Support User Manuals

Apple 10.6 Server User Manual

Open as PDF

of 197

Â Secure VM: Secure VM encrypts system virtual memory (memory data temporarily

written to the hard disk), not user les. It improves system security by keeping

virtual memory les from being read and exploited.

Â Disk Utility: Disk Utility can create disk images whose contents are encrypted and

password protected. Disk images act like removable media such as external hard

disks or USB memory sticks, but they exist only as les on the computer. After you

create an encrypted disk image, double-click it to mount it. Files you drag onto the

mounted image are encrypted and stored on the disk image. You can send this disk

image to other Mac OS X users. With the unlocking password, they can retrieve the

les you locked in the disk image.

Secure Delete

When a le is put in the Trash and the Trash is emptied, or when a le is removed

using the rm UNIX tool, the les are not removed from disk. Instead, they are removed

from the list of les the operating system (OS) tracks and does not write over.

Any space on your hard disk that is free space (places the OS can put a le) most likely

contains previously deleted les. Such les can be retrieved using undelete utilities

and forensic analysis.

To truly remove the data from disk, you must use a more secure delete method.

Security experts advise writing over deleted les and free space multiple times with

random data.

Mac OS X Server provides the following tools to allow you to securely delete les:

Secure Empty Trash (a command in the Finder menu to use instead of “Empty Trash” Â

Â

srm (a UNIX utility that securely deletes les, used in place of “rm”)

About Authentication and Authorization

Authentication is verifying a person’s identity, but authorization is verifying that

an authenticated person is allowed to perform a certain action. Authentication is

necessary for authorization.

In a computing context, when you provide a login name and password, you are

authenticated to the computer because it assumes only one person (you) knows the

login name and the password. After you are authenticated, the operating system

checks lists of people who are permitted to access certain les, and if you are

authorized to access them, you are permitted to.

Because authorization can’t occur without authentication, authorization is sometimes

used to mean the combination of authentication and authorization.

56 Chapter 4 Enhancing Security

previous next