Chapter 20. Introduction to Mac OS X Server Security
In This Chapter
Securing user data
Securing shared data
Securing transports with encryption
Securing applications and preferences
Mac OS X Snow Leopard Server builds on its highly regarded Unix foundation with a variety of software packages that are openly available to third-party security vetting.
Apple's operating system also incorporates some of the latest technology in the field of security hardening, including:
Sandboxing, based on TrustedBSD's Mandatory Access Control (MAC) framework, to lock down the permissions of specific processes
Application signing by using public-key signatures to help identify when code has been tampered with and to block maliciously altered code from inheriting the permissions of the original application
Address Space Layout Randomization (ASLR), a feature that makes it much more difficult for malicious code to predict useful memory addresses to target
Support for Non-eXecutable (NX) CPU enforcement that blocks exploits from injecting malicious executable code into memory and tricking the application to run it as it if were its own instructions
Besides the security features built into the operating system, there are a variety of security issues that only the user can address. No amount of software security can prevent a disgruntled employee from opening up a server and physically stealing its hard drive storage.
Similarly, nothing in the operating system can prevent a stack of ...