New security guide from Apple
Apple recently released a new version of its “Mac OS X Security Configuration Guide” specific to Tiger. This very detailed document spans the security gamut from “Installing Mac OS X” to “Securing Network Services.” It also spans the complexity gamut from trivial advise to multi-page Unix command line procedures. Here’s the full table of contents (along with a few comments of course) from its “Securing Network Services” section:
  1. Securing Apple Applications - Mail, Web browsing (Safari), IM (iChat). One unusual (and quite difficult) recommendation: “You should only send email that is digitally signed and encrypted.”
  2. Securing VPN
  3. Securing Firewall - ipfw command line tool along with the “built-in” UI
  4. About Internet Sharing - “violates many organizational security policies... activates DHCP, NAT, and Firewall services which are unconfigurable.”
  5. Enabling TCP Wrappers - why??
  6. Securing SSH - 6 pages of mostly command line stuff; great if you’re already an expert.
  7. Securing Bonjour
  8. Securing Network Services - AFP, Windows Sharing (“You should not enable Windows sharing, because there are well-known risks associated with SMB/CIFS.”), Personal Web Sharing, Remote Login (more ssh), FTP (“an insecure tool used for file sharing that should not be enabled,”) Apple Remote Desktop, Remote Apple Events, Printer Sharing, XGrid.
  9. Intrusion Detection Systems
There’s also a very nice “Security Checklist” appendix.
Friday, September 8, 2006