this print for content only—size & color not accurate spine = 0.9237" 488 page count Books for professionals By professionals ® Foundations of Mac OS X Leopard Security Dear Reader, As instructors, course authors, systems administrators, and consultants for Mac networks big and small, we have run into hundreds of security problems at our clients and discussed them with our students for years. We have watched the perception of OS X security progress from being considered hogwash that only snake-oil salesmen would sell to something that is a legitimate concern that we all must consider. We have watched exploits and new vulnerabilities come out and even discovered some of our own. And now we want to share what we have learned over the years with you. By default, the Mac is a pretty darn secure computer. But many of the things you do to the computer after you turn it on for the first time can increase or decrease how secure it is. This book is about security from the perspective of a systems administrator, or a Mac user, once you turn on that computer. For some, this means securing your personal machine, your home network, or your small-business network from attacks. For others, it means securing your enterprise from corporate miscreants. Whatever environment you are pro- tecting, the principals are the same: provide the least amount of access that is required while maintaining a satisfactory measure of usability. Through detailed descriptions, step-by-step instructions, and command-line examples, we present best practices for the home user and the enterprise security architect. Some of the examples and walk-throughs in this book come from our work in the field, perfecting hundreds of such procedures over the years. Some of the examples, though, are new, written just for this book, based on our feedback from the community. Once you are finished reading this book, you will have a clearer understanding about the challenges that you will face as the person responsible for maintaining the network. We hope you will find that this book helps you solve those everyday security challenges and helps give you a new level of understanding about security and the Mac. Charles Edge, William Barker, and Zack Smith Charles S. Edge, Jr., author of Mac Tiger Server Little Black Book US $39.99 Shelve in Mac User level: Beginner–Intermediate Edge, Jr., Barker, Smith Mac OS X Leopard Security The eXperT’s Voice ® in Mac os X Foundations of Mac OS X Leopard Security cyan MaGenTa yelloW Black panTone 123 c Charles S. Edge, Jr., William Barker, and Zack Smith Companion eBook Available www.apress.com Companion eBook See last page for details on $10 eBook version ISBN-13: 978-1-59059-989-1 ISBN-10: 1-59059-989-6 9 781590 599891 5 3 9 9 9 Mac OS X client and server security, from the home to the enterprise RELATED TITLES Foundations of [...]... deeper into the specifics of most settings To get a more thorough understanding of Mac OS X security and the tools you can use to secure your Mac, we urge you to keep reading beyond the basics Securing the Mac OS X Defaults Mac OS X, because it is built on a Unix architecture, is a fairly secure and stable operating system right out of the box There is a commonly held belief that the Mac can be further secured... some of the annoying issues that pop up on networks because of unauthorized (and often accidental) user behavior Chapter 8, “Setting Up the Mac OS X Firewall”: The firewall option in Mac OS X is just a collection of check boxes Or is it? We discuss using and securing the Mac OS X software firewall, and we go into further detail on configuring this option from the command line We also discuss some of. .. that are available as well as those that are crucial to securing Mac OS X Server We also cover many of the security options from Mac OS X that should specifically not be used in Mac OS X Server Included with server security is directory services, which are critical to expanding technology infrastructures By interconnecting all the hosts of a network, you are able to better control the settings and accounts... safeguarding customer information and imposes penalties of up to $100,000 per violation xxiii Edge_Barker_9896FRONT.fm Page xxiv Tuesday, April 1, 2008 9:47 AM xxiv ■I N T R O D U C T I O N Everyone in an organization should be concerned about security policies because everyone is affected to some extent Users are often affected the most, because policies often consist of a set of rules that regulate their behavior,... with other resources to look to if you require further security for your web server xxvii Edge_Barker_9896FRONT.fm Page xxviii Tuesday, April 1, 2008 9:47 AM xxviii ■I N T R O D U C T I O N Chapter 12, “Remote Connectivity”: One of the most dangerous aspects of administration is the exposure of the very tools you use to access systems remotely Many of these programs do not always need to be running and... true in most side-by-side analyses of security features right out of the box, what this isn’t taking into account is that security tends to get overlooked once the machine starts to be configured for its true purposes For example, when sharing is enabled or remote control applications are installed, then a variety of security threats are often established—no matter what the platform is In the security. .. complex world of information security Chapter 3, “Securing User Accounts”: Mac OS X is a multiuser operating system One of the most important security measures is to understand the accounts on your system and when you are escalating privileges for accounts This chapter explains how to properly secure these users and groups Part 2: Security Essentials Part 2 gets down to some of the essential elements of. .. taught Apple’s Security Best Practices class, as well as many other system administrator–level classes (such as Mac OS X Deployment and Mac OS X Directory Services) Zack has been a speaker at Macworld San Francisco as well as many other smaller venues such as IT user groups Zack is also the author of a set of open source IT administration software and scripts and has long-term plans of being a full-time... much like Mac OS X Client, without many of the bells and whistles and with a more optimized system for sharing resources This is true with many server-based operating systems Because a Mac OS X server fills a different role in a networked environment, it should be treated differently from Mac OS X Client For this reason, we cover many of the security options that are available as well as those that are... mike@unitedlemur.org xix Edge_Barker_9896FRONT.fm Page xx Tuesday, April 1, 2008 9:47 AM Edge_Barker_9896FRONT.fm Page xxi Tuesday, April 1, 2008 9:47 AM Acknowledgments I ’d like to thank all the folks at Apple for the hard work they have put into the various flavors of OS X and into educating the Mac community on their fantastic product, in particular, Joel Rennich, Schoun Regan, Josh Wisenbaker, Greg . $39.99 Shelve in Mac User level: Beginner–Intermediate Edge, Jr., Barker, Smith Mac OS X Leopard Security The eXperT’s Voice ® in Mac os X Foundations of Mac OS X Leopard Security cyan MaGenTa . 599891 5 3 9 9 9 Mac OS X client and server security, from the home to the enterprise RELATED TITLES Foundations of