Enterprise Mac Security: Mac OS X Snow Leopard (Books for Professionals by Professionals)
Beau Hunter, Gene Sullivan
Format: PDF / Kindle (mobi) / ePub
A common misconception in the Mac community is that Mac’s operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats.
Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing systems, including the new Snow Leopard operating system.
Using the SANS Institute course as a sister, this book caters to both the beginning home user and the seasoned security professional not accustomed to the Mac, establishing best practices for Mac OS X for a wide audience.
The authors of this book are seasoned Mac and security professionals, having built many of the largest network infrastructures for Apple and spoken at both DEFCON and Black Hat on OS X security.
What you’ll learn
- The newest security techniques on Mac OS X and Snow Leopard operating system from the best and brightest
- The details of the entire Mac OS X Snow Leopard operating system for the desktop and server, and how to secure these systems
- Considerations for third-party applications on systems
- The details of Mac forensics and Mac hacking
- How to tackle Apple wireless security
Who this book is for
This book is for new users, power users, and administrators who wish to make sure that their Mac platform is secure.
Table of Contents
- Security Quick-Start
- Services, Daemons, and Processes
- Securing User Accounts
- File System Permissions
- Reviewing Logs and Monitoring
- Application Signing and Sandbox
- Securing Web Browsers and E-mail
- Malware Security: Combating Viruses, Worms, and Root Kits
- Encrypting Files and Volumes
- Securing Network Traffic
- Setting Up the Mac OS X Firewall
- Securing a Wireless Network
- Part IV: File Services
- Web Site Security
- Remote Connectivity
- Server Security
- Network Scanning, Intrusion Detection, and Intrusion Prevention Tools
- Backup and Fault Tolerance
still wise to test them in a lab environment before installing them on mission-critical machines. NOTE: To manually run the Software Update feature, open the Software Update preference pane and then click the Check Now button on the Update Software tab. For many of you, using the Mac OS X Software Update preference pane will be adequate enough to keep your computer updated. However, if you have multiple systems on your network that need updating, you can quickly bottleneck your Internet pipe if
First and foremost, granular ACLs won't translate completely. Second, although you might have effective write privileges via ACLs, if you don’t have write privileges via POSIX, it will seem as if you don't have privileges when you do an `ls` on the mounted NFS volume; however, if you try to read or write a file, it will work without issue. Poorly written third-party software might inspect CHAPTER 4: File System Permissions the POSIX permissions and determine that you don’t have access to an
read,write,execute,delete,append,readattr,writeattr, readextattr,writeextattr,readsecurity,writesecurity,chown" /MyAwesomeFolder chmod –R +ai "hunterbj allow read,write,execute,delete,append,readattr,writeattr, readextattr,writeextattr,readsecurity,writesecurity,chown" /MyAwesomeFolder/* TIP: Due to the way that the chmod utility parses the ACE, using the traditional syntax for chmod ACLs does not work correctly when used with user or group names that contain spaces in the shortname. This is
Although this is helpful, Console doesn’t show you every log on your computer. Each application logs information a little bit differently, and it would be impossible to cover every aspect of every log file ever created. Happily, many of the apps made for Mac OS X follow a fairly standard method that Apple established with its own logs. We’ll point out the ones to check for most security purposes. You can then apply this knowledge to other network-aware applications in order to check their logs
the contents of the e-mail are presented exactly as they were at the date of signing (the time the e-mail was sent). If at any time the e-mail’s contents are manipulated by a third party, the e-mail’s signature won’t reflect the change and the recipient will be able to see that the content is malformed. Conversely, the third party is also unable to generate a signature that is valid for the original senders identity. This precludes an attacker from either modifying existing content or generating