go to compnay for locking mac stuff is maclocks and they just announced this http://www.maclocks.com/mac-cable-locks/mac-pro-lock-bracket-with-security-cable -lock-fits-new-mac-pro.html
  Don't know if you already built the solution for yours but this is looking to be a great one.
  I have dealt with maclock on a few occassions because I bought their macbook pro bracket lock and couldn't be happier.

• Does anyone have a way to physically secure the black apple TV against theft?

  I own a Hostel, and have just recently bought my second apple TV because the first one got stolen last year from the TV area.... unfortunately the device doesn't have the normal computer 'lock' hole physically designed into it, so I'm not sure what I can do to help avoid getting this one stolen as well.
  Any ideas?... has anyone else even given this some thought? I did a google search about the topic and came up absolutely empty. I'm pretty surprised as I was definitely expecting to find some sort of creative solution... but again, nothing! >.<
  Thanks ahead of time!
  - David

  I actually posted a month or so ago on the UK forum about the apple tv lock I got, and it was one of the best things I ever bought. I got it from Maclocks, and i have not stopped talking about it to anyone I meet. I think this is exactly what you are looking for, its even in black. Not sure if this product was around when you posted it back in 2012, but you should definitely snatch it up now (if you are still looking;). Its the Apple TV Security Mount, and the site also had a youtube video to instruct us how to set it up. I just posted yesterday something from this company, I was wondering if their iPadAir Lock was any good, so if you have any experience with one let me know!

• How to physically secure Mac mini?

  I want to convert from windows xp dell to Mac mini at work, but worried that it will be to easy to walk away with it. what are my options to secure the mac mini?
  HPNY
  PowerPC G4   Mac OS X (10.4.3)  

  The security slot means you can use a notebook style cable to lock it down. That will slow down someoe or at least make them go and get a bolt cutter. A lock on the office door woud help too.
  But the most importent things are
  1) Back up you data and keep it locked up someplace not near the computer.
  2) Mac OX has a feature where you can encrypt all your data. Encrypted data
  is usless to whoever steels it.

• Security in Lion 10.7.3?

  My first line of security with my desktop Mac Pro is to force password entry after screen saver activation or sleep. This has been a nightmare to get working! Finally, after deleting preference files, changing preference settings, quitting preferences then relaunching and changing a setting back, I seem to have it working. It shouldn't be this way. I've had the combo of Energy Saver, Screen Saver and Privacy settings working to provide the first level of "physical security" for years on previous operating systems. In this respect, Lion is dismal at best.
  RW.

  As well, the system cannot be programmed to sleep after a certain time. Well . . . It sleeps for a minute or two then wakes . . . No Ethernet calls allowed, no sharing machines on at the time . .  So each night I must sleep the computer manually. Easy to forget and noisy when I do forget.

• Using EFI password "full" security isn't working

  Hi,
  I'm trying to use the EFI Password Utility to prohibit any attempt to boot my MacBook Pro without the correct password.  I used the utility available on the MacBook Pro's supplied install DVD, and so far have successfully prevented the use of any keystrokes on boot without the correct password (ie. "command" mode).  However, I am unable to set the EFI to prohibit any attempt to boot.
  Apple documents in its, "Mac OS X: Security Configuration - For Mac OS X Version 10.6 Snow Leopard" PDF manual that,
  You can also configure EFI from the command line by using the nvram tool. […] 
  You can set the security mode to one of the following values:
       Full: This value requires a password to start up or restart your computer. It also requires a password to make changes to EFI.
  For example, to set the security-mode to full you would use the following command:
       $ sudo nvram security-mode=full
  I applied this setting, but it doesn't appear to be working.  The redacted output of "nvram -x -p" is as follows:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
            <key>EFICapsule_Result</key>
            <data>
            REDACTED
            </data>
            <key>SmcFlasherResult</key>
            <data>
            REDACTED
            </data>
            <key>SystemAudioVolume</key>
            <data>
            REDACTED
            </data>
            <key>boot-image</key>
            <data>
            REDACTED
            </data>
            <key>efi-apple-payload0</key>
            <data>
            REDACTED
            </data>
            <key>efi-apple-payload0-data</key>
            <data>
            REDACTED
            </data>
            <key>efi-apple-recovery</key>
            <data>
            REDACTED
            </data>
            <key>efi-boot-device</key>
            <data>
            REDACTED
            </data>
            <key>efi-boot-device-data</key>
            <data>
            REDACTED
            </data>
            <key>gpu-policy</key>
            <data>
            REDACTED
            </data>
            <key>prev-lang:kbd</key>
            <data>
            REDACTED
            </data>
            <key>security-mode</key>
            <string>full</string>
  </dict>
  </plist>
  What makes it confusing is that Apple specifies later on the same page (56) that the the term passed to the "security-mode" option should be encased in quotes:
  # Secure startup by setting security-mode. Replace $mode-value with # "command" or "full."
       sudo nvram security-mode="$mode-value"
  So, assuming that I may have used the wrong version of the command, and thereby not applied the setting correctly, I deleted the "security-mode" key using:
  sudo nvram -d security-mode
  I then re-applied the setting using:
  sudo nvram security-mode=full
  because I was confident that, initially, I had used the version with quotes.  However, it's made no difference - booting the machine does not require entry of an EFI password.
  Oddly, the EFI still prevents the use of keystrokes (ie. "command" mode), so it's definitely functional; I just can't tell it to use "full" mode.  Also, I note that "security-mode" is the only key to have a "string" child not a "data" child - is this indicative of a problem?
  Any advice?

  I've got the same problem as OP but I'm not concerning myself with the physical security of my device--an entirely separate topic altogether.
  Essentially, I know that with physical access to a Mac box it's possible to enter single user mode and change the password. I also know there is a way to prevent that ability by changing the default login credentials I just don't remember the phrase of what I'm looking for. I know that I have a pdf on hardening snow leopard which probably has information on how to restrict password changes when in single user mode, but I can't find it.
  Here's some stuff that should at least get you started in the right direction:
  http://support.apple.com/kb/HT1352
  http://lists.apple.com/archives/fed-talk/2011/Feb/msg00022.html
  Definitely read:
  http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf
  Depending how much time you want to spend on this, there's also a book by Charlie Miller called "Mac Hackers Handbook" that's worth the read--although I have yet to do completely so myself. I did get to see his talk at DefCon 2011 and it was pretty amazing- he developed a technique to essentially make a Mac laptop battery explode from a remote location-- although he never has actually done it for fear of...you know...actually destroying his computer. lol. The next time you hear a MacTard bragging about how OSX is a secure platform, be sure to bring that up. Also distinguish between viruses and malware in general the next time you talk to a genius about mac security- we recently discovered a rootkit on one of the Macs on our network.
  Back to the topic--If you're going to go through the effort of securing one aspect of your box, you mind as well keep going with it if you have legitimate reasons to worry about unauthorized access.
  Another awesome resource is the Electronic Frontier Foundation:
  https://www.eff.org
  https://ssd.eff.org/risk
  They have guides about nearly everything concerning online anonymity and/or security and they're really good about keeping it 'human readable' - ie understandable to the average user. I'll try to find that pdf and upload it if I do. Those other resources should point you in the right direction- if not explicitly answer your question. Let me know if you find anything too . Help me help you.
  <Edited by Host>

• J2EE Application Security

  Does anyone know how to implement and propogate security interoperability between the web and ejb tiers. I have a single web application that is split by multiple GWT entry points - each an application within a single war. A user can log into 1..n GWT entry points. Each entry point or GWT module contains differnt roles for a single user. The differing app roles have common permissions.
  For example, user1 is a user of app1 and app2.
  app1 the user is a system administrator in role1 containing all CRUD operations or permissions
  app2 the user is a user who has only read privs in role2 containing R operations or permission
  The application share the ejb tier via business delegates. So, if the user accesses a service method that is simple fast read method returning a list of records in app1 the user will see all records based on isUserInRole, and in app2 the user should see a limited set of records based on isUserInRole. How can I propogate the users permissions based on the application to the ejb tier?

  Hi,
  JAAS is principal based and has no notion of groups. You can use groups in J2EE security, but these need to be defined in teh deployment desccriptor and then mapped to physical security groups that may be in OID.
  Frank

• Linksys WRT54G LAN Security?

  Hi guys, just want to drop some questions around here, hope to have some great responses! Just recently, I've configured Linksys WRT54G as a wireless access point and it's working fine, as well as i enable WEP and MAC filtering security. Now, I've also connected some user through LAN which i doubt to have no security and can easily connect to the internet without MAC filtering or any security authentication. How will i configure this router to filter/restrict the LAN users to access internet? Is it possible? I would appreciate any help from this concern. Thanks, Mike

  The WRT54G is designed for home or small office use.  Because of this, the wired LAN ports on the router are protected only by "physical security", that is, they are protected because you only allow "trusted" people to come into your home. 
  Anyone who plugs their computer into a LAN port, will be able to access your network.
  If you know the MAC address of a computer, you can use "Access Restrictions" in the router, to deny them access to the Internet.  But they will still have access to your LAN.
  Message Edited by toomanydonuts on 09-11-2008 02:47 AM

• I always want google classic, but sometimes i get google beta or google security (or whatever, can't remember its name) when i don't want it. why does this happen and how can i set google classic as the default?

  google is my default on the home page. But when i ask for google or simply open firefox, i sometimes get google beta or google security (or whatever its name is) instead of google classic. I just want google classic. How can i set it as my default. (I have a desk top computer, use firefox, and this never happens.)

  Why Apple can't undo its mistake?
  Whose mistake? The source of the problem:
  I was required to enter my recovery key. Now, there begins that huge flaw. I've forgotten it (I know it was my responsibility to remember it).
  If you had just taken the simple steps of storing your recovery key as Apple tells you to when you set it up, none of this would've happened.
  As it clearly states in the FAQ on 2-step verification: http://support.apple.com/kb/HT5570
  After you turn it on, there will be no way for anyone to access and manage your account at My Apple ID other than by using your password, verification codes sent your trusted devices, or your Recovery Key. You must be responsible for:
  Remembering your password.
  Keeping your trusted devices physically secure.
  Keeping your Recovery Key in a safe place.
  If you lose access to two of these three items at the same time, you could be locked out of your Apple ID account permanently.
  In addition, with two-step verification turned on, only you can reset your password, manage your trusted devices, or create a new recovery key.
  Apple Support can help you with other aspects of your service, but they will not be able to update or recover these three things on your behalf.
  If you aren't responsible enough to do that, you should not have turned the optional security feature on.
  This is your fault, not Apple's.

• How secure is JInitiator

  Hi,
  I was wondering how secure is network-transport when using Oracle's JInitiator. Especially when you enter your password. Can it be read by sniffers? Is there some standard encription enabled? I'm NOT using SSL (and I'm not planning to use it).
  Thanks in advance for your attention.
  Jos Baan

  But people IN the network might be interested in password of others. How do you block them?Block them from doing what? The question is, "How would they get access to the passwords?" The answer to that, determines what you do to block them.
  When you submit data from a PC to a network, the network routers route the data to the appropriate destination. They don't send your data to every PC on the network. Just because you are on a network, doesn't mean you have access to all traffic in the network.
  If the Intranet is physically secure, then you can not access the network. If you can't access the network, you can't install sniffers and access the network traffic (or passwords) threrein. If a user is looking over someone's shoulder as they type in a password, then the application shouldn't be showing passwords.
  Is there a specific scenerio that you are concerned about?
  Message was edited by:
  Mark Roberts

• Secure access to BR350 configuration

  Is there a https or secure shell telnet access to the BR350 from the network? DoD will require all http, SNMP, and telnet access to a bridge to be disabled. The only way to configure a bridge would be via local serial port and hyperterminal. Are there a secure capability today, or plans for one in the future?

  Bad news for the paranoid - even restricting mangement access to the console won't keep your AP entirely safe.
  A wireless 'modem' can be attached to the serial port and provide endless access to attempt a login.
  There are a few methods for physically securing the AP. The less conventional, the more valuable.
  Matthew Wheeler
  Chief Wireless Architect
  www.BlueModal.com

• IPad security in China

  What do I need to know/do regarding security before taking an iPad to China.

  That addresses physical security, but I've heard that computers there can be hacked and key loggers or other mal-ware installed.  Does any of that apply, or is pyhsical security enough?  Also what about connecting to open (hotel) networks?  Finally do all the same principles apply to an iPhone?

• Security Cable

  I am interested in knowing how people are physically securing the flat panel iMacs. What products are you using? Can you provide a link to the product you are using? Background on why I am asking this: I am setting up an iMac lab for a College and do not want the Macs walking out of the room!

  Hello and Welcome to Apple Discussions. 
  The value option is the Kensington Security Cable Lock which are sold in all computer shops. The more general design will fit although there are iMac G4 specfic designs:
  http://www.mac-pro.com/s.nl/it.A/id.219/.f?sc=2&category=124
  The more robust solutions are probably hard to come by now given the age of the iMac (Flat Panel).
  mrtotes

• True Parental Security

  Well, since it took my son less than an hour to undo all of the restrictions I placed on his touch (I figured I had at least a week), and there is no software way to enforce parental controls...
  Is anyone aware of any physical security devices that block the dock connector? Either a case that LOCKS and closes it off, or a locking dongle that secures in the dock. Obviously, this would be the only way of enforcing parental controls.

  I agree that a separate iTunes store account is a good idea. But if you want to control what she puts on the phone set a restriction on the App Store. That's not a recommendation, BTW, just an option; I don't tell anyone how to parent
  Also think about how to manage the account. Your credit card, or only Apple gift cards? Or a prepaid credit card or debit card?