Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top

2010 | Book

Security Quick-Start Read chapter Read first chapter

Enterprise Mac Security

Mac OS X Snow Leopard

Authors: Charles Edge, William Barker, Beau Hunter, Gene Sullivan

Publisher: Apress

Part of: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Login to get access
insite
SEARCH

About this book

A common misconception in the Mac community is that Mac’s operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats.

Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing systems, including the new Snow Leopard operating system.

Using the SANS Institute course as a sister, this book caters to both the beginning home user and the seasoned security professional not accustomed to the Mac, establishing best practices for Mac OS X for a wide audience.

The authors of this book are seasoned Mac and security professionals, having built many of the largest network infrastructures for Apple and spoken at both DEFCON and Black Hat on OS X security.

Table of Contents

Frontmatter

The Big Picture

Frontmatter
Chapter 1. Security Quick-Start
Abstract
Ready to start securing your Mac? Let’s get right into it. Keep in mind that this chapter is meant to be a quick-and-dirty start to securing your Mac, for the “I don’t have time to dive into the nitty-gritty, I need to get my Mac secured right away” readers. This chapter will give you just the basics to get your Mac secure quickly, and although it will leave you with a fairly secure system, it’s not as comprehensive as the subsequent chapters, where we fine-tune your Mac’s settings. For a more thorough understanding of Mac OS X security and the tools you can use to secure your Mac, we urge you to continue reading beyond the basics. From Chapter 2 on, you’ll be introduced to all the other intricacies surrounding securing the Mac OS, diving deeper into the larger concepts of what is covered here in this quick-start.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 2. Services, Daemons, and Processes
Abstract
A computer is never entirely at rest unless it’s shut down. Even when you move to another room to watch television and your computer’s display has gone to sleep, there might be a dozen or more things at work in the background that you can’t immediately see happening. The services, daemons, and processes responsible for all of this activity keeps your system running smoothly and able to handle regular chores such as backups, checking mail, and listening for incoming web clients.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 3. Securing User Accounts
Abstract
Over the years, Apple has gone to great lengths to make OS X strong by hardening its user security. Hardening means strengthening a component in a system to make it more secure. User accounts can be hardened in OS X by limiting the resources users can access. You can accomplish this two ways: by using the built-in GUI tools, or by using the command line. In this chapter, we will go deeper into securing the Mac by focusing first on restricting user access and then on more advanced command-line security that can be used to harden user accounts.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 4. File System Permissions
Abstract
There’s a lot of misinformation and confusion surrounding the proper management of permissions in OS X. Discussions on the topic have been fairly heated since the migration to OS X from OS 9, which had very loose capabilities for delegating, assigning, and managing access to files and folders. OS X, in contrast, was a native multiuser OS and, as such, permission-based restrictions were, and still are, at its heart and soul.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 5. Reviewing Logs and Monitoring
Abstract
Whether you’re dealing with a car or a computer, poor maintenance habits lead to the same consequence: disaster. You’re on the freeway, carefully driving at the posted speed limit, and your engine suddenly dies. You go to the mechanic, who roots out the cause: your timing belt broke. You would have replaced your timing belt, had you kept to the maintenance schedule and taken your car in for service at 60,000 miles. Airline maintenance crews who stick to a steadfast and detailed maintenance schedule rarely have this happen to them, mainly because they know precisely on what date the plane was maintained, at what time, and what maintenance was performed.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan

Securing the Ecosystem

Frontmatter
Chapter 6. Application Signing and Sandbox
Abstract
This chapter discusses two relatively new security features found in OS X: application signing and sandbox. These technologies were both introduced with Mac OS 10.5 and provide new facilities that help to improve the security outlook of the platform. Incidentally, both of these technologies are also heavily utilized by Apple’s newest platform that you’ve undoubtedly heard of: the iPhone OS.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 7. Securing Web Browsers and E-mail
Abstract
Identity theft is the fastest-growing crime in the world. According to the Federal Trade Commission (FTC), identity theft is the top concern of people contacting the agency, and has now passed drug trafficking as the number-one crime in the world, affecting up to 10 million victims a year, costing the United States 50 billion dollars a year on average. Much of this can be reduced by leveraging some very practical security with regards to our Internet browsers.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 8. Malware Security: Combating Viruses, Worms, and Root Kits
Abstract
In this chapter, we will discuss protecting your Mac from malware. But first, what do we mean by malware? Malware is a term used by security professionals to reference any software that is designed to infiltrate or damage computer systems without the owner’s informed consent. “Informed” is the key word here. A user might consent by clicking an Accept dialog box to allow a software package to install, but might not be fully informed of the vulnerabilities that can potentially be exploited by that software package. Beta versions of new software can sometimes have potentially damaging effects on an operating system, but would not be considered malware because they generally don’t intend to harm the operating system (intend the operative word here). What we will explore in this chapter are the ill effects that can arise from unintentionally installed software on a Mac, and how to safeguard your machine from them.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 9. Encrypting Files and Volumes
Abstract
A common theme that you may be noticing in this book revolves around the concept of confidentiality. In a computer security context, confidentiality is the notion that sensitive data is accessible by only those users who have been approved or authorized for access to that data. For many organizations, and indeed for many malfeasants, data confidentiality is the most significant aspect of security. Certainly sabotage is a significant threat to many organizations, and often a source of incentive for many hackers, but more often than not the end-goal is to gain access to information. Whether it’s personal information that facilitates identity theft, or highly valuable corporate secrets, information is highly valuable, both to you and those that would do you harm. In many corporate environments, the policy to encrypt data may be simply due to legal necessity, as there is liability involved with leaking certain data, such as personally identifiable information and payment records. Recent research indicates that loss of corporate secrets can result in an even more dangerous financial windfall for a company. Thus, protecting that data should always serve as job number one for end user’s and system administrators alike.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan

Network Traffic

Frontmatter
Chapter 10. Securing Network Traffic
Abstract
Infiltration is a very real problem for network administrators, one that can lead to confidential data being leaked outside of your controlled environment. Every day, new attacks are developed that try to breach a network’s security perimeter. Building a secure network requires that a number of key software and hardware components are implemented and configured correctly. But securing a network is not just about acquiring the right network hardware to block unwanted traffic. What is more important is understanding how a network works, how Internet traffic is managed, how information flows within that network, and what services need to be secured that control the traffic. One cannot fully secure what one does not understand.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 11. Setting Up the Mac OS X Firewall
Abstract
Put simply, a firewall is a network traffic moderator. It uses a set of rules to determine what kind of traffic is allowed in and out of your computer or network. The term is a bit ambiguous, because there are many types of firewalls. In Chapter 10, we discussed the importance of using a firewall to act as a gateway into your network, denying and allowing network traffic on a network-wide basis between your computers and the outside world. This is what we refer to as a hardware appliance firewall.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 12. Securing a Wireless Network
Abstract
At the Black Hat conference in August 2006, David Maynor and Jon “Johnny Cache” Ellch shocked the Mac community by demonstrating to the world something that hackers had known for a long time: the Mac could be hacked, easily. Maynor and Ellch, two security professionals with long-time careers in the security industry, were able to release what is known as a proof-of-concept attack by exploiting the wireless Atheros drivers built into the Mac operating system. Using a script called setup.sh, which turned a Mac computer (with its wireless card turned on) into an access point, an attacker could gain control of an unsuspecting Mac user’s laptop. Another hacker script, called bad_seed, could then be run from the host computer to exploit the vulnerability in the target computer’s wireless driver; this would give an attacker access to a Terminal session on the target computer running root (which is a “superuser” that is allowed full control of the computer). The exploit was not released, but it did provide proof that the Mac community was a long way away from an operating system immune to wireless attacks. The concept used in the wireless exploit was not specific to Apple computers, but pointed instead to general flaws in wireless networking protocols as a whole.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan

Sharing

Frontmatter
Chapter 13. File Services
Abstract
Configuring file-sharing security can be one of the more challenging aspects of working with shared computer data in a networked environment. The challenge is twofold-how do you keep files accessible to those who need them while simultaneously keeping them inaccessible to those who don’t? Sharing files over a network is also an inherently dangerous activity. Other computers’ users can access files on your system without physically gaining access to your computer; thus, if configured incorrectly, the wrong data can easily get into the wrong hands, which can prove to be catastrophic. However, in most environments, it is crucial that multiple computers have access to data on a single computer. So, how do we manage this file-sharing conundrum?
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 14. Web Site Security
Abstract
In the trenches, we hear it all the time: “My web site is hosted on a Mac. How could it be hacked?” or “My web site is too small. Why would anyone want to hack it?” Although it’s true that infiltrating and grabbing personal or business information from your web server might be significant, there are other reasons to break into a web server. For example, hackers want to exploit and control the largest amount of servers in the shortest amount of time, creating zombie systems to do their bidding. Unix-based systems (such as those running Mac OS X) are more capable in many ways than their Windows-based counterparts. Because of this, they are often targeted by botnet creators for use as command-and-control nodes. Also, web servers (running on any platform) are often used as a platform for distributing malware.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 15. Remote Connectivity
Abstract
As a security expert, consider this all-too-real scenario: a passenger sits in the airport, working on his computer, waiting for the plane to start boarding. While sitting there, surfing on the wireless airport network, he notices that almost every laptop in sight is a Mac. On a hunch, he opens Bonjour Browser to discover that many of these laptops have various remote management tools (the Apple Remote Desktop client or Screen Sharing, based on VNC), SSH, Telnet, or Timbuktu enabled. He also notices that many of these computers are not password-protected, and are therefore easily controllable by anyone with the gall to tap into the computer. Within 10 minutes, nearly all the laptop lids are closed with their owners suspiciously looking around, attempting to determine which passenger was entertaining them with the “joke of the day” on their display.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 16. Server Security
Abstract
It may look similar, but Mac OS X Server has some very different functionality from Mac OS X Client. The differences lie in the fact that Mac OS X Server, like most other servers, is used to share data. That data is shared across a variety of protocols, according to the type of data being shared. Therefore, it naturally follows that you will need to take additional precautions to properly secure Mac OS X Server and on a per-service basis. In this chapter, we’ll primarily focus on the services that are specific to Mac OS X Server and how to secure them, paying attention to where the best practices differ from Mac OS X Client.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan

Securing the Workplace

Frontmatter
Chapter 17. Network Scanning, Intrusion Detection, and Intrusion Prevention Tools
Abstract
Would your network withstand an attack? How easy would it be for someone to break into your network, find anything they want on your Mac, and steal enough information to masquerade as you on the Internet? To answer this question, you’d need to take a good hard look at your network and audit for intrusion vulnerabilities. Imagine having to catalog all the programs, files, and services that run on your Mac, cross-referencing each program and file extension on the Internet, one at a time, against all the known exploits. This auditing process would take a considerable amount of time. Unfortunately, hackers have easy access to a wide variety of auditing tools, and already have a good idea of which exploits to look for. Thankfully, the very same auditing software can help you expedite the process of keeping them out.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 18. Backup and Fault Tolerance
Abstract
“Stop hackers dead in their tracks by securing your systems and network.” That has been our mantra up to this point. However, there is another piece in the security pie that often goes unexamined. Any conversation about security on a system or network must go beyond discussing the prevention of unauthorized access and into backup, because the capacity to recover data minimizes the potential impact of an attack. Securing the data on these systems with a reliable data backup scheme is a crucial element in any security framework.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Chapter 19. Forensics
Abstract
You never can be completely prepared for a security breach. Even if you take every precaution and follow every security measure, it can still happen. Practicing good security measures can only mitigate risks, not obviate them. You can reduce the impact and likelihood of an attack, but you cannot remove the fact that an attack can still happen.
Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Backmatter
Metadata
Title
Enterprise Mac Security
Authors
Charles Edge
William Barker
Beau Hunter
Gene Sullivan
Copyright Year
2010
Publisher
Apress
Electronic ISBN
978-1-4302-2731-1
Print ISBN
978-1-4302-2730-4
DOI
https://doi.org/10.1007/978-1-4302-2731-1

Premium Partner

    Image Credits