Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Security Guide for Mac OS X

Posted by michael on from the take-a-bite-out-of-crime dept.

An anonymous reader writes "The National Security Agency has just released a Security Configuration Guide for Apple Mac OS X (pdf). The guide mostly contains common sense configuration information that applies to many Unix systems. It also includes specific discussion for Apple's unique features such as Keychain and FileVault. It should be useful to most Mac OS X users and will be particularly useful for US Government organisations that use Mac OS X and for commercial IT Departments that are supporting Mac OS X. A range of other NSA Security Configuration guides for other operating systems, applications, and IT kit are also available."

2 of 250 comments (clear)

  1. Re:Slashdotted already? by drinkypoo · · Score: 1, Flamebait
    Be careful; a teenager in grass valley, CA was recently picked up by the FBI because, when asked on the web if he would like to meet bush, he said yes because he'd like to punch him in the nose.

    Welcome to amerika, folks. It's too bad Bushism already means a horrible verbal flub in which you mutilate the American version of English on national TV, or in a press article, because this is awfully similar to McCarthyism.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Re:What about... by evilviper · · Score: 0, Flamebait
    Not sure if this would make it more secure for the OS challenged, but when it asks for administrative permission it asks for a password.

    Assuming a home machine, the "OS challenged" individual will have that info anyhow, so no big deal at all.

    What are you thinking? That all other OSes just give you an OKAY button and don't ask for a password to get Admin rights? No, of course not. You always need the password.

    If an office admin wants to keep the OS X's in the office secure, just don't give the secretaries the password for their computers.

    Yes, but how is that any different, or better than Unix (specifically) or Windows?

    Unix essentially won't let it be installed at all, even if you know the password... You have to go through the steps of su'ing or otherwise logging in as root, then manually executing the downloaded program. That big step is what keeps trojans away.

    Windows does it the same way OS X does, prompting for the admin password.

    If they need to do anything which requires the password, they have to ask the computer guy and he can say, "So why do you need to see nude pictures of Brad Pitt again?"

    Yes, congratulations for getting modded up on this banal comment, reiterating the 40-year idea which has formed the basis for all of the computer security world. I can't imagine how you did it.
    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant