NSA Security Guide for Mac OS X
An anonymous reader writes "The National Security Agency has just released a Security Configuration Guide for Apple Mac OS X (pdf). The guide mostly contains common sense configuration information that applies to many Unix systems. It also includes specific discussion for Apple's unique features such as Keychain and FileVault. It should be useful to most Mac OS X users and will be particularly useful for US Government organisations that use Mac OS X and for commercial IT Departments that are supporting Mac OS X. A range of other NSA Security Configuration guides for other operating systems, applications, and IT kit are also available."
....actually implementing everything the NSA recommends in its guides will get you a system that is both highly secure and exceptionally inconvenient for its users. It's a useful reference, to see if you've forgotten anything that you particularly want, or anything obvious, but as always, individual admins will have to decide for themselves where they want their systems to lie on the security-usability axis...
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
Pick any two.
I don't need no instructions to know how to rock!!!!
Did you click on the second link in the story? There's a lot for Windows See under "Operating Systems".
Given the fact that I don't use MacOSX, I checked out the Cisco one some time ago and it's quite impressive. Lots of common sense things of course, but some good ideas I would have otherwise not thought about. Definitely recommended.
It's nice to see government agencies not waste our (sorry: your) tax dollars and instead produce something useful and not hiding it in one of their many shelfs.
Since it's a security site, I'd expect it to display a warning and disable the site if you are clueless enough to accept the cookie!
You gotta start with the fundamentals...
I don't trust it with anything important though
Kind of defeats the purpose, doesn't it?
Put identity in the browser.
Not sure if this would make it more secure for the OS challenged, but when it asks for administrative permission it asks for a password. If an office admin wants to keep the OS X's in the office secure, just don't give the secretaries the password for their computers. If they need to do anything which requires the password, they have to ask the computer guy and he can say, "So why do you need to see nude pictures of Brad Pitt again?"
download to complete, DOH it's now stalled. /me wants to call the NSA and ask if they can mail me a printed version of the document it would be faster
Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
On Windows, if you are logged in as an administrator (not the Administrator account), your account will automatically authenticate during program installations and such, hence why you can make changes to the system settings and install programs without ever being challenged for a password. That is what makes the Windows way of doing things inherently more risky. You don't need to enter your password for administrator actions.