You can't entirely prevent a user from accessing /dev, it's an integral part of a Unix-like system... the users allocated pty/tty(4) device for example.
Access to raw devices is restricted via, permissions.. and of coarse, the securelevel(7).
The text of the page differs between the BSD derivatives, but the gist of it is a securelevel >= 1 disallows write access to raw devices.. or at least mounted raw devices under OpenBSD.
Besides that, the default file permissions on such devices are set to decent values.. for example:
Code:
$ ls -lh /dev/rwd0?
crw-r----- 1 root operator 3, 0 Aug 3 19:08 /dev/rwd0a
crw-r----- 1 root operator 3, 1 Aug 3 19:08 /dev/rwd0b
crw-r----- 1 root operator 3, 2 Aug 3 19:08 /dev/rwd0c
crw-r----- 1 root operator 3, 3 Aug 3 19:08 /dev/rwd0d
crw-r----- 1 root operator 3, 4 Aug 3 19:08 /dev/rwd0e
crw-r----- 1 root operator 3, 5 Aug 3 19:08 /dev/rwd0f
crw-r----- 1 root operator 3, 6 Aug 3 19:08 /dev/rwd0g
crw-r----- 1 root operator 3, 7 Aug 7 21:24 /dev/rwd0h
crw-r----- 1 root operator 3, 8 Aug 3 19:08 /dev/rwd0i
crw-r----- 1 root operator 3, 9 Aug 3 19:08 /dev/rwd0j
crw-r----- 1 root operator 3, 10 Aug 3 19:08 /dev/rwd0k
crw-r----- 1 root operator 3, 11 Aug 3 19:08 /dev/rwd0l
crw-r----- 1 root operator 3, 12 Aug 3 19:08 /dev/rwd0m
crw-r----- 1 root operator 3, 13 Aug 3 19:08 /dev/rwd0n
crw-r----- 1 root operator 3, 14 Aug 3 19:08 /dev/rwd0o
crw-r----- 1 root operator 3, 15 Aug 3 19:08 /dev/rwd0p
This means only root has write access, members of the operator group have read access.. all other users are disallowed.
I'm sure FreeBSD has similar permission settings..