Planning and Managing a Macintosh Datacenter

Protection.

Physical security of servers is as important, if not more important, than network security. As Macintosh Managers we must recognize that significant weakness of our platform.

MacOS 9 and earlier have little or no default console security.
If somebody has access to the keyboard, they have your box.

MacOS X is better, but still vulnerable from the console.
“Single-user mode” is the fastest path to root on any unix.

The solution: a door with a lock.
Don’t put your servers in an open office.
Anything more elaborate than a door (armed guards, barbed wire, man-traps, biometric scanners, whatever) is just eye candy.

Limit the key to authorized staff.
Yes, even the CEO needs to be escorted.
The janitor is *you.*


	Protection.
	Protection.

	Physical security of servers is as important, if not more important, than network security. As Macintosh Managers we must recognize that significant weakness of our platform. MacOS 9 and earlier have little or no default console security. If somebody has access to the keyboard, they have your box. MacOS X is better, but still vulnerable from the console. “Single-user mode” is the fastest path to root on any unix. The solution: a door with a lock. Don’t put your servers in an open office. Anything more elaborate than a door (armed guards, barbed wire, man-traps, biometric scanners, whatever) is just eye candy. Limit the key to authorized staff. Yes, even the CEO needs to be escorted. The janitor is you.

Physical security of servers is as important, if not more important, than network security. As Macintosh Managers we must recognize that significant weakness of our platform.

MacOS 9 and earlier have little or no default console security. If somebody has access to the keyboard, they have your box.

MacOS X is better, but still vulnerable from the console. “Single-user mode” is the fastest path to root on any unix.

The solution: a door with a lock. Don’t put your servers in an open office. Anything more elaborate than a door (armed guards, barbed wire, man-traps, biometric scanners, whatever) is just eye candy.

Limit the key to authorized staff. Yes, even the CEO needs to be escorted. The janitor is *you.*

MacOS 9 and earlier have little or no default console security.
If somebody has access to the keyboard, they have your box.

MacOS X is better, but still vulnerable from the console.
“Single-user mode” is the fastest path to root on any unix.

The solution: a door with a lock.
Don’t put your servers in an open office.
Anything more elaborate than a door (armed guards, barbed wire, man-traps, biometric scanners, whatever) is just eye candy.

Limit the key to authorized staff.
Yes, even the CEO needs to be escorted.
The janitor is you.