I will be the first to admit that I am primarily a Windows and Linux user. Not that I don’t like Macs, but the majority of my client base is single platform on the desktop (Windows) and either Windows or Linux servers.
My lack of exposure to Macs, and subsequent lack of OS X-specific security understanding was made apparent to me this past week when I met with a large new educational client that was previously 95% Mac on the desktop. Now they are down to about 50-50 Mac/PCs with a new mandate to become single platform, meaning converting from OS X to strictly Windows on the desktop.
I’m going to be making recommendations that will help this migration process, but in the meantime I have to make an assessment of their existing network and computing infrastructure, including down to the desktop level. One of the assessment items includes workstation security, and like I said before, this is a major hole in my IT skillset, so I’m taking a crash course in OS X security this week.
I wanted to find a few online resources to prep with before I jumped head on into this project. I know no one can become a security guru in a week, but everyone has to start somewhere. I’m hoping my Linux security background will make digesting the OS X security information easier, but that is to be seen.
Here’s some of the resources I’ve found online that others may find usefull:
- Securing Leopard by Sebastien at secure thoughts
- Securing Leopard Quick Checklist by Sebastien at secure thoughts
- Securing Mac OS X (Tiger) by Stephen at Corsaire
- Apple Mac OS X v10.3.x “Panther” Security Configuration Guide by the NSA
- Keeping your Mac locked down: a Mac OS X security primer by Erik at Arstechnica.com
- Mac OS X Security Configuration Guide (Tiger) by Apple
- Mac OS X Server Security Configuration Guide (Tiger) by Apple
- Client Security Configuration Guide (Panther) by Apple
- Server Security Configuration Guide (Panther) by Apple
- Common Criteria Configuration and Administration Guide Setting up and administrating the Common Criteria configuration using Mac OS X or Mac OS X Server by Apple
I’ve also ordered Foundations of Mac OS X Leopard Security by Charles Stephen Edge Jr.
{ 2 comments… read them below or add one }
Hi Julie,
Just noticed your reference in your post. Hope my Securing Leopard article was a helpful primer into the world of OSX security. In actual fact you’ll find that securing an OSX system to a higher level doesn’t require too much additional effort. The next level up is using the usual access control mechanisms, and depending on how their Mac infrastructure is set up, the management of their identity and access management. In the end a good all-round security frame of mind will be more useful than in-depth knowledge of securing the OSX platform.
It’s too bad to hear that they’re migrating away from OSX instead of towards it, but oh well, you win some, you lose some
If you’d like any additional help or info, please feel free to visit the Securethoughts Forums (http://www.securethoughts.net/forum/) where any security and OSX-related topics are welcome.
Sincerely,
Sebastien
Hi Julie,
Just a quick note to let you know that we have released the updated guide to securing Leopard.
It is available from:
http://research.corsaire.com/whitepapers/technical.html
Or directly at:
http://research.corsaire.com/whitepapers/080818-securing-mac-os-x-leopard.pdf
Regards,
Glyn.