SecureMac.com
About SecureMac Advertise Security Consulting Mac Security Store Send Feedback

Site Information
Site Background
Who runs the site
Advertising
Security Consulting
Employment/Jobs
Feedback Form

SecureMac Software
PrivacyScan

 

Mac OS X Security
sudo buffer overflow exploit + fix
Disable Single User Boot Mode
Malevolence - Dumping Passwords
nidump security
Startup Security - Open Firmware Password Protection

Mac OS X Network Security
SAINT
Secure FTP Wrapper
Ettercap - sniffer interceptor logger
Snort - Network Intrusion Detection System
SSH Admin
SSH Helper
xnu - enable MAC Address spoofing


Mac OS X Virus

Mac OS X Firewalls
Firewalk Firewall Utility
NetBarrier X

Mac OS X App Sec.

Mac OS X Encryption
LittleSecrets
GPGMail - PGP Functionality

Mac OS X DoS

SecureMac Library
Mac Cable Modem Security
Mac Security Auditing
Mac OS X Security Understanding
Mac OS X Security Second Lessons
Mac OS X Security Third Lesson
Mac OS X Single User Mode Root Access
Mac OS X Shareware Firewalls
Mac OS X Secure Installation
Cable & DSL Connections - Security Measures
Better Safe than Sorry
Apple.com Security Resources
Marketing Macintosh Security Programs

Macintosh OS X Security - Second Lesson - Chevell


MAC OS X The early adopters have been using OSX 10.0 for the better part of two weeks now. Early adopters, while not all the UNIX gurus and application developers Apple targeted the release for, are zealous, ambitious and daring- perhaps too much so.

As I stated in my previous Mac OS X Security overview, Mac OS X is a completely new operating system to most Mac users. Its UNIX under pinnings are foreign to the point-and-click community. The interface is certainly foreign to anyone but NeXT/OpenStep users and Mac OS X Server administrators. Even to this select group OSX has a large amount of new and changed schemes and strategies, making the conversion to the platform a bit daunting. And even to the UNIX users, Mac OS X is part alien with its revised directory structure and customized binaries.

With all the foreign elements of Mac OS X it is important to approach the system with a certain degree of caution. Gone are the days when a Mac user can install an application, restart and then worry about what it does, removing it quite easily from service if any issue is detected. Virus software, tossed in the bottom desk drawer, now requires a second thought. A whole new outlook on security is required at this point in order to maintain data integrity and personal safety.

The previous article described several methods, which can help maintain security in any computer system. These steps are absolutely imperative to security and, without them, any further steps to ensure safety will be fruitless. Practice these methods religiously and effectively cut 95% of all hack attempts, malicious vandalism or virus attacks.

Beyond these basic steps, users can take advanced steps to ensure security on their new system. The best tip here is not doing anything. When the OS shipped, Apple had security on the brain. The system state directly after installation is the most secure point in the systemís entire life cycle. Itís the moment user accounts are added, preferences set, and sharing methods are opened that the system becomes susceptible to attack or failure.

Of course the whole point of having the computer, and connecting it to the Internet, is to use it, customize it and to share it. But caution should be taken when making such modifications. When adding a user via the User preference panel, ensure that the password is and will remain secure. Do not give Administrator access to every account. In fact, most systems will only need a single administrator account, while the rest may safely remain users.

Adding customized applications to the system can sometimes open up communication ports on the machine. Unbenounced to the user, this new application might even allow communication two an from a system from a remote server, even without warning. A perfect example of this kind of software is the Software Updater. This application contacts Apple Computer on a daily or weekly basis and allows Apple to install items onto your system. I am not suggesting that you turn off Software Update or even worry about it, because if you canít trust Apple, who can you trust? There are, however, several other types of applications that use Software Version Control to update software after communicating with a remote server, similar to the way the Software Updater does, but not from such a trustworthy source. If you find this option in a freshly installed application, it would be advisable to turn it off and use VersionTracker.com or similar resource to find the latest updates.

File and web sharing is a great way to get an instant Internet presence or connect to remote resources. It is also a great way to allow all sorts of malicious and maligned individuals access to personal data. There is always a new exploit found for this version of that software or a patch released to fix security issues in another. For this reason, use file and web sharing carefully. If the machine will not be used for remote Command Line Interface access, do not turn on the option for it in the Sharing preference panel. Also, not everyone needs a web site running from his or her daily workhorse. Most users have web server access via their Internet Service Provider and can simply leave the local web server off. FTP access is another oft not used feature that can most likely be turned off. File sharing with AppleShare of IP is probably adequate for most users.

Beyond not modifying the system from its install state, there are a few changes anyone can make to the system to help make it even more secure. SSH is Secure Shell and can be used to replace the telnet access provided with the operating system. Apple actually planned on bundling this security package with the system but licensing issues delayed it. Look for a patch from Apple to enable this option. Until then, OpenSSH is available on the web at Mac OS X.org and other related sites.

Keeping the system updated with the latest patches and software versions is also a great way to stay secure. As exploits are found in a particular software package, a company will release a patch or revision that will help close the hole. Apple will probably assist Mac OS X users with this task better then most other UNIX distributions but this remains to be seen. It might be required that the user be aware of these issues. SecureMac.com is a great place to stay up to date concerning these matters.

File permissions are a particularly sensitive area with regards to security. In its basic state, file permissions are of no consequence. When sharing methods are opened, however, these same permissions become a very large part of system security. It is not easy to modify the file permissions from the Graphical User Interface in Mac OS X but anyone who decides to dive into the CLI should take special care not to create any security holes when issuing commands via the command line. Information about file permissions and the CLI in general may be found in Mac OS X.orgís CLI Tutorials.

The key to secure commuting in the Mac OS X world is to be conscious of the environment, to stay up to date and to cautious of any changes made. Coupled with the basic steps for computer security outlined in part one of this article, these methods will help ensure a successful, safe and secure Mac OS X experience.

FEEDBACK TIME!


Enter Email Address:

Enter your message:


Select Either of These Two Buttons


Security + OS
DiskLock
PowerBook Security Control Panel
Empower Pro
FileGuard
FreeGuard
FoolProof
Deus Lock Master
OnGuard
Keys Off
LockOut
MacOS Algorithm
Modem Security
Password Key
PGPuam
PPF
Shift Key Suite
Stealth Signal
SuperLock Lite
SuperLock Pro
Web-Confidential


Macintosh Viruses
Disinfectant
Sophos Anti-Virus
Norton AntiVirus
Nav 7 Nav 6 Nav X
Virex - Oct
VirusBarrier - Netupdate
vScan - Discontinued.

Mac Physical Security


Macintosh Firewalls
DoorStop Firewall
Firewall Q & A
IPNetSentry
NetBarrier
Norton Personal Firewall

Mac Spyware & Privacy
Monitorer
NetShred - Delete Files Safely

Network Security
MacAnalysis
Oyabun Tools
WDTech RAE
ToolDaemon

Application Security Issues
AIM - AOL Instant Messenger
Back Orifice
Eudora E-Mail Client
Internet Configure
IE 5.1, OE 5.1, Powerpoint, Excel Vulnerability
MS Personal webServer
NetBus
Outlook Express 4.5 Password Flaw
SubSeven
Sub7ME Server

Resource Info
AppleShare Server Info

Mac OS Encryption
EnScript
FGP
FileTwister
ForgotIt?
GenPass
MacLockSmith
My-Privacy
My Secret
PGPi
PGPhone
PGP Personal
PGP Freeware
PowerCrypt-dev
Private File
Quick Encrypt
SubRosa Utilities
Tresor

Deleting Files
Eraser Pro
ShredIt

Backups

Apple Hardware

MacOS DoS
Mac Attack


All material (c) 2014 SecureMac.com and respected owners