Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS X Maximum Security

Posted by timothy on from the then-he'd-have-to-kill-you dept.

honestpuck writes "Security has long been a concern for Unix administrators who find themselves connected to the sometimes dark and dirty world of the Internet. With the advent of personal operating systems with file sharing, remote login and built-in web servers, and the spread of broadband networks with their always-on connectivity, it should now be a concern for everyone." Specifically, honestpuck is talking here about Mac OS X; read on for his review of Sams Publishing's Mac OS X Maximum Security. Mac OS X Maximum Security author John Ray and William C Ray pages 768 publisher Sams rating 7 reviewer Tony Williams ISBN 0672323818 summary Comprehensive but sometimes long winded book that covers securit on your Mac well

It really didn't concern me until one day when I was checking the logs on my Mac OS X box while developing a web app and discovered dozens of entries from all over the globe probing my box to see if it was an insecure IIS server. I then decided I needed to pay attention to security alerts and the help of a book like Macintosh OS X Maximum Security to help me understand and fix any holes.

The Good

The book is divided into four sections. Part 1 is about learning to think about security, covering such topics as physical security and protection from your users and bad guys. Part II, 'Vulnerabilities and Exposures,' covers the various sorts of attack such as password attacks, trojans and worms, sniffers and spoofing. Part III, 'Specific Mac OS X Resources and How To Secure Them,' covers just that, the various servers such as FTP, mail, Apache and SSH and how to go about making them safe. The final part covers attack prevention, detection, reaction and recovery with topics such as firewalls, alarm systems, logs and disaster planning.

Macintosh OS X Maximum Security is a large, extremely comprehensive volume. For the average person who wants to protect a small home network the information it provides is probably overkill. To make matters worse, the style is fairly verbose, particularly in the first section. Of course, if you want to secure a company network then you may need to know all the information -- and so all this background material is useful, if only so you can reach the right level of paranoia and suspicion.

The book is not a 'recipe' book that tells you "take these steps and you will have a secure machine"; rather it takes you through the possible holes and how to fix them. This approach seems much better for security, since it teaches you a respect for the places you have to open up and a methodical approach to doing so that will hopefully carry over beyond the specifics addressed. Any recipe is bound to have flaws since the operating system and the services are all changing, I'm hoping the methods and style this book have imparted to me will last beyond any changes.

The book also deals well with all the Macintosh-specific stuff, informing you well about such topics as Rendezvous, Apple Remote Desktop, using NetInfo and the like. One aspect that isn't well covered is Airport; securing an 802.11 network is barely touched on.

The Bad

The information provided in all areas of the book is quite detailed, and includes many links to further places to look for more (and more recent) information. Once again, for a book in an ever-changing field like security, this is a huge benefit. I would have appreciated some sort of a small website devoted to the book with the links mentioned gathered together and perhaps some notes on how things may have changed since the book's publication. Unfortunately the Sams Publishing site has a broken link to the book and while the authors say "we are creating a security section for the www.macosxunleashed.com website," no such section exists as I was writing this review. Frankly I am disappointed at this, I think with a book on this sort of topic it behooves either the publisher or author to provide a place for errata, discussion and notes. The best you can do is go to Amazon where you can see the Table of Contents and one chapter. [Ed. Note: The site's errata section is currently up and running.]

My only real complaint with the book itself is the huge size, and the long-winded nature of some of the material. I found the first two sections in particular almost tedious and definitely lecturing in tone. I would have rated this book higher if the editors at Sams had taken a large red pencil to slabs of the first section. Overall, I'd say that while not a 'must buy,' this book will have to do till I find something better, and I expect to loan my copy to several friends.

You can purchase Mac OS X Maximum Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

14 of 154 comments (clear)

  1. max security??? by stonebeat.org · · Score: 0, Funny

    doesn't that mean turning off the power to computer, and deassembling it, and taking apart the HardDrive so that no data is recoverable?

    --


    Consensus is good, but informed dictatorship is better
  2. XXXXX Maximum Security by Anonymous Coward · · Score: 5, Funny

    We need more of these. And more people to read them. How about Outlook Maximum Security?

    1. Re:XXXXX Maximum Security by the+MaD+HuNGaRIaN · · Score: 3, Funny

      I was working on my manuscript for "DCOM Maximum Security", but then my computer told me it was going to reboot because the RPC service terminated unexpectedly--and I lost all my work.

    2. Re:XXXXX Maximum Security by artemis67 · · Score: 3, Funny

      It would be a very short book. The first (and only) page would read, "Use Thunderbird instead."

  3. Oddly enough.. by cK-Gunslinger · · Score: 3, Funny

    .. when I think of OS X "Maximum Security", I can help but to think of the translucent plastic jail cell they kept Magneto in.

  4. [In]Secure IIS server? by cant_get_a_good_nick · · Score: 3, Funny

    and discovered dozens of entries from all over the globe probing my box to see if it was an insecure IIS server.

    Maybe they were looking for a secure IIS server. Ripley's "Believe it or not" is starting production again, maybe they needed material?

  5. Re:Question by Halo1 · · Score: 4, Funny
    I've read a few articles describing certain features that it has (ease of use and gee-whiz stuff) that sounded to me like a potential vulnerability.

    It seemed that a lot of these things were enabled by default and wide open.
    The ease of use and gee-whiz stuff is indeed enabled by default and wide open. All network services (ssh, ftp, samba, apple filesharing, printer sharing aka cups, ...) are disabled by default though.
    --
    Donate free food here
  6. No information please, we use Linux by Anonymous Coward · · Score: 3, Funny
    The Bad

    The information provided in all areas of the book is quite detailed, and includes many links to further places to look for more (and more recent) information

    Yes, that is quite bad. How dare they provide information in a book. They should have buried it all in a HOWTO with the wrong name on an obscure website.

  7. Re:The only secure Apple system by Anonymous Coward · · Score: 1, Funny
    OS Joke Cliche Alert:

    WARNING: The preceeding post has violated the OS Joke Cliche rule. This "joke" has taken the form of a cheap shot towards a familiar OS without any supporting detail substantiating the claim (possibly ruining the "joke"). In fact, the lack of supporting data causes the "joke" to be increasingly unfunny.

    This particular "joke" relied on the following unsubstantiated data:

    (___) Linux/Windows/OSX users are better than other users
    (_X_) Linux/Windows/OSX is better than other operating systems
    (___) Windows crashes all the time
    (___) Microsoft spelled "Micro$oft" or "M$"
    (___) Microsoft is out to get you
    (___) Linux users are a bunch of smelly hippies

  8. Redundancy by happyfunstuff · · Score: 3, Funny

    and discovered dozens of entries from all over the globe probing my box to see if it was an insecure IIS server

  9. Re:morons continue pummelling dead whores by Anonymous Coward · · Score: 1, Funny

    morons continue pummelling dead whores

    Nah, I think we'll leave your mother out of it this time.

  10. Re:this book doesn't sound too useful by daeley · · Score: 4, Funny

    Ooooh, 192.168.1.103 is a vulnerable Windows box! Time for some hacking! I'll show asv108 who's....

    What the--

    --
    I watched C-beams glitter in the dark near the Tannhauser gate.
  11. Re:this book doesn't sound too useful by Anonymous Coward · · Score: 1, Funny

    Nmap run completed -- 1 IP address (1 host up) scanned in 20.910 seconds

    Nmap run completed -- 1 IP address (1 host up) scanned in 0.357 seconds

    HA HA !! Look how long it took to scan the OS X box! Macs SUCK!

    :-) <-this means I'm joking, dear moderator

  12. Re:How secure can it be if it's PROPRIETARY? by NaugaHunter · · Score: 2, Funny

    I think their business is being hurt a lot by being built around the need to sell their proprietary hardware.

    So, their business of selling hardware is being hurt by their need to sell hardware? No wonder they're always beleaguered.

    --
    R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.