Mac OS X Maximum Security

honestpuck writes "Security has long been a concern for Unix administrators who find themselves connected to the sometimes dark and dirty world of the Internet. With the advent of personal operating systems with file sharing, remote login and built-in web servers, and the spread of broadband networks with their always-on connectivity, it should now be a concern for everyone." Specifically, honestpuck is talking here about Mac OS X; read on for his review of Sams Publishing's Mac OS X Maximum Security. Mac OS X Maximum Security author John Ray and William C Ray pages 768 publisher Sams rating 7 reviewer Tony Williams ISBN 0672323818 summary Comprehensive but sometimes long winded book that covers securit on your Mac well

It really didn't concern me until one day when I was checking the logs on my Mac OS X box while developing a web app and discovered dozens of entries from all over the globe probing my box to see if it was an insecure IIS server. I then decided I needed to pay attention to security alerts and the help of a book like Macintosh OS X Maximum Security to help me understand and fix any holes.

The Good

The book is divided into four sections. Part 1 is about learning to think about security, covering such topics as physical security and protection from your users and bad guys. Part II, 'Vulnerabilities and Exposures,' covers the various sorts of attack such as password attacks, trojans and worms, sniffers and spoofing. Part III, 'Specific Mac OS X Resources and How To Secure Them,' covers just that, the various servers such as FTP, mail, Apache and SSH and how to go about making them safe. The final part covers attack prevention, detection, reaction and recovery with topics such as firewalls, alarm systems, logs and disaster planning.

Macintosh OS X Maximum Security is a large, extremely comprehensive volume. For the average person who wants to protect a small home network the information it provides is probably overkill. To make matters worse, the style is fairly verbose, particularly in the first section. Of course, if you want to secure a company network then you may need to know all the information -- and so all this background material is useful, if only so you can reach the right level of paranoia and suspicion.

The book is not a 'recipe' book that tells you "take these steps and you will have a secure machine"; rather it takes you through the possible holes and how to fix them. This approach seems much better for security, since it teaches you a respect for the places you have to open up and a methodical approach to doing so that will hopefully carry over beyond the specifics addressed. Any recipe is bound to have flaws since the operating system and the services are all changing, I'm hoping the methods and style this book have imparted to me will last beyond any changes.

The book also deals well with all the Macintosh-specific stuff, informing you well about such topics as Rendezvous, Apple Remote Desktop, using NetInfo and the like. One aspect that isn't well covered is Airport; securing an 802.11 network is barely touched on.

The Bad

The information provided in all areas of the book is quite detailed, and includes many links to further places to look for more (and more recent) information. Once again, for a book in an ever-changing field like security, this is a huge benefit. I would have appreciated some sort of a small website devoted to the book with the links mentioned gathered together and perhaps some notes on how things may have changed since the book's publication. Unfortunately the Sams Publishing site has a broken link to the book and while the authors say "we are creating a security section for the www.macosxunleashed.com website," no such section exists as I was writing this review. Frankly I am disappointed at this, I think with a book on this sort of topic it behooves either the publisher or author to provide a place for errata, discussion and notes. The best you can do is go to Amazon where you can see the Table of Contents and one chapter. [Ed. Note: The site's errata section is currently up and running.]

My only real complaint with the book itself is the huge size, and the long-winded nature of some of the material. I found the first two sections in particular almost tedious and definitely lecturing in tone. I would have rated this book higher if the editors at Sams had taken a large red pencil to slabs of the first section. Overall, I'd say that while not a 'must buy,' this book will have to do till I find something better, and I expect to loan my copy to several friends.

You can purchase Mac OS X Maximum Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

DAILY REMINDERS

DAILY REMINDERS:

• Hillary Clinton doesn't just stand idly by...she actively works to offshore American High-Tech!
• George Bush doesn't just stand idly by...he actively works to offshore American High-Tech!
• Accused terrorist Maher "Mike" Hawash earned $357K in 2000 and $184K in 2001 which is a fuckload more than you'll ever see now that American High-Tech is being shipped to India!

BUSH = RECESSION

Look around. Is your job secure?

Re:max security???

[PaintyThePirate]

Why do you need to take apart the hard drive? Just smack it with a sledge hammer a few times and throw it in a lake.

Re:max security???

[w.p.richardson]

You forgot to take a leak on the HD after it's disassembled.

Then burn it.

Sheesh... newbies!

Re:Question

In today's news, Slashdotters vowed they would not "Take SCO's shit anymore" and decided to pull of some 'Fight Club' like anarchy acts on the offices of SCO. "Hey fuck that dude it's about open source. Maybe I could use this source to get a chick to open her source. I haven't been laid since I was on the wrestling team and my good buddy Chuck and I did the mutual masturbation thing." stated user Jeremy

We at here SBTS (Slashdot Behind The Scenes) have captured the frustrations of some and have sadly attempted to email this luser who sounded a bit suicidal with his " I'm so tired of this bullshit." comment. We wanted to let him know everything will be alllllllllll right there buddy.

Afterwards, Slashdot pulled off a first by posting an article about Slashdot, posting an article about SCO. After weeks of daily bombardments of SCO related articles Slashdot simply decided to post an article about them speaking about SCO.

"The problem is, we started running out of stories about SCO to post, I mean we did the SCO said foobar thing the other day, and we've bashed the company spokesperson before. Hell we've even ridiculed the parrot in the SCO offices. These stories are so yesterday, so what better way than to post something entirely new, hip, exciting, and very straight forward. Slashdot posting an article, about posting an article, about SCO. It's so retro and chick." stated Slashdot staff member Hemos

Re:[In]Secure IIS server?

[afex]

oh man that's awesome.

Apple Cinnamon Toast Crunch

In today's news, Slashdotters vowed they would not "Take SCO's shit anymore" and decided to pull of some 'Fight Club' like anarchy acts on the offices of SCO. "Hey fuck that dude it's about open source. Maybe I could use this source to get a chick to open her source. I haven't been laid since I was on the wrestling team and my good buddy Chuck and I did the mutual masturbation thing." stated user Jeremy

We at here SBTS (Slashdot Behind The Scenes) have captured the frustrations of some and have sadly attempted to email this luser who sounded a bit suicidal with his " I'm so tired of this bullshit." comment. We wanted to let him know everything will be alllllllllll right there buddy.

Afterwards, Slashdot pulled off a first by posting an article about Slashdot, posting an article about SCO. After weeks of daily bombardments of SCO related articles Slashdot simply decided to post an article about them speaking about SCO.

"The problem is, we started running out of stories about SCO to post, I mean we did the SCO said foobar thing the other day, and we've bashed the company spokesperson before. Hell we've even ridiculed the parrot in the SCO offices. These stories are so yesterday, so what better way than to post something entirely new, hip, exciting, and very straight forward. Slashdot posting an article, about posting an article, about SCO. It's so retro and chick." stated Slashdot staff member Hemos

morons continue pummelling dead whores

addeddumb to 'sco news from the cesspool/?pr? pottIE', AGAIN.

that's right, everIE time another lie is tolled, va lairIE/robbIE et AL, preseNT it as stuff that really matters, therefore, assisting the payper liesense walking dead in keeping their phonIE ?pr? ?firm? stock markup desperado greed/fear fest gooing along. yuk.

of course that's off topic, as the hobbyists (& many of you MACinists) are the total opposite of the phonIE payper liesense corepirate nazis.

you gnu/software folks are to be commended. we'd be nearly doomed by now without y'all. the check's in the mail again.

meanwhile... for those yet to see the light.

don't come crying to us when there's only won channel/os left.

nothing has changed since the last phonIE ?pr? ?firm? generated 'news' brIEf lots of the creator's innocents are being killed/mutilated daily, as manIE continue to 'pretend' it isn't happening. if anything the situations are continuing to deteriorate. you already know that.

the posterbouys for grand larcenIE/deception would include any & all of the walking dead who peddle phonIE stock markup payper to millions of hardworking conservative folks, & then after stealing/spending/disappearing the real dough, pretend that nothing ever happened. sound familiar robbIE? these fauxking corepirate nazi larcens, want us to pretend along with them, whilst they continue to squander yOUR "investmeNTs", on their soul DOWt craving for excess/ego gratification. yuk

no matter their ceaseless efforts to block the truth from you, the tasks (planet/population rescue) will be completed.

the lights are coming up now.

you can pretend all you want. our advise is to be as far away from the walking dead contingent as possible, when the big flash occurs. you wouldn't want to get any of that evile on you.

as to the free unlimited energy plan, as the lights come up, more&more folks will stop being misled into sucking up more&more of the infant killing barrolls of crudeness, & learn that it's more than ok to use newclear power generated by natural (hydro, solar, etc...) methods. of course more information about not wasting anything/behaving less frivolously is bound to show up, here&there.

cyphering how many babies it costs for a barroll of crudeness, we've decided to cut back, a lot, on wasteful things like giving monIE to felons, to help them destroy the planet/population.

no matter. the #1 task is planet/population rescue. the lights are coming up. we're in crisis mode. you can help.

the unlimited power (such as has never been seen before) is freely available to all, with the possible exception of the aforementioned walking dead.

consult with/trust in yOUR creator. more breathing. vote with yOUR wallet. seek others of non-aggressive intentions/behaviours. that's the spirit, moving you.

pay no heed/monIE to the greed/fear based walking dead.

each harmed innocent carries with it a bad toll. it will be repaid by you/us. the Godless felons will not be available to make reparations.

pay attention. that's definitely affordable, plus you might develop skills which could prevent you from being misled any further by phonIE ?pr? ?firm? generated misinformation.

good work so far. there's still much to be done. see you there. tell 'em robbIE.

Market share

[asv108]

The main thing that keeps Mac OSX secure is a market share in the single digits. Certainly OSX is more secure than windows by default, but the biggest advantage of OSX is that its not a juicy target.

Answer me this..

.. Why is it that every time I load the Slashdot main page I get the advert showing that fat bitch Judy Branch and how much she saved at eBay?

Did she take her savings and buy food with it or what?

She needs to invest in a liposuction machine or maybe some Weightwatchers programs.