book

Mac® OS X Security

by Bruce Potter, Preston Norvell, Brian Wotring

May 2003

Intermediate to advanced

408 pages

9h 23m

English

New Riders

Read now

Unlock full access

Copyright
Dedication
About the Authors
About the Technical Reviewers
Acknowledgments
Tell Us What You Think
Introduction
Organization and ContentPart I: The BasicsPart II: System SecurityPart III: Network SecurityPart IV: Enterprise SecurityPart V: Auditing and ForensicsPart VI: AppendixesTarget AudienceCode Convention Used in This Book
I. The Basics
1. Security Foundations
The BasicsThreats and RiskCommon MisconceptionsThe Nature of AttacksUnderstanding the TechnologyThe ToolsDarwinThe Command LineUNIX SecurityUsers and GroupsTypes of UsersRoot, the Super-UserUnderstanding User RolesAdministrative UsersSpecial UsersSpecial GroupsIntroducing NetInfoNetInfo SecuritySummary
2. Installation
To BSD or Not to BSDFilesystems—HFS+ Versus UFSA Tale of Two FilesystemsSecurity ConsiderationsMac OS X Install Step-by-StepPhysical SetupBeginning the InstallationChoosing and Partitioning the DiskCustomizing the InstallThe Setup Assistant (Mac OS X Client)The Setup Assistant (Mac OS X Server)Developer ToolsSummary
II. System Security

3. Mac OS X Client General Security Practices
Concerns About Physical AccessDoors, Locks, and GuardsOpen Firmware PasswordLogin WindowScreen LockingSystem Preferences LockingDual Booting and the Classic EnvironmentClassic and Mac OS 9Dual Booting DangersStaying Current with Mac OS XUser Accounts and Access ControlFilesystem EncryptionSummary
4. What Is This UNIX Thing?
The Command Line InterfaceCommand Line AccessCommand Line SecurityDirectories, Permissions, and File OwnershipFile Security and PermissionsSpecial File PermissionsSet User IDSet Group IDSticky BitsHidden File FlagsHow to Modify Permissions and OwnershipUsing chmodUsing chown and chgrpUsing chflagsUsing Get Info to Modify PermissionsCommon UNIX Commandstoppskill and killalllast and whofindnetstatvopensslUNIX SecuritySUID and SGID FilesKernel Security LevelssudoManaging sudo Accesssudo Versus the su CommandSummary
5. User Applications
General Application Security ConsiderationsKeychainUsing the Keychain Access ApplicationCreating a Secure NoteManaging Access to Keychain ItemsThe Keychain Access DialogIs the Keychain Safe?Mail.app SecurityUsing SSL to Send and Receive MailUsing SSH to Send and Receive MailKeeping Mail Off the ServerStoring Mail on an Encrypted DiskUsing PGP to Encrypt EmailUsing PGP with Mail.appStoring PGP Keys on an Encrypted VolumeUsing GnuPG to Encrypt EmailDownload, Build, and Install GnuPGUsing GnuPG with Mail.appStoring GnuPG Keys On an Encrypted VolumeWeb Browser Security IssuesWeb Browsing and SSLCookie and Cache ManagementIs Accepting Cookies from Strangers Dangerous?Web Browser Cookie ConfigurationWeb Browser Cache ConfigurationSummary
III. Network Security
6. Internet Services
Web ServicesMac OS X Configuration OdditiesGeneral Security ConsiderationsRunning Apache on a Non-privileged PortPutting Apache in a JailConfiguring Authenticated AccessSSLEnabling SSL with ApacheEmail ServicesSendmailMailServiceEnabling SSL Encryption for MailServiceFTPRemote Login (SSH)Security ConsiderationsServer ConfigurationClient ConfigurationSSH TunnelsRemote Apple EventsSecurity ConsiderationsXinetdConfiguring xinetd in Mac OS XThe defaults EntryService Entries...And one more thing...Summary
7. File Sharing
WebDAV ServicesSecurity ConsiderationsSetting Up Secure WebDAV Services on Mac OS XModifying the Apache ConfigCreating the Lock FileSetting Up and Securing LocationsSetting Access PasswordsAdditional WebDAV OptionsApple File ServicesAFS Security ModelConfiguring AFS Via Server SettingsConfiguring AFS Via Workgroup ManagerSMB File ServicesSMB Security ModelsConfiguration Through Server SettingsConfiguration Through Workgroup ManagerConfiguration Through TerminalIP Access ControlVeto FilesLoggingNetwork File SystemNFS StructureConfiguring NFS Through Server SettingsConfiguring NFS Through Workgroup ManagerConfiguring NFS Through TerminalRe-Exporting Via AFSPersonal File SharingMaking Secure AFS ConnectionsSummary
8. Network Services
FirewallingUsing Built-in ToolsMac OS X ClientMac OS X ServerManually Configuring the FirewallKernel ConfigurationAlternatives to AppleVPNIPSecUnder the HoodracoonPPTPPPTP Via Internet ConnectvpndAirPort SecurityConfiguring WEPUsing LEAPStatic ARPSoftware Base StationAntivirus ProtectionCommon SenseUnknown DocumentsPreview Panes and Embedded ObjectsNetwork SharesAntivirus SoftwareSummary
IV. Enterprise Security
9. Enterprise Host Configuration
Login WindowChanging the Login Window GraphicAdding a Login BannerUsing Kerberos AuthenticationKerberosIntegrating Mac OS X Clients into a Kerberos EnvironmentUsing Kerberized Services on Mac OS X ServerSecurity Issues with Kerberos and Mac OS X ServicesRendezvousRendezvous SecuritySummary
10. Directory Services
Yet Another “The Basics”NetInfoAuthenticationAuthorizationThe _writers* PropertyThe trusted_networks PropertyData PrivacyOpen DirectoryConnecting Mac OS X to an Open Directory ServerAuthenticationAuthorizationData PrivacyMore Fun with Directory AccessAppleTalkBSD Configuration FilesLDAPv2LDAPv3NetInfoRendezvousSLPSMBSummary
V. Auditing and Forensics
11. Auditing
The Importance of LoggingGeneral ConsiderationsThe Importance of TimePermissions and AccessLog RotationLog Archives and Secure StorageLogging Options and ConfigurationSyslogIsolating SSH MessagesIsolating sudo MessagesIsolating xinetd Server MessagesLogging Network ServicesAFSFTPWindows File Sharing (SMB/CIFS)Print ServicesMail ServicesApacheDNSDHCP and SLPQuickTime Streaming ServerSoftware UpdateDirectoryServiceWatchdogCrashReporterMonitoring LogsThe BasicsRoutine AuditsCommand Line ToolsAutomated Monitoring and Notification with swatchInstalling swatchswatch ConfigurationLog Location ReferenceSummary
12. Forensics
An Overview of Computer ForensicsAcquisitionAnalysisOsirisGeneral Security ConsiderationsInstalling OsirisConfiguring and Automating OsirisUsing Osiris to Monitor SUID FilesUsing scaleForensic Analysis with TASKOverview of TASKGetting the DataAnalysis with TASKAnalyzing the FilesystemLooking at TimestampsSummary
13. Incident Response
What Does Incident Response Mean to You?Incident Response Life CyclePreparationAsset IdentificationEscalation ProceduresChain of CustodyTechnical ProcedureDetectionAccurate AssessmentQuick and Fully Contained ResponseFeedbackDetection and AssessmentMinimizing ChangePoint PersonResponseIsolating the SystemBacking Up the SystemVulnerability Assessment and MitigationSystem and Service RestorationPostmortemSummary
VI. Appendixes
A. SUID and SGID Files
SUID FilesSGID Files
B. Common Data Security Architecture
Benefits of the CDSACDSA Structural OverviewAdd-in ModulesCommon Security Services Manager (CSSM)Security ServicesApple’s CDSA Security ServicesA Note to Developers
C. Further Reading
Chapter 1—Security FoundationsChapter 2—InstallationChapter 3—Mac OS X Client General Security PracticesChapter 4—What Is This UNIX Thing?Chapter 5—User ApplicationsChapter 6—Internet ServicesChapter 7—File SharingChapter 8—Network ServicesChapter 9—Enterprise Host ConfigurationChapter 10—Directory ServicesChapter 11—AuditingChapter 12—ForensicsChapter 13—Incident Response

Content preview from Mac® OS X Security

Chapter 12. Forensics

	“Only strong characters can resist the temptation of superficial analysis.”
	--Albert Einstein

Sometimes logging isn’t enough; it can fail, or it can be incomplete, or it can be compromised. Sometimes it is simply too late by the time someone reads the log. And other times bad things just happen. That is where forensics comes in, giving users the capability to take snapshots of the forest before the tree falls, as well as allowing them to search the underbrush for fallen trees.

In this chapter we give you an overview of forensics and show how some open source tools can be used to monitor filesystem integrity and the options available for analyzing hard disk data in a postmortem situation.

An Overview of Computer Forensics

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0735713480Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Mac® OS X Security

by Bruce Potter, Preston Norvell, Brian Wotring

Chapter 12. Forensics

An Overview of Computer Forensics

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.