tictech: ** OSX Security Enhancement at Hale **

• Previous message: Mark Ahlness: "tictech: Network Status memo"
• Next in thread: Kirk Godtfredsen: "Re: tictech: ** OSX Security Enhancement at Hale **"
• Reply: Kirk Godtfredsen: "Re: tictech: ** OSX Security Enhancement at Hale **"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-tictech message:

Dear Folks,

There has been some concern about security issues associated with the use
of the Mac OSX operating system in our schools. We share some of these
concerns at Hale and have carefully secured our machines to operate on OS9
only, pending release of additional security measures by Apple. However,
only a little study was required to realize that securing OSX was within
the reach of personnel who possess a basic background in UNIX and some
understanding of security issues. Furthermore, because almost all of these
configurations are scriptable, easily securing OSX is potentially within
the reach of everyone...assuming someone provides a script, disk image or
GUI installer.

Our prototype completely restricts the command line, prohibits all
browsing of the harddrive, eliminates the the Finder's capabilities,
removes the ability to connect to other networked machines via the "Go"
menu, prohibits changes to global preferences, confines launching of
applications to the dock, and recopies the entire user environment on each
login. This latter function allows the user to make some changes to their
environment during their session without compromising the system for the
next user. All of this was done from the command line, and required no
additional software.

Some of these restrictions are rather severe in my opinion and we hope to
safely restore some of the capabilities which we've eliminated. But our
configuration does allow students to safely use OSX and experience
something of its "look and feel", take advantage of its stability, and use
the new OSX applications.

If you're interested, complete documentation for how this was done is
located at:

http://hale.ssd.k12.wa.us/~tonyh/osx-secure.html

*** tony

        ---------------------------
        Tony Hand
        tghand@seattleschools.org
        Technology Coordinator
        Nathan Hale High School
        Seattle School District
        ---------------------------

-end tictech message. To join, leave, or visit
the message archive, go to tictech on the Web:
http://www.earthdaybags.org/tictech/

• Next message: Kirk Godtfredsen: "Re: tictech: ** OSX Security Enhancement at Hale **"
• Previous message: Mark Ahlness: "tictech: Network Status memo"
• Next in thread: Kirk Godtfredsen: "Re: tictech: ** OSX Security Enhancement at Hale **"
• Reply: Kirk Godtfredsen: "Re: tictech: ** OSX Security Enhancement at Hale **"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue May 07 2002 - 06:15:46 PDT