Chapter 20. Introduction to Mac OS X Server Security

In This Chapter

  • Hardening local

  • server security

  • Securing user data

  • Securing shared data

  • Securing transports with encryption

  • Securing applications and preferences

Mac OS X Snow Leopard Server builds on its highly regarded Unix foundation with a variety of software packages that are openly available to third-party security vetting.

Apple's operating system also incorporates some of the latest technology in the field of security hardening, including:

  • Sandboxing, based on TrustedBSD's Mandatory Access Control (MAC) framework, to lock down the permissions of specific processes

  • Application signing by using public-key signatures to help identify when code has been tampered with and to block maliciously altered code from inheriting the permissions of the original application

  • Address Space Layout Randomization (ASLR), a feature that makes it much more difficult for malicious code to predict useful memory addresses to target

  • Support for Non-eXecutable (NX) CPU enforcement that blocks exploits from injecting malicious executable code into memory and tricking the application to run it as it if were its own instructions

Besides the security features built into the operating system, there are a variety of security issues that only the user can address. No amount of software security can prevent a disgruntled employee from opening up a server and physically stealing its hard drive storage.

Similarly, nothing in the operating system can prevent a stack of ...

Get Snow Leopard™ Server now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.