beautypg.com

Secure delete, About authentication and authorization, 56 about authentication and authorization – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 56

background image

Â

Secure VM: Secure VM encrypts system virtual memory (memory data temporarily
written to the hard disk), not user files. It improves system security by keeping
virtual memory files from being read and exploited.

Â

Disk Utility: Disk Utility can create disk images whose contents are encrypted and
password protected. Disk images act like removable media such as external hard
disks or USB memory sticks, but they exist only as files on the computer. After you
create an encrypted disk image, double-click it to mount it. Files you drag onto the
mounted image are encrypted and stored on the disk image. You can send this disk
image to other Mac OS X users. With the unlocking password, they can retrieve the
files you locked in the disk image.

Secure Delete

When a file is put in the Trash and the Trash is emptied, or when a file is removed
using the

rm

UNIX tool, the files are not removed from disk. Instead, they are removed

from the list of files the operating system (OS) tracks and does not write over.

Any space on your hard disk that is free space (places the OS can put a file) most likely
contains previously deleted files. Such files can be retrieved using undelete utilities
and forensic analysis.

To truly remove the data from disk, you must use a more secure delete method.
Security experts advise writing over deleted files and free space multiple times with
random data.

Mac OS X Server provides the following tools to allow you to securely delete files:

Secure Empty Trash (a command in the Finder menu to use instead of “Empty Trash”

В
В

srm

(a UNIX utility that securely deletes files, used in place of “rm”)

About Authentication and Authorization

Authentication is verifying a person’s identity, but authorization is verifying that
an authenticated person is allowed to perform a certain action. Authentication is
necessary for authorization.

In a computing context, when you provide a login name and password, you are
authenticated to the computer because it assumes only one person (you) knows the
login name and the password. After you are authenticated, the operating system
checks lists of people who are permitted to access certain files, and if you are
authorized to access them, you are permitted to.

Because authorization can’t occur without authentication, authorization is sometimes
used to mean the combination of authentication and authorization.

56

Chapter 4

Enhancing Security

See also other documents in the category Apple Software: