Mac OS X Maximum Security

honestpuck writes "Security has long been a concern for Unix administrators who find themselves connected to the sometimes dark and dirty world of the Internet. With the advent of personal operating systems with file sharing, remote login and built-in web servers, and the spread of broadband networks with their always-on connectivity, it should now be a concern for everyone." Specifically, honestpuck is talking here about Mac OS X; read on for his review of Sams Publishing's Mac OS X Maximum Security.

Mac OS X Maximum Security
author	John Ray and William C Ray
pages	768
publisher	Sams
rating	7
reviewer	Tony Williams
ISBN	0672323818
summary	Comprehensive but sometimes long winded book that covers securit on your Mac well

It really didn't concern me until one day when I was checking the logs on my Mac OS X box while developing a web app and discovered dozens of entries from all over the globe probing my box to see if it was an insecure IIS server. I then decided I needed to pay attention to security alerts and the help of a book like Macintosh OS X Maximum Security to help me understand and fix any holes.

The Good

The book is divided into four sections. Part 1 is about learning to think about security, covering such topics as physical security and protection from your users and bad guys. Part II, 'Vulnerabilities and Exposures,' covers the various sorts of attack such as password attacks, trojans and worms, sniffers and spoofing. Part III, 'Specific Mac OS X Resources and How To Secure Them,' covers just that, the various servers such as FTP, mail, Apache and SSH and how to go about making them safe. The final part covers attack prevention, detection, reaction and recovery with topics such as firewalls, alarm systems, logs and disaster planning.

Macintosh OS X Maximum Security is a large, extremely comprehensive volume. For the average person who wants to protect a small home network the information it provides is probably overkill. To make matters worse, the style is fairly verbose, particularly in the first section. Of course, if you want to secure a company network then you may need to know all the information -- and so all this background material is useful, if only so you can reach the right level of paranoia and suspicion.

The book is not a 'recipe' book that tells you "take these steps and you will have a secure machine"; rather it takes you through the possible holes and how to fix them. This approach seems much better for security, since it teaches you a respect for the places you have to open up and a methodical approach to doing so that will hopefully carry over beyond the specifics addressed. Any recipe is bound to have flaws since the operating system and the services are all changing, I'm hoping the methods and style this book have imparted to me will last beyond any changes.

The book also deals well with all the Macintosh-specific stuff, informing you well about such topics as Rendezvous, Apple Remote Desktop, using NetInfo and the like. One aspect that isn't well covered is Airport; securing an 802.11 network is barely touched on.

The Bad

The information provided in all areas of the book is quite detailed, and includes many links to further places to look for more (and more recent) information. Once again, for a book in an ever-changing field like security, this is a huge benefit. I would have appreciated some sort of a small website devoted to the book with the links mentioned gathered together and perhaps some notes on how things may have changed since the book's publication. Unfortunately the Sams Publishing site has a broken link to the book and while the authors say "we are creating a security section for the www.macosxunleashed.com website," no such section exists as I was writing this review. Frankly I am disappointed at this, I think with a book on this sort of topic it behooves either the publisher or author to provide a place for errata, discussion and notes. The best you can do is go to Amazon where you can see the Table of Contents and one chapter. [Ed. Note: The site's errata section is currently up and running.]

My only real complaint with the book itself is the huge size, and the long-winded nature of some of the material. I found the first two sections in particular almost tedious and definitely lecturing in tone. I would have rated this book higher if the editors at Sams had taken a large red pencil to slabs of the first section. Overall, I'd say that while not a 'must buy,' this book will have to do till I find something better, and I expect to loan my copy to several friends.

---

You can purchase Mac OS X Maximum Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Question

[devphaeton]

Any UNIX admins messed around wit OS X?

How secure is it, how secure can it be?

I've read a few articles describing certain features that it has (ease of use and gee-whiz stuff) that sounded to me like a potential vulnerability.

It seemed that a lot of these things were enabled by default and wide open.

I seriously hope this isn't the case. Apple's better than that, right?

I'm not trolling, i'm asking sincerely. With all the "OS X IS UNIX(tm)!!!" fanfare loudly touted in the press, i'd hate to see a major outbreak of compromised OSX machines to blacken the name of all things *nix.

Bottom line: If you're on the internet, paying attention to security is mandatory. Regardless of platform.

this book doesn't sound too useful

[kaan]

From the origial post:

It really didn't concern me until one day when I was checking the logs on my Mac OS X box while developing a web app and discovered dozens of entries from all over the globe probing my box to see if it was an insecure IIS server.

I think that pretty much sums it up - IIS can easily be insecure, just like the rest of the Windows world. But why does that mean that the Mac's web server (Apache) should be a cause for concern?

I've been using OS X for about a year and a half, and I don't see how a "Mac specific" book on security is worth the cash outlay. Sure, there are pretty UI widgets to interface with things like Apache, ipfw, the ftp server, etc., and a how-to book might be useful for a novice. But I don't see why a book like this will distinguish itself given that most of the real security info is way more Unix-centric that it is Mac-centric.

From what I recall, most of the OS X system defaults were set to reasonable, fairly secure settings, unlike Windows where a basic install will leave a zillion services running on your machine, all of which are listening to the outside world, exposing some heinous portion of the OS to components that have no right messing with it in the first place.

Are you daft?

[goombah99]

your're kidding right? using a database rather than spewing custom format poorly documented text config files, how is that not an imporvement?. the data base allows reporducible installs and uninstalls, extensibility, remote admin, and automated scripting that hand edited text files could never be counted on to perform reilably (e.g. I edit a config script and now my custom perl sys admin tool cant properly edit it). also apparently you are not aware that the apple system does support most of the test based config files as an extention to netinfo and that using nidump and niload you can workd with the data base in those formats if you cant figure out how to use a database. finally even apple is relegating netinfo to the past and moving on to ldap like systems.

X11 is not a modern windows system. and its not approriate to the apple model either with all its hidden text file tweaks. In use its pretty good but quartz is much better it would appear (I only can observe the finished product not the nuts and bolts).

as for mach-O they have laready proven their worth in the seemless portability of next code across multiple platforms and cpu. ELF was not as mature as it is now when NeXT was derived from BSD, so its not a evil conspiracy but a rational choice they made to free themselves to make a seemless platform without having to keep it compatible with a hodgepodge of non standard ELF binaries. why should apple abandon a proven success now.

OS X: off to a pretty good start

[gobbo]

Just came through the ms.blaster anxiety pox without a drop of sweat, as we're using OS X and one win98 box [now I'm glad that IT was too incompetent to put win2K on it...]. It got me thinking about the last time I saw a mac virus, oh, about 11 years ago, and how easy it was to fix with freeware by John Norstad [northwestern.edu], and about the "Crack a Mac" contest [wired.com] in '97. Things were pretty secure on classic macs. Now, I still feel pretty secure, indicated by the way the gloating bubbled up when I warned compadres to lock down their XP boxes. I'm happy to see that built-in firewall loaded, when I occasionally reboot, and there's always snort if I get paranoid--plus all the other *nixy goodness.

When I received one box back from servicing today, a botched update completed itself upon booting, and a warning came up that a particular video driver file may be compromising the OS's security, did I want to fix and use, not use, or just use it? Nice. All I have to do is run software update. I want more of that caution built in, but as things stand, keep it up Cupertino.

a very good question

[SweetAndSourJesus]

I think OS X is fairly secure because it's easy to secure.

Apple releases security updates [apple.com] fairly quickly, and their Software Update system makes them available and easy to install for the average user. If I recall correctly, Mac OS X defaults to checking for updates weekly. Installation of updates may require an administrator password, but other than that it's as simple as a couple of clicks.

With my FreeBSD system, I subscribe to freebsd-security-notifications to keep abreast of updates. Knowing when updates are available and knowing how to apply them is probably beyond the average user's ability.

Depends on what kind of "security" you need

[caveat]

I've read a few articles describing certain features that it has (ease of use and gee-whiz stuff) that sounded to me like a potential vulnerability.

It seemed that a lot of these things were enabled by default and wide open.

Of course they are, OS X is primarily a /desktop/ system. Ill bet that OS X Server is a hell of a lot more secure out-of-the-box, but as far as desktop usability goes, I doubt its half the system plain X is. Security and usabilty are a hard balance to strike (believe me, just setting up a sandboxed guest account for Windows idiots who fsck things up while keeping my account carte blanche is challenge enough), and I dont think Apple really has the time to make sure X is really secure, or X Server is really usable as a desktop OS.

That said, everybody does need to keep some level of control over their systems - I keep all my "sensitive" data double-encrypted (AES disk images are so handy), keep my ports controlled, check my logs, dont use telnet or allow anon FTP, yadda yadda. Of course, Im more computer-savvy (or OS X savvy at least) than most, maybe if you or some other admins can dink around a little and write a little script or app that asks you what services and features you want, then locks down the box accordingly..

(Oh, BTW, a lot of the gee-whiz features arent as vulnerble as they sound - the Keychain, for example, uses strong encryption and only allows access by a single service. Yes, it unlocks when you login, but if somebody has your login password, you have bigger things to worry about. Of course, you need to be careful what apps you allow access to the keychain, but its not inherently insecure.)

Use OS9 for secure server NOT OSX! Its 100% secure

[Anonymous Coward]

Forget this book. Use OS9 for a secure server NOT OSX! Its 100% secure according to the massive BugTraq (SecurityFocus) exploit database.

Thats why many universities, and military websites used mac OS9. OS9 has never had an exploit, while OSX has had at least over 35 or so documented exploits.

It is a concrete fact that that no MacOS based webserver has ever been hacked into in the history of the internet.

The MacOS running WebStar and other webservers as has never been exploited or defaced, and are are unbreakable based on ample historical evidence.

In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac (classic Mac OS) exploited over the internet remotely. Scan it yourself, though I believe an uncommon 3rd party mac product from 1995 or so had one exploit.

I am not talking about FreeBSD derived MacOS X (which already had a more than a 35 exploits and potential exploits in BugTraq) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.

Why is is hack proof? These reasons :

1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"

2> No Root user. All mac developers know their code is always running at root. Not hing is higher (except undocumented microkernel stufff where you pass Gary Davidians birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator.

4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.

5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs to be present. Typically JPEG, HTML, MPEG, TXT, ZIP, C, etc are merely data files and lack resource fork files, and even if the y had them they would lack launch information. but the best part is that mac web programs and server tools do not create files with resource forks usually. TOTAL security.

4> Stack return address positioned in s afer location than some intel OSes. Buffer exploits take advantage of loser programmers lack of string length checking and clobber the return address to run thier exploit code instead. The Mac compilers usually place return address in front or out of context of where the b

Re:Security is a Myth.

[cant_get_a_good_nick]

True, nothing is totally secure, but MacOS <= 9.x was pretty secure. Simply because it had no services. For a long time, macs were relatively uncommon on the internet. No exposure, no risk. Even when they did come online, mac had no exploitable command shell. The closest thing would be AppleScript, and i never heard of any exploits for it. Part of it may be the fact that you have to construct and manipulate objects, not just hand some command line text off to a shell, part of it due to the fact that exploit code on PowerPCs is a lot harder to write than for x86 (or 68K for that matter).

For years, mac viruses numbered in the in the tens while viruses for Windows numbered in the thousands. It was just harder to write good mac viruses, the barrier to entry was higher. In fact, there were so few viruses, the only needed anti-virus code was developed and maintainmed by a single person (go stomping foot!!).

Now that MacOS has entered the 90s (protected memory, an actual VM, preemptive multitasking) by using a descendent of the 70s (UNIX) a wakeup call for some folks is needed. The chance for work exploits is there (the apache worm) but they'll be insulated somewhat by the fact people will target x86 first, and that Apple has been fairly good about security updates.

Re: Mac 6.6 times more common than linux

[Anonymous Coward]

http://www.thecounter.com/stats/2003/May/os.php

Mac 6.6 times more common than linux measured by millions of browsers. (no one spoofs os, though some spoof browser brand).

1. Win 98 15416286 (40%)
2. Win 2000 11518338 (30%)
3. Win XP 7329054 (19%)
4. Win NT 1140924 (2%)
5. Mac 881868 (2%)
6. Win 95 844872 (2%)
7. Unknown 565197 (1%)
8. Win 3.x 188799 (0%)
9. Linux 132828 (0%)
10. WebTV 58173 (0%)
11. Unix 23838 (0%)
12. Win ME 10638 (0%)
13. OS/2 2118 (0%)
14. Amiga 648 (0%)

mac has been 7 times more popular than linux every years since 1995.

google knows this, as does www.thecounter.com

and now, so do you!

The us military uses mac os for webservers because Macintosh OS 9.x and earlier has never had a sinlge know exploit, while linux has had over 400 discovered exploits. Also the military websites were rooted no less than 3 times when running other non-apple osses.

Not flame : Mac OS9 100% secure not OSX

[Anonymous Coward]

This valuable post in a larger form was recently downrated a flame by a linux zealot so I repost it here in verycondensed form with nothing but DATA and Informative post info. There is no reason to moderate down informative posts. To not be termed a "flame" I request that no one reply to my post. therefore it is not a troll by the DEFINITION of "troll".

It is a concrete fact that that no MacOS based webserver has ever been hacked into in the history of the internet.

The MacOS running WebStar and other webservers as has never been exploited or defaced, and are are unbreakable based on ample historical evidence.

In fact in the entire SecurityFocus (BugTraq) database history there has never been a Mac (classic Mac OS) exploited over the internet remotely. Scan it yourself, though I believe an uncommon 3rd party mac product from 1995 or so had one exploit.

I am not talking about FreeBSD derived MacOS X (which already had a more than a 35 exploits and potential exploits in BugTraq) I am talking about current Mac OS 9.x and earlier which are highly sophisticated abstract-OS models.

Why is is hack proof? These reasons :

1> No command shell. No shell means no way to hook or intercept the flow of control with many various shell oriented tricks found in Unix or NT. Apple uses an object model for procces to process communication that is heavily typed and "pipe-less"

2> No Root user. All mac developers know their code is always running at root. Not hing is higher (except undocumented microkernel stufff where you pass Gary Davidians birthday into certain registers and make a special call). By always being root there is no false sense of security, and programming is done carefully.

3> Pascal strings. ANSI C Strings are the number one way people exploit Linux and Wintel boxes. The mac avoids C strings historically in most of all of its OS. In fact even its roms originally used Pascal strings. As you know pascal strings are faster than C (because they have the length delimiter in the front and do not have to endlessly hunt for NULL), but the side effect is less buffer exploits. Individual 3rd party products may use C stings and bind to ANSI libraries, but many do not. In case you are not aware of what a "pascal string" is, it usually has no null byte terminator.

4> Macs running Webstar have ability to only run CGI placed in correct directory location and correctly file "typed" (not mere file name extension). File types on Macs are not easily settable by users, expecially remotely. Apache as you know has had many problems in earlier years preventing wayward execution.

5> Macs never run code ever merely based on how a file is named. ".exe" suffixes mean nothing! For example the file type is 4 characters of user-invisible attributes, along with many other invisible attributes, but these 4 bytes cannot be set by most tool oriented utilities that work with data files. For example file copy utilities preserve launchable file-types, but JPEG MPEG HTML TXT etc oriented tools are physically incapable by designof creating an executable file. The file type is not set to executable for hte hackers needs. In fact its even more secure than that. A mac cannot run a program unless it has TWO files. The second file is an invisible file associated with the data fork file and is called a resource fork. EVERY mac program has a resource fork file containing launch information. It needs to be present. Typically JPEG, HTML, MPEG, TXT, ZIP, C, etc are merely data files and lack resource fork files, and even if the y had them they would lack launch information. but the best part is that mac web programs and server tools do not create files with resource forks usually. TOTAL security.

4> Stack return address positioned in s afer location than some intel OSes. Buffer exploits take advantage of loser programmers lack of string length checking and clobber the return address to run thier exploit code instead. The Mac compilers usually place ret