product iamge

Enterprise Mac Security: Mac OS X Snow Leopard

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

A common misconception in the Mac community is that Mac’s operating system is more secure than others. While this might be true in certain cases, security on the Mac is still a crucial issue. When sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats.

Enterprise Mac Security: Mac OS X Snow Leopard is a definitive, expert-driven update of the popular, slash-dotted first edition and was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing systems, including the new Snow Leopard operating system.

Using the SANS Institute course as a sister, this book caters to both the beginning home user and the seasoned security professional not accustomed to the Mac, establishing best practices for Mac OS X for a wide audience.

The authors of this book are seasoned Mac and security professionals, having built many of the largest network infrastructures for Apple and spoken at both DEFCON and Black Hat on OS X security.

What you’ll learn

  • The newest security techniques on Mac OS X and latest Snow Leopard operating system from the best and brightest
  • The details of the entire new Mac OS X Snow Leopard Operating System for the desktop and server, and how to secure these systems
  • Considerations for third-party applications on systems
  • The details of Mac forensics and Mac hacking
  • How to tackle Apple wireless security

Who this book is for

This book is for new users, power users, and administrators who wish to make sure that their Mac platform is secure.

Table of Contents

  1. Security Quick-Start
  2. Services, Daemons, and Processes  
  3. Securing User Accounts  
  4. File System Permissions  
  5. Reviewing Logs and Monitoring 
  6. Application Signing and Sandbox  
  7. Securing Web Browsers and E-mail 
  8. Malware Security: Combating Viruses, Worms, and Root Kits  
  9. Encrypting Files and Volumes 
  10. Securing Network Traffic  
  11. Setting Up the Mac OS X Firewall 
  12. Securing a Wireless Network 
  13. Part IV: File Services  
  14. Web Site Security  
  15. Remote Connectivity  
  16. Server Security  
  17. Network Scanning, Intrusion Detection, and Intrusion Prevention Tools  
  18. Backup and Fault Tolerance 
  19. Forensics

Author(s): Charles Edge, William Barker, Beau Hunter, Gene Sullivan
Series: Books for Professionals by Professionals
Edition: 2
Publisher: Apress
Year: 2010

Language: English
Pages: 627

Prelim......Page 1
Contents at a Glance......Page 4
Contents......Page 5
About the Authors......Page 15
About the Technical Reviewer......Page 16
Acknowledgments......Page 17
Introduction......Page 18
Part 1: The Big Picture......Page 24
Securing the Mac OS X Defaults......Page 25
Accounts......Page 26
Login Options......Page 28
Passwords......Page 29
Administrators......Page 30
General......Page 31
FileVault......Page 33
Firewall......Page 35
Software Update......Page 36
Bluetooth Security......Page 38
Printer Security......Page 40
Sharing Services......Page 42
Securely Erasing Disks......Page 43
Using Secure Empty Trash......Page 45
Using Encrypted Disk Images......Page 46
Securing Your Keychains......Page 47
Best Practices......Page 49
Introduction to Services, Daemons, and Processes......Page 50
The Activity Monitor......Page 52
The ps Command......Page 56
The top Output......Page 57
Viewing Which Daemons Are Running......Page 59
Viewing Which Services Are Available......Page 60
Stopping Services, Daemons, and Processes......Page 61
Stopping Processes......Page 62
Stopping Daemons......Page 64
GUI Tools for Managing launchd......Page 65
Changing What Runs At Login......Page 66
Validating the Authenticity of Applications and Services......Page 67
Summary......Page 68
Introducing Identification, Authentication, and Authorization......Page 69
Managing User Accounts......Page 70
Introducing the Account Types......Page 71
Adding Users to Groups......Page 73
Enabling the Superuser Account......Page 74
Setting Up Parental Controls......Page 76
Managing the Rules Put in Place......Page 82
Advanced Settings in System Preferences......Page 84
Working with Local Directory Services......Page 85
External Accounts......Page 88
Restricting Access with the Command Line: sudoers......Page 89
Securing Mount Points......Page 94
SUID Applications: Getting into the Nitty-Gritty......Page 95
Creating Files with Permissions......Page 97
Summary......Page 98
File System Permissions......Page 99
Mac OS File Permissions: A Brief History of Time......Page 100
POSIX Permissions......Page 101
Modes in Detail......Page 102
Inheritance......Page 104
The suid/sguid Bits......Page 107
POSIX in Practice......Page 108
Access Control Entries......Page 111
Effective Permissions......Page 114
ACLs in Practice......Page 115
Administering Permissions......Page 117
Using the Finder to Manage Permissions......Page 123
Using chown and chmod to Manage Permissions......Page 124
The Hard Link Dilemma......Page 127
Using mtree to Audit File system Permissions......Page 129
Summary......Page 131
What Exactly Gets Logged?......Page 132
Viewing Logs......Page 134
Marking Logs......Page 135
Searching Logs......Page 136
Finding Logs......Page 137
Secure.log: Security Information 101......Page 138
appfirewall.log......Page 139
Reviewing User-Specific Logs......Page 140
Reviewing Command-Line Logs......Page 142
Breaking Down Maintenance Logs......Page 143
daily.out......Page 145
Yasu......Page 146
Weekly.out......Page 147
What to Worry About......Page 148
Event Viewer......Page 149
Task Manager......Page 150
Performance Alerts......Page 151
Accountability......Page 152
Incident Response......Page 153
Summary......Page 154
Part 2: Securing the Ecosystem......Page 155
Application Signing......Page 156
Application Authentication......Page 158
Application Integrity......Page 160
Signature Enforcement in OS X......Page 161
Signing and Verifying Applications......Page 170
Sandbox......Page 173
Sandbox Profiles......Page 175
The Anatomy of a Profile......Page 178
Sandbox Profiles in Action......Page 183
The Seatbelt Framework......Page 195
Summary......Page 197
Securing Web Browsers and E-mail......Page 199
A Quick Note About Passwords......Page 200
Securing Safari......Page 201
Securing Firefox......Page 205
Using SSL......Page 212
Securing Entourage......Page 215
Anatomy of Spam......Page 218
Using Mail Server-Based Solutions for Spam and Viruses......Page 223
Kerio......Page 224
Mac OS X Server’s Antispam Tools......Page 226
CommuniGate Pro......Page 227
Summary......Page 228
Classifying Threats......Page 229
The Real Threat of Malware on the Mac......Page 232
Script Malware Attacks......Page 233
Using Antivirus Software......Page 234
Antivirus Software Woes......Page 235
Norton AntiVirus......Page 236
ClamXav......Page 237
Sophos Anti-Virus......Page 242
Best Practices for Combating Malware......Page 243
Spyware......Page 244
Root Kits......Page 246
Summary......Page 248
Encrypting Files and Volumes......Page 249
The Login Keychain......Page 250
Creating Secure Notes and Passwords......Page 253
Managing Multiple Keychains......Page 256
Using Disk Images as Encrypted Data Stores......Page 259
Creating Encrypted Disk Images......Page 261
Interfacing with Disk Images from the Command Line......Page 267
Encrypting User Data Using FileVault......Page 273
Enabling FileVault for a User......Page 276
The FileVault Master Password......Page 279
Limitations of Sparse Images and Reclaiming Space......Page 280
Full Disk Encryption......Page 282
Check Point......Page 283
PGP Encryption......Page 285
TrueCrypt......Page 286
WinMagic SecureDoc......Page 287
Summary......Page 288
Understanding TCP/IP......Page 290
Peer-to-Peer......Page 293
Considerations when Configuring Peer-to-Peer Networks......Page 294
Client-Server Networks......Page 295
Packets......Page 296
Port Management......Page 298
DMZ and Subnets......Page 299
Stateful Packet Inspection......Page 300
Understanding Switches and Hubs......Page 301
Managed Switches......Page 302
Restricting Network Services......Page 304
Security Through 802.1x......Page 305
Proxy Servers......Page 306
Squid......Page 307
Summary......Page 310
Part 3: Network Traffic......Page 311
Setting Up the Mac OS X Firewall......Page 312
Introducing Network Services......Page 313
Controlling Services......Page 314
Working with the Firewall in Leopard and Snow Leopard......Page 317
Blocking Incoming Connections......Page 320
Allowing Signed Software to Receive Incoming Connections......Page 321
Going Stealthy......Page 322
Testing the Firewall......Page 323
Configuring the Application Layer Firewall from the Command Line......Page 325
Enabling Internet Sharing......Page 326
Getting More Granular Firewall Control......Page 328
Using ipfw......Page 330
Using Dummynet......Page 334
Summary......Page 337
Wireless Network Essentials......Page 338
Introducing the Apple AirPort......Page 340
Configuring Older AirPorts......Page 341
Configuring the Current AirPorts......Page 343
Limiting the DHCP Scope......Page 346
Hardware Filtering......Page 347
AirPort Logging......Page 349
Hiding a Wireless Network......Page 350
Base Station Features in the AirPort Utility......Page 351
Wireless Security on Client Computers......Page 352
Securing Computer-to-Computer Networks......Page 353
Wireless Topologies......Page 354
KisMAC......Page 355
Detecting Rogue Access Points......Page 356
iStumbler and Mac Stumbler......Page 357
MacStumbler......Page 359
Cracking WEP Keys......Page 360
Cracking WPA-PSK......Page 361
General Safeguards Against Cracking Wireless Networks......Page 362
Summary......Page 363
The Risks in File Sharing......Page 364
File Security Fundamentals......Page 365
Using POSIX Permissions......Page 366
Getting More out of Permissions with Access Control Lists......Page 367
Apple Filing Protocol......Page 368
Samba......Page 370
Using Apple AirPort to Share Files......Page 373
Third-Party Problem Solver: DAVE......Page 377
FTP......Page 383
Permission Models......Page 385
Summary......Page 386
Part 4: Sharing......Page 387
Securing Your Web Server......Page 388
Introducing the httpd Daemon......Page 389
Changing the Location of Logs......Page 390
Run on a Nonstandard Port......Page 391
Disable Unnecessary Services in Apache......Page 392
Securing PHP......Page 393
Tightening PHP with Input Validation......Page 394
Securing Your Perl Scripts......Page 395
Blocking Hosts Based on robots.txt......Page 397
Protecting Directories......Page 398
Customizing Error Codes......Page 399
Using .htaccess to Control Access to a Directory......Page 400
Implementing Digital Certificates......Page 402
Protecting the Privacy of Your Information......Page 403
Protecting from Google?......Page 404
Enumerating a Web Server......Page 405
Securing Files on Your Web Server......Page 406
Disabling Directory Listings......Page 407
Cross Site Scripting......Page 408
Summary......Page 409
Remote Connectivity......Page 411
Screen Sharing......Page 412
Implementing Back to My Mac......Page 414
Configuring Remote Management......Page 415
Installing Timbuktu Pro......Page 418
Adding New Users......Page 419
Testing the New Account......Page 420
Enabling SSH......Page 422
Further Securing SSH......Page 423
Connecting to Your Office VPN......Page 424
Setting Up L2TP......Page 425
Setting Up PPTP......Page 426
Connecting to a Cisco VPN......Page 427
PPP + SSH = VPN......Page 429
Summary......Page 432
Limiting Access to Services......Page 433
Defining LDAP......Page 435
Kerberos......Page 436
Configuring and Managing Open Directory......Page 438
Securing LDAP: Enabling SSL......Page 441
Securing Open Directory Accounts by Enabling Password Policies......Page 442
Securing Open Directory Using Binding Policies......Page 445
Securing Authentication with PasswordServer......Page 447
Securing LDAP by Preventing Anonymous Binding......Page 449
Securely Binding Clients to Open Directory......Page 451
Creating Open Directory Users and Groups......Page 454
Securing Kerberos from the Command Line......Page 458
Managed Preferences......Page 459
Securing Managed Preferences......Page 461
Providing Directory Services for Windows Clients......Page 463
Active Directory Integration......Page 464
Using Realms......Page 469
SSL Certs on Web Servers......Page 471
File Sharing Security in OS X Server......Page 473
Securing NFS......Page 475
AFP......Page 476
SMB......Page 480
Wireless Security on OS X Server Using RADIUS......Page 481
DNS Best Practices......Page 483
SSL......Page 484
SSH......Page 485
iChat Server......Page 487
Securing the Mail Server......Page 488
Limiting the Protocols on Your Server......Page 489
Proxying Services......Page 490
Summary......Page 491
Scanning Techniques......Page 492
Fingerprinting......Page 493
Enumeration......Page 495
Vulnerability and Port Scanning......Page 496
Intrusion Detection and Prevention......Page 499
Host Intrusion Detection System......Page 500
Network Intrusion Detection......Page 501
Nessus......Page 504
Metasploit......Page 508
SAINT......Page 510
Summary......Page 511
Part 5: Securing the Workplace......Page 512
Backup and Fault Tolerance......Page 513
Time Machine......Page 514
Restoring Files from Time Machine......Page 518
Using a Network Volume for Time Machine......Page 519
SuperDuper......Page 520
Backing Up to MobileMe......Page 521
Retrospect......Page 525
Checking Your Retrospect Backups......Page 536
Using Tape Libraries......Page 538
Fault-Tolerant Scenarios......Page 539
Round-Robin DNS......Page 540
Cold Sites......Page 541
Backing up Services......Page 542
Summary......Page 543
Forensics......Page 545
Incident Response......Page 546
Installing MacForensicsLab......Page 547
Using MacForensicsLab......Page 552
Image Acquisition......Page 554
Analysis......Page 556
Salvage......Page 559
Reviewing the Case......Page 562
Reporting......Page 563
Other GUI Tools for Forensic Analysis......Page 564
Tools for Safari......Page 565
Summary......Page 566
Xsan Security......Page 567
Metadata......Page 568
Permissions......Page 569
Other SAN Solutions......Page 570
2.0 Purpose......Page 571
4.1 General Use and Ownership......Page 572
4.2 Security and Proprietary Information......Page 573
4.3 Unacceptable Use......Page 574
4.4 Blogging......Page 576
7.0 Revision History......Page 577
CDSA......Page 578
Introduction to Cryptography......Page 580
¦ A......Page 584
¦B......Page 588
¦ C......Page 589
¦ D......Page 592
¦ E......Page 595
¦......Page 596
¦......Page 598
¦ H......Page 599
¦ I......Page 600
¦ J......Page 601
¦ L......Page 602
¦ M......Page 603
¦ N......Page 607
¦O......Page 608
¦ P......Page 609
¦ R......Page 614
¦ S......Page 616
¦ T......Page 622
¦ U......Page 623
¦ V......Page 624
¦ W......Page 625
¦Z......Page 627