You are previewing Enterprise Mac Security: El Capitan, Third Edition.
O'Reilly logo
Enterprise Mac Security: El Capitan, Third Edition

Book Description

A common misconception in the Mac community is that Mac’s operating system is more secure than others. While this might be have been true in certain cases, security on the Mac has always still been a crucial issue. With the release of OS X 10.11, the operating system is taking large strides in getting even more secure. Even still, when sharing is enabled or remote control applications are installed, Mac OS X faces a variety of security threats, whether these have been exploited or not.

Enterprise Mac Security is a definitive, expert-driven update of the popular, slash-dotted edition which was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing systems, including the new 10.11 operating system.

This book caters to both the beginning home user and the seasoned security professional not accustomed to the Mac, establishing best practices for Mac OS X for a wide audience.

The authors of this book are seasoned Mac and security professionals, having built many of the largest network infrastructures for Apple and spoken at both DEFCON and Black Hat on OS X security.

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Dedication
  5. Contents at a Glance
  6. Contents
  7. About the Authors
  8. About the Technical Reviewer
  9. Acknowledgments
  10. Introduction
  11. Part I: The Big Picture
    1. Chapter 1: Security Quick-Start
      1. Securing the Mac OS X Defaults
      2. Customizing System Preferences
      3. Users & Groups
      4. Login Options
        1. Passwords
        2. Administrators
      5. Security & Privacy Preferences
      6. General
      7. FileVault
      8. Firewall
      9. Software Update
      10. Bluetooth Security
      11. Printer Security
      12. Sharing Services
      13. Erasing Disks
      14. Using Secure Empty Trash
      15. Using Encrypted Disk Images
      16. Securing Your Keychains
      17. Best Practices
    2. Chapter 2: Services, Daemons, and Processes
      1. Introduction to Services, Daemons, and Processes
      2. Viewing What’s Currently Running
        1. The Activity Monitor
        2. The ps Command
        3. The top Output
        4. Viewing Which Daemons Are Running
        5. Viewing Which Services Are Available
      3. Stopping Services, Daemons, and Processes
        1. Stopping Processes
      4. Stopping Daemons
      5. Types of launchd Services
      6. GUI Tools for Managing launchd
      7. Changing What Runs at Login
      8. Validating the Authenticity of Applications and Services
      9. Summary
    3. Chapter 3: Securing User Accounts
      1. Introducing Identification, Authentication, and Authorization
      2. Managing User Accounts
        1. Introducing the OS X Account Types
        2. Adding Users to Groups
        3. Enabling the Superuser Account
        4. Setting Up Parental Controls
        5. Managing the Rules Put in Place
      3. Advanced Settings in System Preferences
      4. Working with Local Directory Services
        1. Creating a Second Local Directory Node
        2. External Accounts
      5. Restricting Access with the Command Line: sudoers
      6. Securing Mount Points
      7. SUID Applications: Getting into the Nitty-Gritty
      8. Creating Files with Permissions
      9. Summary
    4. Chapter 4: File System Permissions
      1. Mac File Permissions: A Brief History of Time
      2. POSIX Permissions
        1. Modes in Detail
        2. Inheritance
        3. The Sticky Bit
        4. The suid/sguid Bits
        5. POSIX in Practice
      3. Access Control Lists
        1. Access Control Entries
        2. Effective Permissions
        3. ACLs in Practice
      4. Administering Permissions
      5. Using the Finder to Manage Permissions
      6. Using chown and chmod to Manage Permissions
      7. The Hard Link Dilemma
      8. Using mtree to Audit File System Permissions
      9. Summary
    5. Chapter 5: Reviewing Logs and Monitoring
      1. What Exactly Gets Logged?
      2. Using Console
        1. Viewing Logs
        2. Marking Logs
        3. Searching Logs
      3. Finding Logs
        1. What Happened to the Secure.log??
      4. Reviewing User-Specific Logs
      5. Reviewing Command-Line Logs
      6. Reviewing Library Logs
      7. Breaking Down Maintenance Logs
        1. daily.out
        2. Yasu
        3. Weekly.out
        4. Monthly.out
      8. What to Worry About
      9. Activity Monitor
      10. Virtual Machine and Bootcamp Logs
        1. Event Viewer
        2. Task Manager
        3. Performance Alerts
      11. Review Regularly, Review Often
        1. Accountability
        2. Incident Response
      12. BSM – Auditing with the Basic Security Module
      13. The Audit Daemon and Audit Commands
      14. Configuring the Audit System
      15. Default Audit Settings
      16. Naming of the Audit Trail Files
      17. Setting the Hostname in Audit Trails
      18. Audit Trail Configurations for High Security Environments
      19. More On Audit Trails
      20. Viewing Audit Trails
      21. Output and Interpretation of Audit Trails
      22. Summary
  12. Part II: Securing the Ecosystem
    1. Chapter 6: Application Signing and Sandbox
      1. Application Signing
        1. Application Authentication
        2. Application Integrity
        3. Gatekeeper: Signature Enforcement in OS X
        4. Signing and Verifying Applications
      2. Sandboxing
        1. Sandbox Profiles
        2. The Anatomy of a Profile
        3. Sandbox Profiles in Action
        4. The Seatbelt Framework
      3. Summary
    2. Chapter 7: Securing Web Browsers and E-mail
      1. Securing Web Browsers and E-mail
      2. A Quick Note About Passwords
      3. Securing Your Web Browser
        1. Securing Safari
        2. Securing Firefox
      4. Securely Configuring Mail
        1. Using SSL
        2. Securing Outlook
      5. Fighting Spam
        1. The Anatomy of Spam
      6. Desktop Solutions for Securing E-mail
        1. Using PGP to Encrypt Mail Messages
        2. GPG Tools
      7. Summary
    3. Chapter 8: Malware Security: Combating Viruses, Worms, and Root Kits
      1. Classifying Threats
        1. The Real Threat of Malware on the Mac
        2. Script Malware Attacks
        3. Socially Engineered Malware
      2. Using Antivirus Software
        1. Built Into Mac OS X
        2. Antivirus Software Woes
        3. McAfee VirusScan
        4. Norton AntiVirus
        5. ClamXav
        6. Sophos Anti-Virus
        7. Best Practices for Combating Malware
      3. Other Forms of Malware
        1. Adware
        2. Spyware
        3. Root Kits
      4. Summary
    4. Chapter 9: Encrypting Files and Volumes
      1. Using the Keychain to Secure Sensitive Data
        1. Keychains
        2. Creating Secure Notes and Passwords
        3. Managing Multiple Keychains
      2. Using Disk Images as Encrypted Data Stores
        1. Creating Encrypted Disk Images
        2. Interfacing with Disk Images from the Command Line
      3. Encrypting User Data Using FileVault
        1. Once FileVault Is Enabled
        2. The FileVault Master Password
      4. FileVault command Line
        1. Check Point
        2. Symantec Endpoint Encryption
        3. WinMagic SecureDoc
      5. Summary
  13. Part III: Securing the Network
    1. Chapter 10: Securing Network Traffic
      1. Understanding TCP/IP
      2. Types of Networks
        1. Peer-to-Peer
        2. Considerations When Configuring Peer-to-Peer Networks
        3. Client-Server Networks
      3. Understanding Routing
        1. Packets
      4. Port Management
      5. DMZs and Subnets
      6. Spoofing
      7. Stateful Packet Inspection
      8. Data Packet Encryption
      9. Understanding Switches and Hubs
        1. Managed Switches
      10. Restricting Network Services
      11. Security Through 802.1x
      12. Proxy Servers
        1. Squid
      13. Summary
    2. Chapter 11: Managing the Firewall
      1. Introducing Network Services
      2. Controlling Services
      3. Configuring the Firewall
        1. Working with the Firewall in OS X
      4. Setting Advanced Features
        1. Blocking Incoming Connections
        2. Allowing Signed Software to Receive Incoming Connections
        3. Going Stealthy
      5. Testing the Firewall
      6. Configuring the Application Layer Firewall from the Command Line
      7. Using Mac OS X to Protect Other Computers
        1. Enabling Internet Sharing
      8. Working from the Command Line
        1. Getting More Granular Firewall Control
        2. Using pf with IceFloor
      9. Summary
    3. Chapter 12: Securing a Wireless Network
      1. Wireless Network Essentials
      2. Introducing the Apple AirPort
        1. AirPort Utility
        2. Configuring the Current AirPorts
        3. Limiting the DHCP Scope
      3. Securing Computer-to-Computer Networks
      4. Wireless Topologies
      5. Wireless Hacking Tools
        1. KisMAC
        2. Detecting Rogue Access Points
        3. iStumbler and Mac Stumbler
        4. Ettercap
        5. Network Utility
        6. NetSpot Pro
      6. Cracking WEP Keys
      7. 802.1x
      8. General Safeguards Against Cracking Wireless Networks
      9. Summary
  14. Part IV: Securely Sharing Resources
    1. Chapter 13: File Services
      1. The Risks in File Sharing
      2. Peer-to-Peer vs. Client-Server Environments
      3. File Security Fundamentals
        1. LKDC
        2. Using POSIX Permissions
        3. Getting More out of Permissions with Access Control Lists
      4. Sharing Protocols: Which One Is for You?
        1. Apple Filing Protocol
        2. Setting Sharing Options
        3. Samba
        4. Using Apple AirPort to Share Files
        5. Third-Party Problem Solver: DAVE
      5. Permission Models
      6. Summary
    2. Chapter 14: iCloud Security
      1. The Apple ID
        1. What an Apple ID Provides Access To
        2. Securing the Apple ID
      2. Suppress the iCloud Options at Startup
      3. Disable Access to iCloud
      4. Secure iCloud On Macs
        1. iCloud Drive
        2. Caching Server and iCloud
        3. Find My Mac
        4. Back to My Mac
        5. The Mac App Store
      5. Summary
    3. Chapter 15: Remote Connectivity
      1. Remote Management Applications
        1. Apple Remote Desktop
        2. Screen Sharing
        3. Implementing Back to My Mac
        4. Configuring Remote Management
      2. Using Secure Shell
        1. Enabling SSH
        2. Further Securing SSH
      3. Using a VPN
        1. Connecting to Your Office VPN
        2. Setting Up L2TP
        3. Setting Up PPTP
        4. Connecting to a Cisco VPN
      4. Summary
    4. Chapter 16: Server Security
      1. Limiting Access to Services
      2. The Root User
      3. Foundations of a Directory Service
        1. Defining LDAP
        2. Kerberos
      4. Configuring and Managing Open Directory
        1. Securing Open Directory Accounts by Enabling Password Policies
        2. Securing LDAP by Preventing Anonymous Binding
        3. Securely Binding Clients to Open Directory
        4. Further Securing LDAP: Implementing Custom LDAP ACLs
        5. Creating Open Directory Users and Groups
        6. Securing Kerberos from the Command Line
        7. Managed Preferences and Profiles
        8. Active Directory Integration
      5. Web Server Security in OS X Server
        1. Using Realms
        2. SSL Certs on Web Servers
      6. File Sharing Security in OS X Server
        1. A Word About File Size
        2. AFP
        3. Limiting Access to a Service
      7. DNS Best Practices
      8. SSL
        1. Reimporting Certificates
      9. SSH
      10. The serveradmin Command Line Interface
      11. Messages Server
      12. Securing the Mail Server
        1. Limiting the Protocols on Your Server
      13. Summary
  15. Part V: Securing the Workplace
    1. Chapter 17: Network Scanning, Intrusion Detection, and Intrusion Prevention Tools
      1. Scanning Techniques
        1. Fingerprinting
        2. Enumeration
        3. Vulnerability and Port Scanning
      2. Intrusion Detection and Prevention
        1. Host-based Intrusion Detection System
        2. Network Intrusion Detection
      3. Security Auditing on the Mac
        1. Nessus
        2. Metasploit
      4. Summary
    2. Chapter 18: Backup and Fault Tolerance
      1. Time Machine
        1. Restoring Files from Time Machine
        2. Using a Network Volume for Time Machine
      2. SuperDuper
      3. Use CrashPlan To Back Up To The Cloud
        1. Checking Your Backups
      4. Using Tape Libraries
      5. Backup vs. Fault Tolerance
        1. Fault-Tolerant Scenarios
        2. Round-Robin DNS
        3. Load-Balancing Devices
        4. Cold Sites
        5. Hot Sites
      6. Backing up Services
      7. Summary
    3. Appendix A: InfoSec Acceptable Use Policy
      1. 1.0 Overview
      2. 2.0 Purpose
      3. 3.0 Scope
      4. 4.0 Policy
        1. 4.1 General Use and Ownership
        2. 4.2 Security and Proprietary Information
        3. 4.3 Unacceptable Use
        4. 4.4 Blogging
      5. 5.0 Enforcement
      6. 6.0 Definitions
        1. Term Definition
      7. 7.0 Revision History
    4. Appendix B: CDSA
    5. Appendix C: Introduction to Cryptography
  16. Index