Maximum Mac OS X Security

John Ray is an award-winning developer and technology consultant with more than 17 years of programming and network administration experience. He has worked on projects for the FCC, The Ohio State University, Xerox, and the State of Florida, as well as serving as IT Director for a Columbus, Ohio¿based design and application development company. John currently serves as Senior System Developer/Engineer for The Ohio State University Extension and provides network security and intrusion detection services for clients across the state and country. His first experience in security was an experimental attempt to crack a major telecom company. Although he was successful, the resulting attention from individuals in trench coats made him swear off working on the "wrong side" of the keyboard forever. John has written or contributed to more than 12 titles currently in print, including Mac OS X Unleashed and Maximum Linux Security. Dr. William Ray is a mathematician turned computer scientist turned biophysicist who has gravitated to the field of bioinformatics for its interesting synergy of logic, hard science, and human-computer-interface issues. A longtime Macintosh and Unix enthusiast, Will has owned Macs since 1985, and has worked with Unix since 1987. Prior to switching his professional focus to the biological sciences, Will spent five years as a Unix programmer developing experimental interfaces to online database systems. He left this position when his desktop workstation was cracked, then used to attack other businesses' computers. The incompetence of his employer's system administrators resulted in his being accused of perpetrating the attacks, and a series of visits from the men in trenchcoats, nice suits, and dark glasses for him as well. As a result, Will has developed an enduring disgust for employers, system administrators, and users who don't take system security, and their responsibilities with respect to it, seriously. Shortly after migrating to biophysics, Will developed a Macintosh and Unix-based computational biology/graphics laboratory and training center for The Ohio State University's College of Biological Sciences. At the facility, which he managed for five years, Will introduced hundreds of students and faculty to Unix, and provided training and assistance in the development of productive computing skills on the paired Macintosh and Unix platforms. Will is currently an Assistant Professor of Pediatrics at the Columbus Children's Research Institute, Children's Hospital in Columbus, Ohio, and the Department of Pediatrics, The Ohio State University, where he is studying tools that work at the interface between humans, computers, and information, and working to build a core computational research and training facility for his institute.

Introduction.
I. MAC OS X SECURITY BASICS: LEARNING TO THINK SECURE.



1. An Introduction to Mac OS X Security.
What Is Security? Traditional Mac OS Versus Mac OS X. Understanding the Threat. Summary.

2. Thinking Secure: Security Philosophy and Physical Concerns.
Physical System Vulnerabilities. Server Location and Physical Access. Server and Facility Location. Physical Access to the Facility. Computer Use Policies. Physical Security Devices. Network Considerations. Summary.

3. People Problems: Users, Intruders, and the World Around Them.
Your Users: People with Whom You Share Your Computer. The Bad Guys: People Who Would Do Your System Harm. Everybody Else. Summary.
II. VULNERABILITIES AND EXPOSURES: HOW THINGS DON¿T WORK, AND WHY.




4. Theft and Destruction of Property: Data Attacks.
Keeping Data Secret: Cryptography, Codes, and Ciphers. Data-Divulging Applications. Steganography and Steganalysis: Hiding Data in Plain Sight, and How to Find and Eliminate It. Summary.

5. Picking Locks: Password Attacks.
Typical Password Mechanisms. Testing Password Security. Improving Password Security, and Alternatives to the Standard Password Mechanisms in Mac OS X. Summary.

6. Evil Automatons: Malware, Trojans, Viruses, and Worms.
Defining Software Behavioral Space. Malware. Malware Threats. Solving the Problem. Summary.

7. Eavesdropping and Snooping for Information: Sniffers and Scanners.
Eavesdropping and Information Gathering. Monitoring Traffic with tcpdump. Sniffing Around with Ettercap. Network Surveys with NMAP. Other Information-Gathering Tools. Ethics of Information Gathering. Additional Resources. Summary.

8. Impersonation and Infiltration: Spoofing.
Spoofing Attacks. Spoofing Defenses. Summary.

9. Everything Else.
DoS. Buffer Overflows. Session Hijacking. Everything Else. Additional Resources. Summary.
III. SPECIFIC MAC OS X RESOURCES AND HOW TO SECURE THEM: SECURITY TIPS, TRICKS, AND RECIPES.




10. User, Environment, and Application Security.
Adding a New User. Using the NetInfo Database to Customize a User. Sane User Account Management. Skeleton User Accounts. Command-Line Administration Tools. Restricting User Capabilities. Summary.

11. Introduction to Mac OS X Network Services.
What Is a Network Service? Network Service Vulnerabilities. Controlling Mac OS X Network Service Processes. Protecting inetd with TCP Wrappers. Increasing Security with xinetd. Summary.

12. FTP Security.
FTP Vulnerabilities. Activating the FTP Server. Configuring the Default lukemftpd FTP Server. Setting Up Anonymous FTP. Replacing the Mac OS X FTP Server. Alternatives to FTP. Summary.

13. Mail Server Security.
Basic Vulnerabilities. Sendmail. Activating Sendmail on Mac OS X. Protecting Sendmail. Updating Your Sendmail Installation. Postfix as an Alternative. Installing Postfix. Protecting Postfix. Delivering Mail—UW IMAP. Summary.

14. Remote Access: Secure Shell, VNC, Timbuktu, Apple Remote Desktop.
What Is SSH? SSH Vulnerabilities. Vulnerabilities in telnet and rlogin. Activating SSH. Advanced SSH Features. GUI Access Methods. Summary.

15. Web Server Security.
Introducing Apache. SSL-Protected Apache. Additional Resources. Summary.

16. File Sharing Security.
Apple Filing Protocol. WebDAV. Sharing Files with Samba. Common Unix Printing System. Other Resources. Summary.
IV. PREVENTION, DETECTION, AND REACTION TO ATTACKS: HEALTH CARE AND CHECKUPS FOR YOUR MACHINE.




17. Blocking Network Access: Firewalls.
Firewalling. Built-In GUI Mac OS X Firewall Tools. Built-In Command-Line Mac OS X Firewall Tools. Firewall Hardware. Firewall Resources. Summary.

18. Alarm Systems: Intrusion Detection.
What Is Intrusion Detection? Psionic PortSentry. Snort. IDS Resources. Summary.

19. Logs and User Activity Accounting.
The Role of Logs. User Logins and Accounting. Automated Log Monitoring: LogSentry. Common System Log Changes. Summary.

20. Disaster Planning and Recovery.
What Is Disaster Recovery and Why Do You Need It? Creating a Disaster Recovery Plan. Mac OS X Backup Software. Synchronizing Files: rsync. Summary.
V. APPENDIXES.




Appendix A. Glossary.
Appendix B. Security Resources.
Appendix C. Secure Web Development.
Web Development Risks. Protecting Your Web Applications. Adding and Using suEXEC. Testing for Known CGI Vulnerabilities: Whisker. Additional Resources.

Index.