Foundations of Mac OS X Leopard Security 213
jsuda writes "At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable." Read below for the rest of Jsuda's review.
Many of the security issues raised in the book are theoretical or deal with added elements of the Mac software install that contain non-Apple components — Apache Web server and Perl and PHP scripting packages, for example. Many of the items of concern deal with generic problem areas of computer usage in general, both software and hardware, which affect the Mac as well as any other computers and networks. While the perspective of the book is on the Mac, much of the security review will apply to any type of computer or network.| Foundations of Mac OS X Leopard Security | |
| author | Charles S. Edge, Jr., William Barker, and Zack Smith |
| pages | 455 |
| publisher | Apress |
| rating | 9 |
| reviewer | jsuda |
| ISBN | 978-1-59059-989-1 |
| summary | Best book on Mac Security |
Messieurs Edge, Barker, and Smith are seasoned Mac and security professionals who point out in a very systematic and comprehensive way the potential problems of running the Mac both in single use and networked environments. The focus is primarily on Mac OS X Leopard and the other software which comes with any new Mac computer, although there is some discussion of earlier OS X versions and earlier generations of Apple applications like Airport.
The book has five main parts covering general security matters, essential security fundamentals, networking, sharing, and workplace security issues. There are four very short appendices of modest value.
The initial first three chapters deal with general security and security fundamentals is basic stuff discussing how technical computer security issues are entwined with practical realities of using computers in a business or home, and that compromises between security and practicality generally must be made. There is discussion of types of security attacks, how the Windows booting programs, Parallels and Boot Camp, implicate Windows security issues on the Mac, and how the UNIX underpinnings of the Mac OS X allow for more sophisticated techniques and tools in securing the Mac computer and networks. Chapter 1 is a useful "quick start" guide of items which can be addressed readily by nearly any level of user to safeguard the Mac from many security concerns. Apple has provided a lot of built-in security features and services which can be adjusted by individual users to his or her own needs, like FileVault, Secure Trash, Keychain, permissions, and others. Higher-level users and maybe experienced security professionals not used to the Mac may be bored with the first part of the book.
Part two deals with protecting the Mac from malware and exploitable services in the OS and major applications like the Safari browser and Mail applications. It explains how malware can affect the Mac through script viruses, social engineering techniques, and other exploits. The book lists a number of available software tools which can help solve some of the potential problems. The section on reviewing and configuring monitoring processes and logs is especially interesting.
Securing networks, using and configuring firewalls, and wireless networking make up the bulk of part three. The content in chapters 7 through 9 is quite technical covering types of networks; routers, hubs and switches;proxy, DMZ, and other servers and hardware setups, advanced firewall configuration using both GUI and command line interfaces; filtering; traffic throttling; and more. The sections describing testing of firewalls and hacking wireless networks using tools like Kismac and iStumbler are especially useful.
Chapter 11, in part four, dealing with website security when utilizing the built-in Apple web services, includes a checklist of at least a dozen items to be dealt with in locking down a site. Security for remote conductivity is addressed also, with particular emphasis given to VPN, secure shell, and the use of network administration tools like Timbuktu and DAVE. Attention is given to both the standard Mac OS X installation as well as to OS X Server. The most complex discussions involve using Open Directory in a security plan. My favorite sections were in chapters 14 on network scanning, monitoring, and intrusion prevention tools. The book describes how to understand your own machine/network security status by learning how to attack other networks. And how to use techniques like white/black box testing, fingerprinting, enumeration, port and TCP/UDP scans, ping sweeps, and more.
The book describes how intrusion detection is accomplished. Guidance is provided on software tools like Tripwire, snort, Checkmate, and others. The last chapter concerns forensics and how to handle attempted or successful intrusions to both understand security weaknesses and to preserve evidence for civil or criminal proceedings, CSI-like.
Nearly all of the presentations cover two levels of interactivity using either GUI-based tools or the command line. Except for a handful of sections, the presentations are useful even for higher-end users, including those dealing with medium to large networks.
The writing is workmanlike and without style or wit, but carefully organized and expressed. There are plenty of (grayscale) screenshots of relevant software application configurations, and sidebar Notes and Tips on many topics. Anyone who has a serious interest in Mac OS X security will benefit from this book as its main virtue is its systematic and comprehensive approach to the issues. It is designed to inform users of all levels how and why to think about OS X security. Geeks who want or need to know Mac OS X security will get a nicely organized book sufficiently filled with useful content. This is not a book intended to raise all security issues or to provide all the answers. It does answer many problems, and will point nearly all users in the right direction for their specific needs.
You can purchase Foundations of Mac OS X Leopard Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Re:OMG WTF (Score:1, Informative)
Re:no mac viruses (Score:3, Informative)
Link please? I only ask because often the Mac viruses that people point to turn out to be trojans, such as the Leap-A "worm" that requires a user to open a file that downloaded as a tgz, unzip it, then run the executable inside.
Re:A good start to the discussion (Score:3, Informative)
The thing though is, Apple doesn't have to do anything about them and they will still have a more secure system then MS. The first reason is that unless Apple gives users root access by default, they can't screw up most of Unix. The second part is, Apple has been and always will be the underdog, giving MS the majority of the targets. The third part is, an open source core, so if people complain about security holes, Apple can give them the source and tell them to fix it yourself. Basically, it doesn't matter what Apple does, OS X will always be more secure then Windows in the number of exploited flaws. Because if they aren't exploited, then they don't really matter.
Re:OMG WTF (Score:3, Informative)
Mac OS X is based on the Mach kernel and is derived from the Berkeley Software Distribution (BSD) implementation of Unix in Nextstep.
So the kernel is not Mach but based on it. Specifically the kernel is a hybrid kernel called XNU that was developed by Next. The other parts are based on Nextstep's BSD.
Re:Actually, there are other advantages... (Score:3, Informative)
btw, replying again, if you want to check out which frameworks Mac programs use, open a command line (thats in Applications/Utilities) and cd to the application direction. For instance:
% cd /Applications/Mail.app/
Then go to the binary--
% cd /Applications/Mail.app/Contents/MacOS
and run the otool command:
% otool -L Mail
Re:A good start to the discussion (Score:2, Informative)
No. OS X is more secure because it keeps proper privilege separation, adheres more closer to certain industry standards and "best practices," and uses sandboxing for suspect apps (among other things). The actual parentage of the kernel has nothing to do with the security, nor did I claim it did--though the proper priviledge separation and sandboxing came to Apple from the BSD community.
Now, once again, if you wish to actually respond to something I wrote rather than to what your prejudices choose to project upon me, you might want to start with my posting history. You'll see i'm not a fanboi of any particular operating system: all of them that I have used have had features I liked, and features I disliked. I am only a "fanboi" of whatever tool it takes to get the job done, and if that tool comes from Richmond, Cupertino, or Helsinki makes not one bit of difference to me.