You are previewing Mac® OS X Security.
O'Reilly logo
Mac® OS X Security

Book Description

Mac OS X now operates on a UNIX engine. As such it is much more powerful than previous operating systems. It is now a multitasking, multithreaded, multi-user, and multiprocessor system with enhanced interoperability with other systems. Along with that increased power comes increased security vulnerability. Part I introduces readers to the basics of OS X security. Part II addresses system security beginning at the client workstation level. This section addresses UNIX-specific information such as permissions, executables, and network protocols and the related security concerns. Part III covers network security. The chapters in this section will cover security for internet services, file sharing, and network protection systems. Part IV addresses enterprise security using a variety of tools (Kerberos, NetInfo, and Rendezvous) as well as workstation configurations to illustrate how OS X Server and OS X inter-operate. The final section addresses auditing and forensics and what to do when an OS X network is compromised. This section teaches readers to audit systems painlessly and effectively and how to investigate and handle incidents.

Table of Contents

  1. Copyright
    1. Dedication
  2. About the Authors
  3. About the Technical Reviewers
  4. Acknowledgments
  5. Tell Us What You Think
  6. Introduction
    1. Organization and Content
      1. Part I: The Basics
      2. Part II: System Security
      3. Part III: Network Security
      4. Part IV: Enterprise Security
      5. Part V: Auditing and Forensics
      6. Part VI: Appendixes
    2. Target Audience
    3. Code Convention Used in This Book
  7. I. The Basics
    1. 1. Security Foundations
      1. The Basics
        1. Threats and Risk
          1. Common Misconceptions
          2. The Nature of Attacks
        2. Understanding the Technology
        3. The Tools
      2. Darwin
      3. The Command Line
      4. UNIX Security
        1. Users and Groups
          1. Types of Users
          2. Root, the Super-User
          3. Understanding User Roles
          4. Administrative Users
          5. Special Users
          6. Special Groups
      5. Introducing NetInfo
      6. NetInfo Security
      7. Summary
    2. 2. Installation
      1. To BSD or Not to BSD
      2. Filesystems—HFS+ Versus UFS
        1. A Tale of Two Filesystems
        2. Security Considerations
      3. Mac OS X Install Step-by-Step
        1. Physical Setup
        2. Beginning the Installation
        3. Choosing and Partitioning the Disk
        4. Customizing the Install
        5. The Setup Assistant (Mac OS X Client)
        6. The Setup Assistant (Mac OS X Server)
        7. Developer Tools
      4. Summary
  8. II. System Security
    1. 3. Mac OS X Client General Security Practices
      1. Concerns About Physical Access
        1. Doors, Locks, and Guards
        2. Open Firmware Password
        3. Login Window
        4. Screen Locking
        5. System Preferences Locking
      2. Dual Booting and the Classic Environment
        1. Classic and Mac OS 9
        2. Dual Booting Dangers
      3. Staying Current with Mac OS X
      4. User Accounts and Access Control
      5. Filesystem Encryption
      6. Summary
    2. 4. What Is This UNIX Thing?
      1. The Command Line Interface
        1. Command Line Access
        2. Command Line Security
      2. Directories, Permissions, and File Ownership
        1. File Security and Permissions
        2. Special File Permissions
          1. Set User ID
          2. Set Group ID
          3. Sticky Bits
          4. Hidden File Flags
        3. How to Modify Permissions and Ownership
          1. Using chmod
          2. Using chown and chgrp
          3. Using chflags
        4. Using Get Info to Modify Permissions
      3. Common UNIX Commands
        1. top
        2. ps
        3. kill and killall
        4. last and who
        5. find
        6. netstat
        7. vopenssl
      4. UNIX Security
        1. SUID and SGID Files
        2. Kernel Security Levels
        3. sudo
          1. Managing sudo Access
          2. sudo Versus the su Command
      5. Summary
    3. 5. User Applications
      1. General Application Security Considerations
      2. Keychain
        1. Using the Keychain Access Application
          1. Creating a Secure Note
          2. Managing Access to Keychain Items
          3. The Keychain Access Dialog
        2. Is the Keychain Safe?
      3. Mail.app Security
        1. Using SSL to Send and Receive Mail
        2. Using SSH to Send and Receive Mail
        3. Keeping Mail Off the Server
        4. Storing Mail on an Encrypted Disk
        5. Using PGP to Encrypt Email
          1. Using PGP with Mail.app
          2. Storing PGP Keys on an Encrypted Volume
        6. Using GnuPG to Encrypt Email
          1. Download, Build, and Install GnuPG
          2. Using GnuPG with Mail.app
          3. Storing GnuPG Keys On an Encrypted Volume
      4. Web Browser Security Issues
        1. Web Browsing and SSL
        2. Cookie and Cache Management
          1. Is Accepting Cookies from Strangers Dangerous?
          2. Web Browser Cookie Configuration
          3. Web Browser Cache Configuration
      5. Summary
  9. III. Network Security
    1. 6. Internet Services
      1. Web Services
        1. Mac OS X Configuration Oddities
        2. General Security Considerations
        3. Running Apache on a Non-privileged Port
        4. Putting Apache in a Jail
        5. Configuring Authenticated Access
        6. SSL
          1. Enabling SSL with Apache
      2. Email Services
        1. Sendmail
        2. MailService
          1. Enabling SSL Encryption for MailService
      3. FTP
      4. Remote Login (SSH)
        1. Security Considerations
          1. Server Configuration
          2. Client Configuration
        2. SSH Tunnels
      5. Remote Apple Events
        1. Security Considerations
      6. Xinetd
        1. Configuring xinetd in Mac OS X
          1. The defaults Entry
          2. Service Entries
          3. ...And one more thing...
      7. Summary
    2. 7. File Sharing
      1. WebDAV Services
        1. Security Considerations
        2. Setting Up Secure WebDAV Services on Mac OS X
          1. Modifying the Apache Config
          2. Creating the Lock File
          3. Setting Up and Securing Locations
          4. Setting Access Passwords
        3. Additional WebDAV Options
      2. Apple File Services
        1. AFS Security Model
        2. Configuring AFS Via Server Settings
        3. Configuring AFS Via Workgroup Manager
      3. SMB File Services
        1. SMB Security Models
        2. Configuration Through Server Settings
        3. Configuration Through Workgroup Manager
        4. Configuration Through Terminal
          1. IP Access Control
          2. Veto Files
        5. Logging
      4. Network File System
        1. NFS Structure
        2. Configuring NFS Through Server Settings
        3. Configuring NFS Through Workgroup Manager
        4. Configuring NFS Through Terminal
        5. Re-Exporting Via AFS
      5. Personal File Sharing
      6. Making Secure AFS Connections
      7. Summary
    3. 8. Network Services
      1. Firewalling
        1. Using Built-in Tools
          1. Mac OS X Client
          2. Mac OS X Server
        2. Manually Configuring the Firewall
          1. Kernel Configuration
        3. Alternatives to Apple
      2. VPN
        1. IPSec
          1. Under the Hood
            1. racoon
        2. PPTP
          1. PPTP Via Internet Connect
            1. vpnd
      3. AirPort Security
        1. Configuring WEP
        2. Using LEAP
        3. Static ARP
        4. Software Base Station
      4. Antivirus Protection
        1. Common Sense
          1. Unknown Documents
          2. Preview Panes and Embedded Objects
          3. Network Shares
        2. Antivirus Software
      5. Summary
  10. IV. Enterprise Security
    1. 9. Enterprise Host Configuration
      1. Login Window
        1. Changing the Login Window Graphic
        2. Adding a Login Banner
        3. Using Kerberos Authentication
      2. Kerberos
        1. Integrating Mac OS X Clients into a Kerberos Environment
        2. Using Kerberized Services on Mac OS X Server
          1. Security Issues with Kerberos and Mac OS X Services
      3. Rendezvous
        1. Rendezvous Security
      4. Summary
    2. 10. Directory Services
      1. Yet Another “The Basics”
      2. NetInfo
        1. Authentication
        2. Authorization
          1. The _writers* Property
          2. The trusted_networks Property
        3. Data Privacy
      3. Open Directory
        1. Connecting Mac OS X to an Open Directory Server
        2. Authentication
        3. Authorization
        4. Data Privacy
      4. More Fun with Directory Access
        1. AppleTalk
        2. BSD Configuration Files
        3. LDAPv2
        4. LDAPv3
        5. NetInfo
        6. Rendezvous
        7. SLP
        8. SMB
      5. Summary
  11. V. Auditing and Forensics
    1. 11. Auditing
      1. The Importance of Logging
      2. General Considerations
        1. The Importance of Time
        2. Permissions and Access
        3. Log Rotation
        4. Log Archives and Secure Storage
      3. Logging Options and Configuration
        1. Syslog
          1. Isolating SSH Messages
          2. Isolating sudo Messages
          3. Isolating xinetd Server Messages
        2. Logging Network Services
          1. AFS
          2. FTP
          3. Windows File Sharing (SMB/CIFS)
          4. Print Services
          5. Mail Services
          6. Apache
          7. DNS
          8. DHCP and SLP
          9. QuickTime Streaming Server
          10. Software Update
          11. DirectoryService
          12. Watchdog
        3. CrashReporter
      4. Monitoring Logs
        1. The Basics
          1. Routine Audits
          2. Command Line Tools
        2. Automated Monitoring and Notification with swatch
          1. Installing swatch
          2. swatch Configuration
      5. Log Location Reference
      6. Summary
    2. 12. Forensics
      1. An Overview of Computer Forensics
        1. Acquisition
        2. Analysis
      2. Osiris
        1. General Security Considerations
        2. Installing Osiris
        3. Configuring and Automating Osiris
        4. Using Osiris to Monitor SUID Files
        5. Using scale
      3. Forensic Analysis with TASK
        1. Overview of TASK
        2. Getting the Data
        3. Analysis with TASK
          1. Analyzing the Filesystem
          2. Looking at Timestamps
      4. Summary
    3. 13. Incident Response
      1. What Does Incident Response Mean to You?
      2. Incident Response Life Cycle
        1. Preparation
          1. Asset Identification
          2. Escalation Procedures
          3. Chain of Custody
          4. Technical Procedure
            1. Detection
            2. Accurate Assessment
            3. Quick and Fully Contained Response
            4. Feedback
        2. Detection and Assessment
          1. Minimizing Change
          2. Point Person
        3. Response
          1. Isolating the System
          2. Backing Up the System
          3. Vulnerability Assessment and Mitigation
          4. System and Service Restoration
        4. Postmortem
      3. Summary
  12. VI. Appendixes
    1. A. SUID and SGID Files
      1. SUID Files
      2. SGID Files
    2. B. Common Data Security Architecture
      1. Benefits of the CDSA
      2. CDSA Structural Overview
        1. Add-in Modules
        2. Common Security Services Manager (CSSM)
        3. Security Services
        4. Apple’s CDSA Security Services
        5. A Note to Developers
    3. C. Further Reading
      1. Chapter 1—Security Foundations
      2. Chapter 2—Installation
      3. Chapter 3—Mac OS X Client General Security Practices
      4. Chapter 4—What Is This UNIX Thing?
      5. Chapter 5—User Applications
      6. Chapter 6—Internet Services
      7. Chapter 7—File Sharing
      8. Chapter 8—Network Services
      9. Chapter 9—Enterprise Host Configuration
      10. Chapter 10—Directory Services
      11. Chapter 11—Auditing
      12. Chapter 12—Forensics
      13. Chapter 13—Incident Response