Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Releases Mac OS X Leopard Security Guide

Posted by timothy on from the to-prevent-worms dept.

Wormfan writes to share ZDNet's brief mention of and a link to "Apple's release of a ~250 page PDF of security best-practices and tips to protect Mac OS X Leopard clients. The guide is aimed at experienced users, Apple says, familiar with the Terminal application and its command-line interface."

2 of 61 comments (clear)

  1. Re:Ooooh by argent · · Score: 5, Informative

    For normal users, at this point, my basic recommendations are:

    * Make sure that you have 'Open "Safe" files after download' disabled in Safari.
    * Use a tool such as "More Internet" to change the default application for FTP: URLs from Finder to either an FTP-aware web browser like Firefox or a dedicated FTP client.
    * Consider disabling Dashboard if you have any doubt over your ability to recognize when third party Dashboard applets are installed via Safari.
    * Don't open attachments from inside Mail. It's a dangerous habit to get into, the extra second spent saving them to a file is worth it.
    * Don't let the stupid warning dialogs lull you into a false sense of security. These were a bad idea when Microsoft started using them, and it doesn't make it any better for Apple to follow.

  2. Re:They lied! by El+Icaro · · Score: 5, Informative

    I haven't gotten very far in it, but it is very interesting. It goes far beyond in security to what a standard user would ask for. I'd actually like to see Windows or Linux have a similar guide/compilation.

    - Disabling kernel extensions for firewire, bluetooth and wifi among others (completely disabling those functions).
    - Different privilege levels (not just admin, user and guest).
    - Managing accounts through open directory.
    - Configuring password complexity requirements.
    - Managing keychains.
    - Securing system preferences and services (just one click, not sure if that is a good thing though). Apparently you can lock down to the Dock size of your users. - Erasing data securely (35-pass erase? Really?).
    - Disabling Safari functions (no downloads, cookies, autofill in forms, proxies, etc...).
    - Managing services and running in stealth mode.
    - Command-line for most of the above.


    And I'm about half-ways. This is really nice to have for any serious admin. I consider myself an experienced mac user (yes, a fanboy too) and I'm surprised with everything Mac OS has that I didn't know about.