Slashdot Mirror


Mac OS X Maximum Security

honestpuck writes "Security has long been a concern for Unix administrators who find themselves connected to the sometimes dark and dirty world of the Internet. With the advent of personal operating systems with file sharing, remote login and built-in web servers, and the spread of broadband networks with their always-on connectivity, it should now be a concern for everyone." Specifically, honestpuck is talking here about Mac OS X; read on for his review of Sams Publishing's Mac OS X Maximum Security. Mac OS X Maximum Security author John Ray and William C Ray pages 768 publisher Sams rating 7 reviewer Tony Williams ISBN 0672323818 summary Comprehensive but sometimes long winded book that covers securit on your Mac well

It really didn't concern me until one day when I was checking the logs on my Mac OS X box while developing a web app and discovered dozens of entries from all over the globe probing my box to see if it was an insecure IIS server. I then decided I needed to pay attention to security alerts and the help of a book like Macintosh OS X Maximum Security to help me understand and fix any holes.

The Good

The book is divided into four sections. Part 1 is about learning to think about security, covering such topics as physical security and protection from your users and bad guys. Part II, 'Vulnerabilities and Exposures,' covers the various sorts of attack such as password attacks, trojans and worms, sniffers and spoofing. Part III, 'Specific Mac OS X Resources and How To Secure Them,' covers just that, the various servers such as FTP, mail, Apache and SSH and how to go about making them safe. The final part covers attack prevention, detection, reaction and recovery with topics such as firewalls, alarm systems, logs and disaster planning.

Macintosh OS X Maximum Security is a large, extremely comprehensive volume. For the average person who wants to protect a small home network the information it provides is probably overkill. To make matters worse, the style is fairly verbose, particularly in the first section. Of course, if you want to secure a company network then you may need to know all the information -- and so all this background material is useful, if only so you can reach the right level of paranoia and suspicion.

The book is not a 'recipe' book that tells you "take these steps and you will have a secure machine"; rather it takes you through the possible holes and how to fix them. This approach seems much better for security, since it teaches you a respect for the places you have to open up and a methodical approach to doing so that will hopefully carry over beyond the specifics addressed. Any recipe is bound to have flaws since the operating system and the services are all changing, I'm hoping the methods and style this book have imparted to me will last beyond any changes.

The book also deals well with all the Macintosh-specific stuff, informing you well about such topics as Rendezvous, Apple Remote Desktop, using NetInfo and the like. One aspect that isn't well covered is Airport; securing an 802.11 network is barely touched on.

The Bad

The information provided in all areas of the book is quite detailed, and includes many links to further places to look for more (and more recent) information. Once again, for a book in an ever-changing field like security, this is a huge benefit. I would have appreciated some sort of a small website devoted to the book with the links mentioned gathered together and perhaps some notes on how things may have changed since the book's publication. Unfortunately the Sams Publishing site has a broken link to the book and while the authors say "we are creating a security section for the www.macosxunleashed.com website," no such section exists as I was writing this review. Frankly I am disappointed at this, I think with a book on this sort of topic it behooves either the publisher or author to provide a place for errata, discussion and notes. The best you can do is go to Amazon where you can see the Table of Contents and one chapter. [Ed. Note: The site's errata section is currently up and running.]

My only real complaint with the book itself is the huge size, and the long-winded nature of some of the material. I found the first two sections in particular almost tedious and definitely lecturing in tone. I would have rated this book higher if the editors at Sams had taken a large red pencil to slabs of the first section. Overall, I'd say that while not a 'must buy,' this book will have to do till I find something better, and I expect to loan my copy to several friends.

You can purchase Mac OS X Maximum Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

11 of 154 comments (clear)

  1. How secure can it be if it's PROPRIETARY? by Anonymous Coward · · Score: -1, Troll
    Many Unix geeks, particularly on Slashdot, have praised Apple's decision to base Mac OS X off of the enterprise-ready BSD codebase. However, it seems that most have never actually taken a closer look at this OS. If they had, a closer inspection would reveal that Apple's philosophy toward *nix and Linux compatibility has been one of "embrace and extend", and this is meant in the M$ sense. Wherever possible, Apple has engineered their operating system to be incompatible with industry standards. Simply put, Mac OS X is a nonstandard, bastardized Unix that bears about as much resemblance to the real thing as does, say, Windows ME.

    Let's start with the windowing environment, since that is the first thing users will notice. While both KDE and GNOME are mature, stable, and accepted as IEEE standards, Apple has elected to use neither. In fact, they don't even use X at all! Their display system is a proprietary, closed-source system called Quartz Extreme. In addition to the moral issues involved with closed software, this precludes the user from running X apps. There is an untested and alpha-quality X11 emulation layer available for download, but it is emulation, so programs will be slow. Does this sound like a standards-based system to you?

    Looking under the hood, it gets worse. While all other *nixes use standard ELF binaries, Darwin (Apple's name for their proprietary "Unix" kernel) does not. It uses Mach-O, an unproven format that is proprietary to Apple. The moribund FreeBSD, off which OS X is based, uses ELF, so clearly Apple went to the extra effort of "switching" (heh) simply to break compatibility. With ELF, users would be able to run most of their Lunix apps; with Mach-O this is impossible. Additionally, Apple has moved most configuration info fromhuman readable text files into a proprietary database called "NetInfo", which is much like the Windows registry we all loathe. Why? These are only a few of the ways that Apple has deliberately broken compatibility with other systems, presumably in order to lock users in to expensive Mac hardware.

    When we factor in the threat to users' civil liberties that is posed by the DRM included to support the iTunes Music Store (do you really think it will end there?) it is obvious that real *nix gurus should give OS X a wide berth. Caveat emptor.

    1. Re:How secure can it be if it's PROPRIETARY? by Anonymous Coward · · Score: -1, Troll

      BRAVO! A google search shows that you wrote that. So THAT'S WHY nothing would compile or run on OS X! And why the fuck are you people rating that troll? That should be a +5 insightful!

    2. Re:How secure can it be if it's PROPRIETARY? by Anonymous Coward · · Score: -1, Troll

      ATTENTION MODERATORS
      HURRY!!! MOD PARENT DOWN
      Parent mentions OS X in a potentially negative manner. We must unite and fight off any negative information so we can all go about living our lie and justify spending the money we did for these things.

  2. Ahh Macintosh... by Anonymous Coward · · Score: -1, Troll

    "Security via obscurity."

    Way to think different, Jobs.

  3. The only secure Apple system by Anonymous Coward · · Score: -1, Troll

    ..is one thats encased in cement and at the bottom of a lake.

  4. oh pick me pick me pick me!!!! by Anonymous Coward · · Score: -1, Troll

    Teacher: "Ok student so what did you learn over the weekend"
    Preschooler: "After my older brother finished downloading pr0n files and music off kazaa, he showed me how those evil men at SCO stole the soul!"

    h4rh4rh4r @rwxr--r-- efneezee fo sheezee

  5. OS X? Security? What an oxymoron. by Anonymous Coward · · Score: -1, Troll
  6. Windows? Security? What an oxymoron! (5core : 5) by Anonymous Coward · · Score: -1, Troll
  7. Question by Anonymous Coward · · Score: -1, Troll

    Who cares what anyone at Slashdot thinks? Not me.

  8. The book is not that useful... for security by Anonymous Coward · · Score: -1, Troll

    The book is not that useful... for secure servers on mac hardware all people know that webstar on OS9.22 and earlier has been unhackable since the earliest days of the internet until now.

    OS X is regretfully merely FreeBSD and other stuff, (Mach, Darwin) and is ustterly exploit ridden.

    This is a fact and apple has had to release countless security updates to patch these exploits, but never had an os8 or os9 or os7 exploit ever.

    I think the book is a waste. Even if you read it, you will get exploited as quickly as GNU was rooted months ago... they said they were not 'fast enough" Ha! Fast enough! yup... as soon as yet another FreeBsd exploit comes out anyone might be able root an osx if they knew how and the service was running (Apache, etc).

  9. mac help by Anonymous Coward · · Score: -1, Troll

    I don't want to start a holy war here, but what is the deal with you Mac fanatics? I've been sitting here at my freelance gig in front of a Mac (a 8600/300 w/64 Megs of RAM) for about 20 minutes now while it attempts to copy a 17 Meg file from one folder on the hard drive to another folder. 20 minutes. At home, on my Pentium Pro 200 running NT 4, which by all standards should be a lot slower than this Mac, the same operation would take about 2 minutes. If that.

    In addition, during this file transfer, Netscape will not work. And everything else has ground to a halt. Even BBEdit Lite is straining to keep up as I type this.

    I won't bore you with the laundry list of other problems that I've encountered while working on various Macs, but suffice it to say there have been many, not the least of which is I've never seen a Mac that has run faster than its Wintel counterpart, despite the Macs' faster chip architecture. My 486/66 with 8 megs of ram runs faster than this 300 mhz machine at times. From a productivity standpoint, I don't get how people can claim that the Macintosh is a superior machine.

    Mac addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a Mac over other faster, cheaper, more stable systems.