Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/4/2008
11:17 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

OS X Lockdown

I just finished reviewing Apple's Mac OS X Security Configuration for Version 10.5 Leopard guide. Anyone who is interested in keeping the 10.5 installation secure should take a look.

I just finished reviewing Apple's Mac OS X Security Configuration for Version 10.5 Leopard guide. Anyone who is interested in keeping the 10.5 installation secure should take a look.The 240-page PDF is more of a book than a guide. And while it's aimed at the more technically inclined, there is some good advice for the average user. The guide is available here. If you haven't made the move up from Tiger or Panther, those guides also are available.

The guide starts off with an overview of the Mac OS X security architecture: open source kernel, secure default settings, access permissions, and so forth. Some useful tips for those new to the Mac include chapter 2, which covers in detail a secure OS X installation. There's also a number of useful security checklists on page 207, Appendix A. While some of the advice makes use of the OS command line, average users don't need to, and shouldn't, go that deep. There's plenty you can do to harden the average user's system from the standard GUI.

For instance, the guide advises using a removable storage device when it comes to managing passwords in the keychain. I use a USB for my keychain, and I keep a backup handy as well.

Since so many attacks today are aimed at the application level, the following instructions from the guide are good advice for anyone:

  • Accept only applications from known and trusted sources.

  • Run an antivirus program if you find suspicious files or applications, or if you notice unusual behavior on your computer.

  • To reduce the amount of exposure to harmful applications or files, limit the number of administrator accounts you create. Consider creating a user account for your daily work and then use an administrator account only when you need to install software or administer accounts.

  • If you enabled the root user and you don't need it, disable it.

  • Mac OS X comes equipped with a number of great security tools, such as the Application Firewall, FileVault for encryption, and easily establishing administrator and nonadministrator accounts. This guide explains it all.

    Comment  | 
    Print  | 
    More Insights
    Comments
    Threaded  |  Newest First  |  Oldest First
    Why Vulnerable Code Is Shipped Knowingly
    Chris Eng, Chief Research Officer, Veracode,  11/30/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-16123
    PUBLISHED: 2020-12-04
    An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by...
    CVE-2018-21270
    PUBLISHED: 2020-12-03
    Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
    CVE-2020-26248
    PUBLISHED: 2020-12-03
    In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
    CVE-2020-29529
    PUBLISHED: 2020-12-03
    HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.
    CVE-2020-29534
    PUBLISHED: 2020-12-03
    An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.