A security policy, at a minimum, should define the tools used on a network for security, the appropriate behavior of employees and network users, the procedures for dealing with incident
Trang 1this print for content only—size & color not accurate spine = 0.9237" 488 page count
Foundations of Mac OS X Leopard Security
Dear Reader,
As instructors, course authors, systems administrators, and consultants for Mac networks big and small, we have run into hundreds of security problems at our clients and discussed them with our students for years We have watched the perception of OS X security progress from being considered hogwash that only snake-oil salesmen would sell to something that is a legitimate concern that we all must consider We have watched exploits and new vulnerabilities come out and even discovered some of our own And now we want to share what we have learned over the years with you
By default, the Mac is a pretty darn secure computer But many of the things you do to the computer after you turn it on for the first time can increase or decrease how secure it is This book is about security from the perspective of
a systems administrator, or a Mac user, once you turn on that computer For some, this means securing your personal machine, your home network, or your small-business network from attacks For others, it means securing your enterprise from corporate miscreants Whatever environment you are pro-tecting, the principals are the same: provide the least amount of access that
is required while maintaining a satisfactory measure of usability Through detailed descriptions, step-by-step instructions, and command-line examples,
we present best practices for the home user and the enterprise security architect
Some of the examples and walk-throughs in this book come from our work in the field, perfecting hundreds of such procedures over the years Some of the examples, though, are new, written just for this book, based on our feedback from the community
Once you are finished reading this book, you will have a clearer understanding about the challenges that you will face as the person responsible for maintaining the network
We hope you will find that this book helps you solve those everyday security challenges and helps give you a new level of understanding about security and the Mac
Charles Edge, William Barker, and Zack Smith
Charles S Edge, Jr.,
author of
Mac Tiger Server
Little Black Book
Trang 3Foundations of Mac OS X Leopard Security
■ ■ ■
Charles S Edge, Jr., William Barker,
and Zack Smith
Trang 4FOUNDATIONS OF MAC OS X LEOPARD SECURITY
Copyright © 2008 by Charles S Edge, Jr., William Barker
All rights reserved No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.
ISBN-13 (pbk): 978-1-59059-989-1
ISBN-10 (pbk): 1-59059-989-6
ISBN-13 (electronic): 978-1-4302-0646-0
ISBN-10 (electronic): 1-4302-0646-2
Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1
Trademarked names may appear in this book Rather than use a trademark symbol with every occurrence
of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
Lead Editor: Jeffrey Pepper
Technical Reviewers: Mike Lee, Frank Pohlmann
Editorial Board: Clay Andres, Steve Anglin, Ewan Buckingham, Tony Campbell, Gary Cornell, Jonathan Gennick, Matthew Moodie, Joseph Ottinger, Jeffrey Pepper, Frank Pohlmann, Ben Renow-Clarke, Dominic Shakeshaft, Matt Wade, Tom Welsh
Project Manager: Candace English
Copy Editor: Kim Wimpsett
Associate Production Director: Kari Brooks-Copony
Senior Production Editor: Laura Cheu
Compositor: Susan Glinert Stevens
Proofreader: Nancy Bell
Indexer: Julie Grady
Cover Designer: Kurt Krames
Manufacturing Director: Tom Debolski
Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013 Phone 1-800-SPRINGER, fax 201-348-4505, e-mail orders-ny@springer-sbm.com, or visit http://www.springeronline.com.
For information on translations, please contact Apress directly at 2855 Telegraph Avenue, Suite 600, Berkeley, CA 94705 Phone 510-549-5930, fax 510-549-5939, e-mail info@apress.com, or visit http:// www.apress.com.
Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use eBook versions and licenses are also available for most titles For more information, reference our Special Bulk Sales–eBook Licensing web page at http://www.apress.com/info/bulksales.
The information in this book is distributed on an “as is” basis, without warranty Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly
by the information contained in this work.
Trang 5This book is dedicated to my loving wife, Lisa.
—Charles
To my family and friends, who incessantly inspire me to follow my dreams.
—William
Trang 6Contents at a Glance
About the Authors xvii
About the Technical Reviewer xix
Acknowledgments xxi
Introduction xxiii
PART 1 ■ ■ ■ The Big Picture ■ CHAPTER 1 Security Quick-Start 3
■ CHAPTER 2 Security Fundamentals 27
■ CHAPTER 3 Securing User Accounts 47
PART 2 ■ ■ ■ Security Essentials ■ CHAPTER 4 Malware Security: Combating Viruses, Worms, and Root Kits 75
■ CHAPTER 5 Securing Web Browsers and E-mail 93
■ CHAPTER 6 Reviewing Logs and Monitoring 125
PART 3 ■ ■ ■ Network Security ■ CHAPTER 7 Securing Network Traffic 149
■ CHAPTER 8 Setting Up the Mac OS X Firewall 171
■ CHAPTER 9 Securing a Wireless Network 197
PART 4 ■ ■ ■ Sharing ■ CHAPTER 10 File Services 227
■ CHAPTER 11 Web Site Security 249
■ CHAPTER 12 Remote Connectivity 271
■ CHAPTER 13 Server Security 293
Trang 7Intrusion Prevention Tools 343
■ CHAPTER 15 Backup and Fault Tolerance 373
■ CHAPTER 16 Forensics 395
■ APPENDIX A Xsan Security 415
■ APPENDIX B Acceptable Use Policy 419
■ APPENDIX C Secure Development 425
■ APPENDIX D Introduction to Cryptography 427
■ INDEX 431
Trang 9Contents
About the Authors xvii
About the Technical Reviewer xix
Acknowledgments xxi
Introduction xxiii
PART 1 ■ ■ ■ The Big Picture ■ CHAPTER 1 Security Quick-Start 3
Securing the Mac OS X Defaults 3
Customizing System Preferences 4
Accounts Preferences 4
Login Options 6
Security Preferences 8
FileVault 10
Infrared Controls in Security Preferences 12
Other System Preferences 13
Software Update 14
Bluetooth Security 16
Printer Security 19
Sharing Services 21
Securely Erasing Disks 21
Using the Secure Empty Trash Feature 23
Using Encrypted Disk Images 24
Securing Your Keychains 25
Best Practices 26
■ CHAPTER 2 Security Fundamentals 27
What Can Be Targeted? 28
The Accidental Mac Administrator 28
Kinds of Attacks 29
OS 9 vs OS X 30
Darwin vs Aqua 30
Trang 10viii ■C O N T E N T S
Unix Security 31
In the Beginning…the Command Line 32
Physical Security 36
Equipment Disposal 37
Physical Devices and Optical Media 38
Firmware and Firmware Password Protection 38
Open Firmware 39
EFI 39
Firmware Protection 39
Multifactor Authentication 44
Keeping Current: The Cat-and-Mouse Game 45
The NSA and the Mac 46
A Word About Parallels and Boot Camp 46
■ CHAPTER 3 Securing User Accounts 47
Introducing Authentication, Authorization, and Identification 47
Managing User Accounts 48
Introducing the Account Types 49
Adding Users to Groups 51
Enabling the Superuser Account 52
Setting Up Parental Controls 54
Managing the Rules Put in Place 60
Restricting Access with the Command Line: sudoers 62
Securing Mount Points 68
SUID Applications: Getting into the Nitty-Gritty 69
Creating Files with Permissions 70
PART 2 ■ ■ ■ Security Essentials ■ CHAPTER 4 Malware Security: Combating Viruses, Worms, and Root Kits 75
Classifying Threats 75
The Real Threat of Malware on the Mac 77
Script Virus Attacks 79
Socially Engineered Viruses 79
Trang 11■C O N T E N T S ix
Using Antivirus Software 80
Antivirus Software Woes 80
Norton AntiVirus 80
ClamXav 81
Sophos Anti-Virus 84
McAfee VirusScan 86
Best Practices for Combating Viruses 86
Other Forms of Malware 87
Adware 87
Spyware 88
Root Kits 89
■ CHAPTER 5 Securing Web Browsers and E-mail 93
A Quick Note About Passwords 93
Securing Your Web Browser 94
Securing Safari 94
Securing Firefox 97
Configuring Mail Securely 103
Using SSL 103
Securing Entourage 106
Fighting Spam 109
Filtering Mail for Spam 110
Filtering with Entourage 111
Using White Listing in Entourage 112
Using PGP to Encrypt Mail Messages 113
Configuring PGP Desktop 114
GPG Tools 119
Using Mail Server–Based Solutions for Spam and Viruses 119
Kerio 120
Mac OS X Server’s Antispam Tools 122
CommuniGate Pro 123
Outsourcing Your Spam and Virus Filtering 124
■ CHAPTER 6 Reviewing Logs and Monitoring 125
What Exactly Gets Logged? 125
Using Console 127
Viewing Logs 127
Marking Logs 128
Finding Logs 129
Trang 12x ■C O N T E N T S
Reviewing User-Specific Logs 130
Reviewing Library Logs 132
secure.log: Security Information 101 133
ipfw.log 133
Breaking Down Maintenance Logs 135
daily.out 136
Yasu 137
weekly.out 138
monthly.out 139
What to Worry About 140
Parallels and Bootcamp Logs 140
Event Viewer 140
Task Manager 142
Performance Alerts 143
Review Regularly, Review Often 143
Accountability 143
Incident Response 144
PART 3 ■ ■ ■ Network Security ■ CHAPTER 7 Securing Network Traffic 149
Understanding TCP/IP 149
Types of Networks 151
Peer-to-Peer 151
Configuring Peer-to-Peer Networks 152
Client-Server Networks 153
Understanding Routing 154
Packets 154
Port Management 157
DMZ and Subnets 158
Spoofing 159
Stateful Packet Inspection 160
Data Packet Encryption 160
Understanding Switches and Hubs 160
Restricting Network Services 163
Security Through 802.1x 164
Proxy Servers 165
Squid 167
A Layered Approach 169
Trang 13■C O N T E N T S xi
■ CHAPTER 8 Setting Up the Mac OS X Firewall 171
Introducing Network Services 171
Controlling Services 173
Configuring the Firewall 175
Working with the Firewall in Leopard 175
Working with Default Services in Tiger 177
Allowing Non-Apple Services in Tiger 178
Setting Advanced Features 179
Testing the Firewall 182
Using Mac OS X to Protect Other Computers 183
Using Third-Party Firewalls 185
Doorstop X 186
Flying Buttress 186
Working from the Command Line 187
Getting More Granular Firewall Control 187
Using ipfw 189
Using dummynet 193
■ CHAPTER 9 Securing a Wireless Network 197
Wireless Network Essentials 198
Introducing Apple AirPort 199
Configuring Older AirPorts 200
AirPort Utility 202
Configuring Current AirPorts 203
Limiting the DHCP Scope 206
Hardware Filtering 207
AirPort Logging 209
Hiding a Wireless Network 210
Base Station Features in the AirPort Utility 211
The AirPort Express 211
Wireless Security on Client Computers 212
Securing Computer-to-Computer Networks 213
Wireless Topologies 214
Wireless Hacking Tools 215
KisMAC 215
Detecting Rogue Access Points 217
iStumbler and Mac Stumbler 217
MacStumbler 220
Ettercap 220
EtherPeek 220
Trang 14xii ■C O N T E N T S
Cracking WEP Keys 221
Cracking WPA-PSK 222
General Safeguards Against Cracking Wireless Networks 222
PART 4 ■ ■ ■ Sharing ■ CHAPTER 10 File Services 227
The Risks in File Sharing 227
Peer-to-Peer vs Client-Server Environments 227
Using POSIX Permissions 228
Getting More Out of Permissions with Access Control Lists 229
Sharing Protocols: Which One Is for You? 230
Apple Filing Protocol 231
Samba 233
Using Apple AirPort to Share Files 235
DAVE 239
FTP 245
Permission Models 246
■ CHAPTER 11 Web Site Security 249
Securing Your Web Server 249
Introducing the httpd Daemon 250
Removing the Default Files 251
Changing the Location of Logs 251
Managing httpd 252
Using ModSecurity 252
Restricting Apache Access 252
Running on a Nonstandard Port 252
Use a Proxy Server 253
Using CGI 253
Disabling Unnecessary Services in Apache 254
PHP and Security 254
Securing PHP 255
Tightening PHP with Input Validation 255
Trang 15■C O N T E N T S xiii
Taming Scripts 256
Securing Your Perl Scripts 256
Securing robots.txt 258
Blocking Hosts Based on robots.txt 259
Protecting Directories 260
Using the htaccess File to Customize Error Codes 261
Using htaccess to Control Access to a Directory 262
Tightening Security with SSL 263
Implementing Digital Certificates 264
Protecting the Privacy of Your Information 264
Protecting from Google? 266
Enumerating a Web Server 267
Securing Files on Your Web Server 268
Securing Directory Listings 269
Uploading Files Securely 270
Cross-Site Scripting Attacks (XSS) 270
■ CHAPTER 12 Remote Connectivity 271
Built-in Remote Management Applications 272
Screen Sharing 272
Back to My Mac 274
Remote Management 275
Timbuktu 278
Using Secure Shell 282
Further Securing SSH 283
Using a VPN 284
Connecting to Your Office VPN 284
Setting Up PPTP 285
Setting Up L2TP 287
PPP + SSH = VPN 287
■ CHAPTER 13 Server Security 293
Limiting Access to Services 293
The Root User 294
Foundations of a Directory Service 295
Defining LDAP 295
Defining Kerberos 296
Trang 16xiv ■C O N T E N T S
Configuring and Managing Open Directory 297
Securing LDAP: Enabling SSL 300
Securing Open Directory Accounts by Enabling Password Policies 301
Securing Open Directory Using Binding Policies 303
Securing Authentication with PasswordServer 305
Securing LDAP by Preventing Anonymous Binding 307
Securely Binding Clients to Open Directory 309
Further Securing LDAP: Implementing Custom LDAP ACLs 311
Creating Open Directory Users and Groups 311
Securing Kerberos from the Command Line 314
Managed Preferences 315
Enhanced Security for Managed Preferences in Leopard 317
Providing Directory Services for Windows Clients 319
Active Directory Integration 320
Web Server Security in OS X Server 323
Using Realms 323
SSL Certs on Web Servers 325
File Sharing Security in OS X Server 326
A Word About File Size 328
NFS 328
AFP 329
SMB 332
FTP 333
Wireless Security on OS X Server Using RADIUS 333
DNS Best Practices 334
SSL 335
Reimporting Certificates 337
SSHD 337
Server Admin from the Command Line 338
iChat Server 338
Securing the Mail Server 339
Limiting the Protocols on Your Server 340
97a7b91d187e1703ee1e25f687516049
Trang 17■C O N T E N T S xv
Prevention Tools 343
Scanning Techniques 343
Fingerprinting 344
Enumeration 346
Firewalk 347
Vulnerability and Port Scanning 347
Other Scanning Techniques 351
Intrusion Detection and Prevention 351
Host Intrusion Detection System 351
Using Checkmate 353
Network Intrusion Detection 353
Security Auditing on the Mac 361
SAINT 361
Nessus 362
Metasploit 369
■ CHAPTER 15 Backup and Fault Tolerance 373
Time Machine 373
Restoring Files from Time Machine 377
Using a Network Volume for Time Machine 378
SuperDuper 379
Backing Up to Mac 380
Retrospect 383
Configuring Retrospect to Backup to Tape 384
Installing the Retrospect Client 388
Checking Your Retrospect Backups 389
Using Tape Libraries 390
Backup vs Fault Tolerance 391
Fault-Tolerant Scenarios 391
Round-Robin DNS 392
Load-Balancing Devices 393
Cold Sites 393
Hot Sites 393
Trang 18xvi ■C O N T E N T S
■ CHAPTER 16 Forensics 395
Incident Response 395
MacForensicsLab 396
Installing MacForensicsLab 397
Using MacForensicsLab 401
Image Acquisition 403
Analysis 405
Salvage 407
Performing an Audit 410
Reviewing the Case 411
Reporting 411
Other GUI Tools for Forensic Analysis 412
Command-Line Tools for Forensic Analysis 413
■ APPENDIX A Xsan Security 415
■ APPENDIX B Acceptable Use Policy 419
■ APPENDIX C Secure Development 425
■ APPENDIX D Introduction to Cryptography 427
■ INDEX 431
Trang 19About the Authors
■CHARLES EDGE has been working with Apple products since he was a child Professionally,
Charles started with the Mac OS and Apple server offerings in 1999 after years of working with
various flavors of Unix Charles began his consulting career working with Support Technologies
and Andersen Consulting In 2000, he found a new home at 318, a consulting firm in Santa
Monica, California, which is now the largest Mac consultancy in the country At 318, Charles
leads a team of more than 40 engineers and has worked with network architecture, security,
and storage for various vertical and horizontal markets Charles has spoken at a variety of
conferences including DefCon, Black Hat, LinuxWorld, Macworld, and the WorldWide Developers
Conference Charles’ first book, Mac Tiger Server Little Black Book, can be purchased through
Paraglyph Press Charles recently hung up his surfboard and moved to Minneapolis,
Minne-sota, with his wife, Lisa Charles can be contacted at krypted@mac.com
■WILLIAM BARKER is a technical consultant at 318 and a freelance writer He has a penchant for
all things Web 2.0 related and is eagerly anticipating the day he can wash his dishes and take out
the trash online His web site, techiestravel.com, is a hobby haven for two of his passions,
technology and travel He also wears a musician hat from time to time, making music: DJing,
playing guitar, playing piano, and mixing CDs for friends He lives in Venice, California, with his
trusty automobile, Lucille
■ZACK SMITH has been working as an IT consultant his entire adult life He has consulted for
insurance companies, entertainment companies, medical organizations, and governmental
agencies Zack is an Apple Certified Trainer and has taught at Apple and various market centers
in Boston, Virginia, Los Angeles, and Cupertino As a certified instructor, Zack has taught Apple’s
Security Best Practices class, as well as many other system administrator–level classes (such as
Mac OS X Deployment and Mac OS X Directory Services) Zack has been a speaker at Macworld
San Francisco as well as many other smaller venues such as IT user groups Zack is also the
author of a set of open source IT administration software and scripts and has long-term plans
of being a full-time Objective C developer When not attending IT and security conferences or
traveling for work at 318, Zack can be found in Portland, Oregon, with his partner in crime,
Anna, and dog, Watson
Trang 21About the Technical Reviewer
■MIKE LEE, the world’s toughest programmer, has been bending computers to his will since the
mid-90s Having recently retired as majordomo of Delicious Monster Software, he’s now working
at United Lemur, a charity-driven software company dedicated to raising money and
aware-ness for Madagascar and the world’s few remaining lemurs Mike and his wife are originally
from Honolulu but currently live in Seattle, where they are raising two cats Mike’s hobbies
include weightlifting, single malts, and fire Mike can be contacted at mike@unitedlemur.org
Trang 23Acknowledgments
I’d like to thank all the folks at Apple for the hard work they have put into the various flavors of
OS X and into educating the Mac community on their fantastic product, in particular, Joel Rennich,
Schoun Regan, Josh Wisenbaker, Greg Smith, JD Mankovsky, David Winter, Stale Bjorndal,
Eric Senf, Cawan Starks, Martin Libich, and a short list of others who have helped me through
the years! This includes the late Michael Bartosh, who is sorely missed on many fronts
Thanks are also in order to the crew at 318 for their hard work, especially Kevin Klein
Without you guys I never would have been able to take the time to complete this book: David,
Tim, Thomas, Beau, Zack, Kevin, Kevin, William, Joel, Robert, Jordan, Susie, Dan, Phil, Max,
Daniel, Adrian, John, John, Jon, Marc, Monica, Karl, Chris, Cade, Christian, Eli, Drake, Erin,
Ehren, Kennon, Theresa, Tony, and everyone else
Also thanks to the fine staff at Apress for turning this book into something to be proud of:
Jeffrey Pepper, Candace English, Kim Wimpsett, Tina Nielsen, Steve Anglin, and the myriad of
others whose hard work went into this title Thanks also to the technical reviewer, Mike Lee,
and to my coauthors, Zack and William
I also have to thank the organizers of SANS, DefCon, BlackHat, LayerOne, and the other
security conferences and those in the white/gray hat and InfoSec communities for bringing to
light many vulnerabilities before they are discovered by others with a flair for exploitation
Finally, a huge thanks goes out to the open source community It is on the shoulders of these
giants that we all sit!
Charles S Edge, Jr
Many thanks are in order for making this dream a reality I’d be remiss if I didn’t thank my
coauthor Charles Edge who brought me into this crazy experience in the first place Thank you
to everyone at Apress (Candace, Laura, Mike, Kim, and all the others) for their tireless work and
dedication to this book The development team at Apple should be acknowledged for their
constant desire to improve and reinvent a product that continues to amaze novices and experts
alike My parents deserve a huge thank you for introducing me to the wonders of reading and
computer technology at a very early age A heartfelt thanks goes to my good friend Adam, who
took a chance at giving me my first paid writing job and is a constant inspiration to my craft
Last but certainly not least, this book is inspired by the technical writers of the world It is an
unsung art to write technically, and the attention to detail that those who write books covering
technical materials must provide is truly staggering Because of their experimentation, we learn
how to make our lives easier and more enjoyable
William Barker
Trang 25Introduction
A common misconception in the Mac community is that the Mac is more secure than any
other operating system on the market Although this might be true in most side-by-side
anal-yses of security features right out of the box, what this isn’t taking into account is that security
tends to get overlooked once the machine starts to be configured for its true purposes For
example, when sharing is enabled or remote control applications are installed, then a variety of
security threats are often established—no matter what the platform is
In the security sector, the principle of least privilege is a philosophy that security professionals
abide by when determining security policies This principle states that if you want to be secure,
you need to give every component of your network the absolute minimum permissions required
to do its job But what are those permissions? What are the factors that need to be determined
when making that decision? No two networks are the same; therefore, it’s certainly not a
deci-sion that can be made for you It’s something you will need to decide for yourself based on what
kinds of policies are implemented to deal with information technology security
Security Beginnings: Policies
Security in a larger organization starts with a security policy When looking to develop security
policies, it is important that the higher-level decision makers in the organization work hand in
hand with the IT team to develop their policies and security policy frameworks A security policy, at
a minimum, should define the tools used on a network for security, the appropriate behavior of
employees and network users, the procedures for dealing with incidents, and the trust levels
within the network
The reason policies become such an integral part of establishing security in a larger
environ-ment is that you must be secure but also be practical about how you approach security in an
organization Security can be an impediment to productivity, both for support and for nonsupport personnel People may have different views about levels of security and how to enforce it A
comprehensive security policy makes sure everyone is on the same page and that the cost
vs protection paradigm that IT departments follow are in line with the business logic of the
organization
On small networks, such as your network at home, you may have a loose security policy
that states you will occasionally run security updates and follow a few of the safeguards outlined in this book The smaller a network environment, the less likely security is going to be taken seriously However, for larger environments with much more valuable data to protect, the concern for
security should not be so flippant For example, the Health Insurance Portability and Accountability Act (HIPAA) authorizes criminal penalties of up to $250,000 and/or 10 years imprisonment
per violation of security standards for patient health information The Gramm-Leach-Bliley Act
establishes financial institution standards for safeguarding customer information and imposes
penalties of up to $100,000 per violation
Trang 26xxiv ■I N T R O D U C T I O N
Everyone in an organization should be concerned about security policies because everyone is affected to some extent Users are often affected the most, because policies often consist of a set of rules that regulate their behavior, sometimes making it more difficult for them to accomplish their tasks throughout their day The IT staff should also be consulted and brought into the decision-making process since they will be required to implement and comply with these policies, while making sure that the policies are realistic given the budget available
In addition, you must notify people in advance of the development of the policy You should contact members of the IT, management, and legal departments as well as a random sampling
of users in your environment The size of your policy development will be determined by the scope of the policy and the size of your organization Larger policies may require many people
to be involved in the policy development Smaller policies may require participation by only one or two people within the organization
As an example, a restrictive policy that requires all wireless users to use a RADIUS server would incur IT costs not only from the initial install but also with the installs and configurations necessary to set up the RADIUS clients on each of the workstations A more secure RADIUS server would also cause additional labor over other less secure protocols such as WEP You also need to consider IT budgeting and staffing downtime
When developing your actual policy, keep the scope limited to what is technically able and easy to understand, while protecting the productivity of your users Policies should also contain the reasons a policy is needed and cover the contacts and responsibilities of each user When writing your policy, discuss how policy violations will be handled and why each item in the policy is required Allow for changes in the policies as things evolve in the
enforce-organization
Keep the culture of your organization in mind when writing your security policy Overly restrictive policies may cause users to be more likely to ignore them Staff and management alike must commit to the policies You can often find examples of acceptable use policies in prepackaged policies on the Internet and then customize them to fulfill your organization’s needs
A Word About Network Images
Whether you are a home user or a corporate network administrator, the overall security policy
of your network will definitely be broken down into how your computers will be set up on the network For smaller environments, this means setting up your pilot system exactly the way you want it and then making an image of the setup If anything were to happen to a machine on your network (intrusion or virus activity, for example), you wouldn’t need to redo everything from scratch If you’re in a larger, more corporate environment, then you’ll create an image and deploy it to hundreds or thousands of systems using NetInstall, Casper Suite, LanDESK, or a variety of other tools that you may or may not have experience with
Risk Management
By the end of this book, we hope you will realize that if a computer is plugged into a network, it cannot be absolutely guaranteed secure In a networked world, it is not likely that you will be able to remove all of the possible threats from any networked computing environment To compile an appropriate risk strategy, you must first understand the risks applicable in your
Trang 27■I N T R O D U C T I O N xxv
specific environment Risk management involves making decisions about whether assessed
risks are sufficient enough to present a concern and the appropriate means for controlling a
significant risk to your environment From there, it is important to evaluate and select
alterna-tive responses to these risks The selection process requires you to consider the severity of the
threat
For example, a home user would likely not be concerned with security threats and bugs
available for the Open Directory services of Mac OS X Server However, in larger environments
running Open Directory, it would be important to consider these risks
Risk management not only involves external security threats but also includes fault
toler-ance and backup Accidentally deleting files from systems is a common and real threat to a
networked environment
For larger environments with a multitude of systems requiring risk management, a risk
management framework may be needed The risk management framework is a description of
streams of accountability and reporting that will support the risk management process for the
overall environment, extending beyond information technology assets and into other areas of
the organization If you are managing various systems for a large organization, it is likely there
is a risk management framework and that the architecture and computer policies you
imple-ment are in accordance with the framework
All too often, when looking at examples of risk management policies that have been
imple-mented in enterprise environments, many Mac administrators will cite specific items in the
policies as “not pertaining” to their environment This is typically not the case, because best
practices are best practices There is a reason that organizations practice good security, and as
the popularity of Mac based network environments grows, it is important that administrators
learn from others who have managed these enterprise-class environments
As mentioned earlier, managing IT risk is a key component of governmental regulations
Organizations that fall under the requirements of Sarbanes-Oxley, HIPPA, or the
Gramm-Leach-Bliley Act need to remain in compliance or risk large fines and/or imprisonment
Auditing for compliance should be performed on a regular basis, with compliance
documenta-tion ready and available to auditors
Defining what is an acceptable risk is not something that we, the authors of this book, can
decide Many factors determine what is an acceptable risk It is really up to you, the network
administrator, to be informed about what those risks are so that you can make an informed
decision We will discuss options and settings for building out secure systems and a secure
networked environment for your system However, many of the settings we encourage you to
use might impact your network or system in ways that are not acceptable to your workflow
When this happens, a choice must be made between usability and performance Stay as close
to the principle of least privilege as much as possible, keeping in mind that you still need to be
able to do your job
How This Book Is Organized
The first goal of this book is to help you build a secure image, be it at home or in the office, and
then secure the environment in which the image will be used This will involve the various
options with various security ramifications, but it will also involve the network, the sharing
aspects of the system, servers, and finally, if something drastic were to happen, the forensic
analysis that would need to occur
Trang 28xxvi ■I N T R O D U C T I O N
Another goal of this book is to provide you with the things to tell users not to do Adding items to enforce your policy and security measures will help you make your network, Mac, or server like a castle, with various levels of security, developed in a thoughtful manner To help with this tiered approach, we’ve broken the book down into five parts
Part 1: The Big Picture
First, an introduction to the world of security on the Mac comprises Part 1:
Chapter 1, “Security Quick-Start”: If you have time to read only one chapter, this is the
chapter for you In this chapter, we cover using the GUI tools provided by Apple to provide
a more secure environment and the best practices for deploying them We give dations and explain how to use these various features and when they should be used We also outline the risks and strategies in many of their deployments
recommen-Chapter 2, “Security Fundamentals”: In this chapter, we define many of the common risks
to users and computers We then focus on many of the common security principles used when securing an operating system and the network environment This chapter is a birds’-eye view into the complex world of information security
Chapter 3, “Securing User Accounts”: Mac OS X is a multiuser operating system One of
the most important security measures is to understand the accounts on your system and when you are escalating privileges for accounts This chapter explains how to properly secure these users and groups
Part 2: Security Essentials
Part 2 gets down to some of the essential elements of security on a Mac:
Chapter 4, “Malware Security: Combating Viruses, Worms, and Root Kits”: Viruses,
spyware, and root kits are at the top of the list of security concerns for Windows users However, Mac users are not immune In this chapter, we go into the various methods that can be used to protect Mac systems against these and other forms of malware
Chapter 5, “Securing Web Browsers and E-mail”: Safari, Firefox, Internet Explorer,
Mail.app, and Entourage—with all these programs to manage, how do you lock them all down appropriately? In this chapter, we discuss cookies, Internet history, and browser preferences and when you should customize these settings We also give some tips for third-party solutions for protecting your privacy In addition, this chapter provides readers with best security practices for the mail clients that they likely spend much of their time using
Chapter 6, “Reviewing Logs and Monitoring”: What good are logs if they aren’t reviewed?
In this chapter, we discuss what logs should be reviewed and what is stored in each file We then move on to various monitoring techniques and applications and the most secure ways to deploy them in typical environments
Trang 29■I N T R O D U C T I O N xxvii
Part 3: Network Security
Part 3 describes how you secure a Mac network:
Chapter 7, “Securing Network Traffic”: As useful as securing the operating system is,
securing the network backbone is a large component of the overall security picture In this
chapter, we explore some of the techniques and concepts behind securing the network
infrastructure This includes the common switches, hubs, and firewalls used in Mac
envi-ronments and the features you may have noticed but never thought to tinker with We also
cover how to stop some of the annoying issues that pop up on networks because of
unau-thorized (and often accidental) user behavior
Chapter 8, “Setting Up the Mac OS X Firewall”: The firewall option in Mac OS X is just a
collection of check boxes Or is it? We discuss using and securing the Mac OS X software
firewall, and we go into further detail on configuring this option from the command line
We also discuss some of the other commands that, rather than block traffic, allow an
administrator to actually shape the traffic, implementing rules for how traffic is handled,
and mitigate the effects that DoS attacks can have on the operating system
Chapter 9, “Securing a Wireless Network”: Wireless networking is perhaps one of the most
insecure things that users tend to implement themselves In this chapter, we cover
securing wireless networks, and then, to emphasize how critical wireless security is (and
how easy it is to subvert it if done improperly), we move on to some of the methods used to
exploit wireless networks
Part 4: Sharing
File Sharing needs a section all to itself Files are what hackers are after, and securing them
should be a top priority in any environment Part 4 covers the following:
Chapter 10, “File Services”: What is a permission model, and why do you need to know
what it is, when all you want to do is allow people access to some of the files on my
computer? Knowing the strategies involved in assigning file permissions is one of the most
intrinsic security aspects of a shared storage environment It is also important to
under-stand the specific security risks and how to mitigate them for each protocol used, including
AFP, FTP, NFS, and SMB, which are all covered in this chapter
Chapter 11, “Web Site Security”: Apache is quite possibly the most common web server
running on the *nix platform Entire books are dedicated to explaining how to lock down
this critical service In this chapter, we focus on the most important ways to lock down the
service and some Apple-centric items of Apache not usually found in discussions about
Apache on the *nix platform We also provide you with other resources to look to if you
require further security for your web server
Trang 30xxviii ■I N T R O D U C T I O N
Chapter 12, “Remote Connectivity”: One of the most dangerous aspects of administration
is the exposure of the very tools you use to access systems remotely Many of these programs do not always need to be running and can be further secured from their default settings In this chapter, we cover many of the methods for protecting these services and some of the ways that vendors should change their default settings to make them more secure We also cover some of the ways you can secure these tools, and we help adminis-trators make choices about how to best implement remote administration utilities to counteract these shortcomings
Chapter 13, “Server Security”: Mac OS X Server is very much like Mac OS X Client, without
many of the bells and whistles and with a more optimized system for sharing resources This is true with many server-based operating systems Because a Mac OS X server fills a different role in a networked environment, it should be treated differently from Mac OS X Client For this reason, we cover many of the security options that are available as well as those that are crucial to securing Mac OS X Server We also cover many of the security options from Mac OS X that should specifically not be used in Mac OS X Server
Included with server security is directory services, which are critical to expanding nology infrastructures By interconnecting all the hosts of a network, you are able to better control the settings and accounts on systems In this chapter, we also focus on the ways to securely deploy Mac OS X clients to various directory services and point out the items to ask for (if you are in a larger network infrastructure) or to set up in order to help make the directory service environment as secure as possible
tech-Part 5: Workplace Security
How secure is your work environment’s network? This part explores security as it pertains to environments with multiple Mac computers connected on a network:
Chapter 14, “Network Scanning, Intrusion Detection, and Intrusion Prevention Tools”:
Host-based intrusion detection systems (IDS) are quickly becoming a standard for offering signature-based and anomaly-based detection of attacks Some of these tools allow for augmenting the operating system settings to further secure the hosts on which they run In this chapter, we provide a best practices discussion for deploying and using IDSs We also cover the various attacks that have been developed over the past few years against IDS systems and explore add-ons for IDSs that provide rich aggregated data about the systems
Chapter 15, “Backup and Fault Tolerance”: If you don’t have a backup plan now, then you
will after you read this chapter Backups are the last line of defense in a security ment Backups are critical and should be provided in tiers In this chapter, we describe some of the strategies for going about implementing a backup plan, from choosing the right software package to properly implementing it We also cover some of the more common techniques for providing fault-tolerant services and the security risks that can be introduced by doing so
Trang 31environ-■I N T R O D U C T I O N xxix
Chapter 16, “Forensics”: What do you do when your systems are compromised? What
happens after the attack? In this chapter, we cover the basics of computer forensics and
how a user can be their own digital sleuth The goal is not to have you testifying in court on
large-scale network attacks but instead to help first responders get comfortable with safely
imaging Mac systems for investigations without contaminating evidence
Appendixes
The following are the appendixes:
Appendix A, “Xsan Security”: Here we provide tips on securing your Xsan.
Appendix B, “Acceptable Use Policy”: This appendix contains an acceptable use policy
from the SANS Institute that has been reprinted here with their consent
Appendix C, “Secure Development”: Here we give a brief rundown of Apple’s
develop-ment architecture
Appendix D, “Introduction to Cryptography”: In this appendix, we give a brief history of
cryptography and look at some of the protocols used today and how they came about
Trang 33■ ■ ■
P A R T 1
The Big Picture
Trang 35■ ■ ■
C H A P T E R 1
Security Quick-Start
If you are looking for a quick-and-dirty start to securing your Mac, this is the chapter for you
This chapter is meant as a quick-start, written for the “I need to get my Mac secured right away”
readers For the quick-and-dirty basics of getting your Mac secured, follow the instructions in
this chapter From Chapter 2 on, you’ll be introduced to all the other intricacies surrounding
securing the Mac OS, and we’ll explain why we suggest the quick-start steps in more detail
Keep in mind that Chapter 1 gives just the basics, and although it will leave you with a fairly
secure system, it’s not as comprehensive as the subsequent chapters, where we delve deeper
into the specifics of most settings To get a more thorough understanding of Mac OS X security
and the tools you can use to secure your Mac, we urge you to keep reading beyond the basics
Securing the Mac OS X Defaults
Mac OS X, because it is built on a Unix architecture, is a fairly secure and stable operating system
right out of the box There is a commonly held belief that the Mac can be further secured only
through the Unix command line and that the graphical user interface (GUI) does not need to
be tinkered with to make it more secure This could not be further from the truth There are
many ways in which Mac OS X can and should be made more secure without dipping into the
Unix command line
In fact, there are many security holes built into the Mac OS intentionally Why is that? The
answer lies in the relationship between ease of use and security Generally, in the world of
operating systems, the easier an operating system becomes to use, the less secure it is When
the engineers at Apple redesigned their OS from 9 to X, with the most advanced operating
system architecture out there, they considered security very heavily, but they also considered
usability To ensure the most secure operating system possible without sacrificing ease of use,
many security features are disabled by default, giving you, the user, the choice of whether to
practice good security by enabling or disabling the features
Having said that, many features of Mac OS X are already fairly secure without changing
anything out of the box, with little—or no—trade-off to functionality In fact, certain features
should not be changed unless changing them is absolutely required; for example, you should
not enable the root account unless you need to run a process that requires it, as is the case with
programs such as Carbon Copy Cloner Remember that when defaults are temporarily changed
to complete certain tasks, you will need to go back and undo the changes after you have completed
the tasks that required the change Many security breaches occur because users forget to put
security settings back the way they were
Trang 364 C H A P T E R 1 ■ S E C U R I T Y Q U I C K - S T A R T
Customizing System Preferences
The default settings for Mac OS X’s System Preferences are fairly secure but can be further mized to provide a higher level of protection Seemingly innocuous settings can be used to exploit some of the Mac’s core features Therefore, to reduce the likelihood that this will occur, you should go through the options listed throughout the next few pages and disable any that aren’t being used You can then enable any security features that will not conflict with your needs along the way
opti-One of the most important concepts to understand with OS X security is that your computer
is a multiuser operating system Every machine has at least one user account and one local
administrative account (sometimes referred to as the root account), which has access to take
ownership of all the files on the system There will always be more than one account on the machine and thus the potential for multiple breaches in security In the next section, we will
be getting a little more familiar with account settings and the ways in which you can secure users in the Accounts preference pane
Accounts Preferences
In this section, we will tackle the most important topic: passwords Your system is only as secure as your passwords The stronger a password, the longer it will take to break In Mac OS X, Apple has developed the Password Assistant to assist with password security To set a password, open the Accounts preference pane, and click your account This opens a window with your name, short name, and an option to change your password (see Figure 1-1) The name is typically your full name or the full name you may have entered when the account was created The short name is a shortened version of the name (the first letter of the first word and the full second word by default)
in this section: disabling login items, setting account types, and basic user security
Notice that there is no password; there is only an option to change a password Apple fully designed this pane so that a user could not easily view another user’s password; with administrator access, they would only be able to change it This is becoming a fairly standard practice with password handling industry-wide When you click the Change Password button
care-on the Accounts preference pane, a smaller window will pop up asking you to type the old word and then the new password (see Figure 1-2) You must enter the new password twice to ensure accuracy
Trang 37pass-C H A P T E R 1 ■ S E C U R I T Y Q U I C K - S T A R T 5
Figure 1-1 Account settings
Figure 1-2 Changing a password
Clicking the key icon in the Change Password window opens the Password Assistant (see
Figure 1-3) The Password Assistant is a random password generator that can be used to help
create a more secure password It’s a great utility if you need suggestions for more complex
passwords All too often users will use passwords such as password and god This tool was created
to counteract this alarming trend
Trang 386 C H A P T E R 1 ■ S E C U R I T Y Q U I C K - S T A R T
Figure 1-3 Password Assistant
#, or $ Using various sets of characters yields very secure passwords
Login Options
To make the login screen more secure, you should alter the default settings of the Login Options tab
in the Accounts preference pane Click the Login Options button of the Accounts preference pane (You may need to click the little padlock icon at the bottom of the screen to access this screen as an administrator.) The Show the Restart, Sleep, and Shut Down Buttons option of the Login Options window (see Figure 1-4) is enabled by default If this option is disabled, when the machine boots, it will hide these buttons at the login window so that users cannot shut the system down at the login screen Any systems that provide services that need to be running for other users should have this option disabled
The Show Password Hints option can be helpful if you need a hint to remind you of your password in case you forget it However, this can also give someone trying to guess your pass-word valuable insight into what the password may be For example, it is common to have a hint something along the lines of “My dog’s name.” This would require very little effort on the part
of someone attempting to break into your system to guess your password All too often, we find that users enter the actual password into the password hint field Obviously, this is not best practice in any situation unless it is merely impossible for you to memorize your password
passwords down
Trang 39C H A P T E R 1 ■ S E C U R I T Y Q U I C K - S T A R T 7
Figure 1-4 Login options
The Enable Fast User Switching option is a way to allow multiple users to log into the
computer concurrently This allows users to stay logged in while accessing other accounts It
poses a security risk, though, because it is possible to access or alter processes being run by
other users To limit what each user can do to access another user’s processes, make sure that
all nonadministrative users are not allowed administrative access to the system Better yet, if
this is a feature that you are not likely to use, disable it by unchecking the Enable Fast User
Switching option If you do enable it, you will see the message in Figure 1-5 warning you that
this is a security risk
Figure 1-5 Fast user switching warning
The administrative user should be logged in only when administrative tasks (changing
passwords, configuring network settings, and so on) are necessary, not for everyday work This
is a key component of Unix system administration and a good way to keep from harming the
system by accident or accidentally allowing a rogue process to harm the system Running a
Trang 40pref-Figure 1-6 Creating an account
Once you have created the new account, log out of the administrative account and log in
as your nonadministrative account Remember, you can always copy your documents, music, and other data out of your administrative account and, if need be, log in as the administrative user to access anything that won’t copy using the regular user Migrating your user profile to a nonadministrative user creates a much more secure computing environment
Security Preferences
Another place to change the default settings for security purposes is in the Security preference panel (see Figure 1-7) Here, you will find options (that we explain in the rest of this section) for enabling many of the miscellaneous security features that Apple has developed that do not fit into any other System Preferences panel There are other items that allow for heightened security, but these are typically located within the applications or operating system features they were