Slashdot Mirror


NSA Security Guide for Mac OS X

An anonymous reader writes "The National Security Agency has just released a Security Configuration Guide for Apple Mac OS X (pdf). The guide mostly contains common sense configuration information that applies to many Unix systems. It also includes specific discussion for Apple's unique features such as Keychain and FileVault. It should be useful to most Mac OS X users and will be particularly useful for US Government organisations that use Mac OS X and for commercial IT Departments that are supporting Mac OS X. A range of other NSA Security Configuration guides for other operating systems, applications, and IT kit are also available."

8 of 250 comments (clear)

  1. These things make a nice checklist, but.... by general_re · · Score: 4, Insightful

    ....actually implementing everything the NSA recommends in its guides will get you a system that is both highly secure and exceptionally inconvenient for its users. It's a useful reference, to see if you've forgotten anything that you particularly want, or anything obvious, but as always, individual admins will have to decide for themselves where they want their systems to lie on the security-usability axis...

    --
    ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
  2. Security, Usability, Reliability by stratjakt · · Score: 5, Insightful

    Pick any two.

    --
    I don't need no instructions to know how to rock!!!!
  3. Re:Lack of safety in numbers by hbackert · · Score: 3, Insightful

    Did you click on the second link in the story? There's a lot for Windows See under "Operating Systems".

    Given the fact that I don't use MacOSX, I checked out the Cisco one some time ago and it's quite impressive. Lots of common sense things of course, but some good ideas I would have otherwise not thought about. Definitely recommended.

    It's nice to see government agencies not waste our (sorry: your) tax dollars and instead produce something useful and not hiding it in one of their many shelfs.

  4. Counterintuitive... by Anonymous Coward · · Score: 4, Insightful

    Since it's a security site, I'd expect it to display a warning and disable the site if you are clueless enough to accept the cookie!

    You gotta start with the fundamentals...

  5. Re:File Vault by Daengbo · · Score: 4, Insightful

    I don't trust it with anything important though

    Kind of defeats the purpose, doesn't it?

  6. Re:What about... by Anonymous Coward · · Score: 4, Insightful

    Not sure if this would make it more secure for the OS challenged, but when it asks for administrative permission it asks for a password. If an office admin wants to keep the OS X's in the office secure, just don't give the secretaries the password for their computers. If they need to do anything which requires the password, they have to ask the computer guy and he can say, "So why do you need to see nude pictures of Brad Pitt again?"

  7. Pardon Me while I take a NAP while waiting for my by sir+lox+elroy · · Score: 3, Insightful

    download to complete, DOH it's now stalled. /me wants to call the NSA and ask if they can mail me a printed version of the document it would be faster

    --
    Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
  8. Re:What about... by Durandal64 · · Score: 4, Insightful
    What are you thinking? That all other OSes just give you an OKAY button and don't ask for a password to get Admin rights? No, of course not. You always need the password.
    Not quite. Administrators on Mac OS X and Windows are different things. On Mac OS X, an administrator is a user who is allowed to temporarily acquire root privileges through a sudo action. To get these privileges, the user must enter his password. So, if I want to install a program that needs to write files to /Library or anywhere that isn't /Applications (the admin group has full access to the /Applications directory) or my home directory, I need to enter my password. If I choose, I can require authentication for "secure" system preferences, like the login preferences.

    On Windows, if you are logged in as an administrator (not the Administrator account), your account will automatically authenticate during program installations and such, hence why you can make changes to the system settings and install programs without ever being challenged for a password. That is what makes the Windows way of doing things inherently more risky. You don't need to enter your password for administrator actions.