Article by Malcolm McKeating
Book Review: Enterprise Mac Security - Mac OS X Snow Leopard
The length of the book (620 pages) is initially somewhat daunting. One is quickly and pleasantly surprised, however, at how each of the four authors have managed to successfully pack so much of their combined security expertise into the five main parts of which it is comprised.
Part 1 introduces security aspects of the Mac Operating System (OS) and contains 5 chapters that focus upon maintaining the integrity of the individual machine. This section is extremely useful for both new and seasoned Mac users as it reminds the reader of the wisdom of using a standard (rather than privileged) account for everyday use.
Also discussed are: the FileVault folder encryption utility, the Mac Firewall (not enabled by default), the securing of Bluetooth and how to share files securely.
Chapter 3 (Securing User Accounts) includes a step-by-step guide to setting up Parental Controls on a home machine – a new security feature with OS X and one that enables parents to establish a wide-ranging set of rules to both set time limits for their children’s use of the machine, and restrict their access to applications such as the browser, email and iChat.
Enterprise administrators looking to secure users at server level are provided with worked examples of how to restrict user privileges to accounts and applications.
Chapter 4 (File System Permissions) will satisfy even the ‘geekiest’ of users with explanations of the Posix method of controlling permission sets of system resources.
Chapter 5 (Reviewing Logs and Monitoring) explains which system logs to monitor regularly and, for those users running MS Windows in a virtual environment such as VMWare Fusion or Parallels there is a comprehensive explanation of the Windows Event Viewer, Task Manager and Performance Monitor ‘snap-in’ to discover a wealth of monitoring logs that provide information on virtual OS security.
Part 2 contains 4 chapters that cover the Internet security aspects of browsers and email, malware protection, and encryption of files and volumes. In this section the reader is introduced to two new security features (also found on the iPhone): Application Signing and Sandbox.
Application Signing is not a new concept but is implemented in OS X and addresses user concerns regarding the authenticity and integrity of an application. There’s an excellent description of how to create your own Certificate using the ‘Keychain Access’ utility and, if you are an application developer, using it to sign your own applications.
Sandbox allows developers (and normal users) to apply access controls to processes and restrict their privileges to system resources. This allows you to run un-trusted applications and processes in a safe ‘sandbox’ environment by applying mandatory access restrictions to them. Example sandbox profiles are available in the /usr/share/sandbox directory and this chapter has is a very comprehensive explanation of how to utilise them.
Also discussed is the securing of a variety of email and browser packages which, when read in conjunction with the chapter on malware, viruses, worms and rootkits, stresses the importance of using strong passwords, not accepting default configurations, and investing in good anti virus software.
Part 2 ends with an excellent review of encryption methods to secure complete hard drives, a single partition or create an encrypted file for storage of sensitive data.
Part 3 comprises 3 chapters that detail how to secure the network environment in which Mac enterprise servers typically operate.
Chapter 10 provides an excellent ‘Networking 101’ review of the basics, while Chapter 11 provides detailed guidance of how to best configure the Mac firewall.
Chapter 12 (Securing a Wireless Network) explains encryption protocols and network address translation and control. Although the Mac AirPort is the primary focus of this chapter, many of the security concepts are equally applicable to other wireless routers. Of note in this chapter is the excellent section on hacking wireless networks.
Part 4 comprises four chapters that explain how to securely share resources. File Services talks you through the pros and cons of sharing files using the Apple Filing Protocol (AFP) and the windows Server Message Blocks (SMB) protocol.
The book only gives a light tough to ‘Securing Web Services’ but in fairness the Mac uses the open-source Apache webserver: the most popular webserver (according to the Netcraft website) and one for which several books have already been written.
The chapter on Remote Connectivity takes the user through a wide variety of connection options. These range from performing remote management of other computers via the graphical Apple Remote Desktop (ARP) and Screen Sharing, to remotely connecting your laptop to the office using either an encrypted Secure Shell (SSH) tunnel, or a Virtual Private Network (VPN).
The final chapter in this section is Server Security and this is where the complexities of Kerberos, LDAP and Open Directory are discussed. This chapter is a must for Mac system administrators.
Part 5 (the final part) focuses more on hosted environments and explores the use of Intrusion Detection/Prevention services (IDS/IPS), the importance of backing up the system and Forensics, for the time when, despite your best efforts, your system is compromised.
As the Mac OS is Unix-based, excellent open-source tools, such as Nmap and Netcat, are reviewed and the reader is taken through the scanning and auditing procedures that are so necessary to help confirm an organisation’s IT infrastructure security.
Finally, there are four very useful appendices that provide:
- Details on how to secure a Storage Attached Network (SAN)
- A copy of the SANS Institute’s Acceptable Use Policy
- An explanation of Apple’s development architecture
- An Introduction to Cryptography
This book is an absorbing read and equally applicable to securely configuring a Mac server as it is to a Mac laptop. The only difficulty I had with this review was restricting the length – there is so much good quality security material available that it would be easy to allow the review to almost become a book in its own right.
Reviewer Name: Malcolm McKeating
Reviewer Qualifications: CLAS, CISM, CISA, ITPC Int.ISP (Assoc), ISO 27001 Lead Auditor
Book Title: Enterprise Mac Security
Subtitle: Mac OS X Snow Leopard
Author(s): Charles S Edge Jr., William Barker, Beau Hunter, Gene Sullivan
Date of Publishing: 7 June 2010
Cross-posted from Infosec Reviews