Slashdot Mirror
Foundations of Mac OS X Leopard Security
jsuda writes "At least a half-dozen times in the book 'Foundations of Mac OS X Leopard Security' the authors state that there is a misconception that the Macintosh computer is immune from security problems. That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac. This book is meant to change all that. The authors acknowledge that the Mac OS X software has had little of the security problem experience of Windows (and other operating systems, to a lesser extent) but they spend 455 pages detailing exactly where and how the Macintosh platform is (or may be) vulnerable." Read below for the rest of Jsuda's review.
Foundations of Mac OS X Leopard Security
author
Charles S. Edge, Jr., William Barker, and Zack Smith
pages
455
publisher
Apress
rating
9
reviewer
jsuda
ISBN
978-1-59059-989-1
summary
Best book on Mac Security
Many of the security issues raised in the book are theoretical or deal with added elements of the Mac software install that contain non-Apple components — Apache Web server and Perl and PHP scripting packages, for example. Many of the items of concern deal with generic problem areas of computer usage in general, both software and hardware, which affect the Mac as well as any other computers and networks. While the perspective of the book is on the Mac, much of the security review will apply to any type of computer or network.
Messieurs Edge, Barker, and Smith are seasoned Mac and security professionals who point out in a very systematic and comprehensive way the potential problems of running the Mac both in single use and networked environments. The focus is primarily on Mac OS X Leopard and the other software which comes with any new Mac computer, although there is some discussion of earlier OS X versions and earlier generations of Apple applications like Airport.
The book has five main parts covering general security matters, essential security fundamentals, networking, sharing, and workplace security issues. There are four very short appendices of modest value.
The initial first three chapters deal with general security and security fundamentals is basic stuff discussing how technical computer security issues are entwined with practical realities of using computers in a business or home, and that compromises between security and practicality generally must be made. There is discussion of types of security attacks, how the Windows booting programs, Parallels and Boot Camp, implicate Windows security issues on the Mac, and how the UNIX underpinnings of the Mac OS X allow for more sophisticated techniques and tools in securing the Mac computer and networks. Chapter 1 is a useful "quick start" guide of items which can be addressed readily by nearly any level of user to safeguard the Mac from many security concerns. Apple has provided a lot of built-in security features and services which can be adjusted by individual users to his or her own needs, like FileVault, Secure Trash, Keychain, permissions, and others. Higher-level users and maybe experienced security professionals not used to the Mac may be bored with the first part of the book.
Part two deals with protecting the Mac from malware and exploitable services in the OS and major applications like the Safari browser and Mail applications. It explains how malware can affect the Mac through script viruses, social engineering techniques, and other exploits. The book lists a number of available software tools which can help solve some of the potential problems. The section on reviewing and configuring monitoring processes and logs is especially interesting.
Securing networks, using and configuring firewalls, and wireless networking make up the bulk of part three. The content in chapters 7 through 9 is quite technical covering types of networks; routers, hubs and switches;proxy, DMZ, and other servers and hardware setups, advanced firewall configuration using both GUI and command line interfaces; filtering; traffic throttling; and more. The sections describing testing of firewalls and hacking wireless networks using tools like Kismac and iStumbler are especially useful.
Chapter 11, in part four, dealing with website security when utilizing the built-in Apple web services, includes a checklist of at least a dozen items to be dealt with in locking down a site. Security for remote conductivity is addressed also, with particular emphasis given to VPN, secure shell, and the use of network administration tools like Timbuktu and DAVE. Attention is given to both the standard Mac OS X installation as well as to OS X Server. The most complex discussions involve using Open Directory in a security plan. My favorite sections were in chapters 14 on network scanning, monitoring, and intrusion prevention tools. The book describes how to understand your own machine/network security status by learning how to attack other networks. And how to use techniques like white/black box testing, fingerprinting, enumeration, port and TCP/UDP scans, ping sweeps, and more.
The book describes how intrusion detection is accomplished. Guidance is provided on software tools like Tripwire, snort, Checkmate, and others. The last chapter concerns forensics and how to handle attempted or successful intrusions to both understand security weaknesses and to preserve evidence for civil or criminal proceedings, CSI-like.
Nearly all of the presentations cover two levels of interactivity using either GUI-based tools or the command line. Except for a handful of sections, the presentations are useful even for higher-end users, including those dealing with medium to large networks.
The writing is workmanlike and without style or wit, but carefully organized and expressed. There are plenty of (grayscale) screenshots of relevant software application configurations, and sidebar Notes and Tips on many topics. Anyone who has a serious interest in Mac OS X security will benefit from this book as its main virtue is its systematic and comprehensive approach to the issues. It is designed to inform users of all levels how and why to think about OS X security. Geeks who want or need to know Mac OS X security will get a nicely organized book sufficiently filled with useful content. This is not a book intended to raise all security issues or to provide all the answers. It does answer many problems, and will point nearly all users in the right direction for their specific needs.
You can purchase Foundations of Mac OS X Leopard Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Messieurs Edge, Barker, and Smith are seasoned Mac and security professionals who point out in a very systematic and comprehensive way the potential problems of running the Mac both in single use and networked environments. The focus is primarily on Mac OS X Leopard and the other software which comes with any new Mac computer, although there is some discussion of earlier OS X versions and earlier generations of Apple applications like Airport.
The book has five main parts covering general security matters, essential security fundamentals, networking, sharing, and workplace security issues. There are four very short appendices of modest value.
The initial first three chapters deal with general security and security fundamentals is basic stuff discussing how technical computer security issues are entwined with practical realities of using computers in a business or home, and that compromises between security and practicality generally must be made. There is discussion of types of security attacks, how the Windows booting programs, Parallels and Boot Camp, implicate Windows security issues on the Mac, and how the UNIX underpinnings of the Mac OS X allow for more sophisticated techniques and tools in securing the Mac computer and networks. Chapter 1 is a useful "quick start" guide of items which can be addressed readily by nearly any level of user to safeguard the Mac from many security concerns. Apple has provided a lot of built-in security features and services which can be adjusted by individual users to his or her own needs, like FileVault, Secure Trash, Keychain, permissions, and others. Higher-level users and maybe experienced security professionals not used to the Mac may be bored with the first part of the book.
Part two deals with protecting the Mac from malware and exploitable services in the OS and major applications like the Safari browser and Mail applications. It explains how malware can affect the Mac through script viruses, social engineering techniques, and other exploits. The book lists a number of available software tools which can help solve some of the potential problems. The section on reviewing and configuring monitoring processes and logs is especially interesting.
Securing networks, using and configuring firewalls, and wireless networking make up the bulk of part three. The content in chapters 7 through 9 is quite technical covering types of networks; routers, hubs and switches;proxy, DMZ, and other servers and hardware setups, advanced firewall configuration using both GUI and command line interfaces; filtering; traffic throttling; and more. The sections describing testing of firewalls and hacking wireless networks using tools like Kismac and iStumbler are especially useful.
Chapter 11, in part four, dealing with website security when utilizing the built-in Apple web services, includes a checklist of at least a dozen items to be dealt with in locking down a site. Security for remote conductivity is addressed also, with particular emphasis given to VPN, secure shell, and the use of network administration tools like Timbuktu and DAVE. Attention is given to both the standard Mac OS X installation as well as to OS X Server. The most complex discussions involve using Open Directory in a security plan. My favorite sections were in chapters 14 on network scanning, monitoring, and intrusion prevention tools. The book describes how to understand your own machine/network security status by learning how to attack other networks. And how to use techniques like white/black box testing, fingerprinting, enumeration, port and TCP/UDP scans, ping sweeps, and more.
The book describes how intrusion detection is accomplished. Guidance is provided on software tools like Tripwire, snort, Checkmate, and others. The last chapter concerns forensics and how to handle attempted or successful intrusions to both understand security weaknesses and to preserve evidence for civil or criminal proceedings, CSI-like.
Nearly all of the presentations cover two levels of interactivity using either GUI-based tools or the command line. Except for a handful of sections, the presentations are useful even for higher-end users, including those dealing with medium to large networks.
The writing is workmanlike and without style or wit, but carefully organized and expressed. There are plenty of (grayscale) screenshots of relevant software application configurations, and sidebar Notes and Tips on many topics. Anyone who has a serious interest in Mac OS X security will benefit from this book as its main virtue is its systematic and comprehensive approach to the issues. It is designed to inform users of all levels how and why to think about OS X security. Geeks who want or need to know Mac OS X security will get a nicely organized book sufficiently filled with useful content. This is not a book intended to raise all security issues or to provide all the answers. It does answer many problems, and will point nearly all users in the right direction for their specific needs.
You can purchase Foundations of Mac OS X Leopard Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
OSX is intrinsically far more secure than Windows, but all systems have their vulnerabilities. For Mac pros to acknowledge that "far more secure" does not equal "completely secure" is a good step in the right direction. Thanks for the review, jsuda.
If you haven't been down-modded lately, you aren't trying.
Sacred cows make the best hamburger.
Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share. Hackers for hire use the ideal of "most bang for the buck" style so....windows it is. Turn the tides on market share and I bet you'd see a ton more viruses for OSX than you do now and it probably would be the Windows users saying....looks at all those viruses for OSX...their security sucks.
Insert funny smart-ass comment here.
Good question. But since servers tend to be protected a bit more than your average home users computer its a bit easier to get 100K of those than 1000 servers. But on very rare occasions a hacker figures out how to have his cake and eat it too.....
Insert funny smart-ass comment here.
That allegation may explain why there are very few books published (and nearly none in recent years) about security for the Mac.
I would think the reason is more that almost any book on UNIX security gets you 99% of what you need to know, and there are online sources to cover the rest.
Not that a book is not a good thing to see, but to my mind among admins or more serious users of OS X, the misconception that OS X is totally secure is in itself a misconception. OS X know systems will have vulnerabilities, but we also know there have been basically no attacks in the wild and that by default many things which might leave un-noticed holes (like web servers) are off by default - and that helps a lot, for the eventuality of real attacks coming someday.
To my mind, another aspect stopping attacks is actually the switch to Intel. That reset the counter for when we might see OS X attacks since buffer overflow stuff can't rely on which architecture it might hit. That and a more friendly update model (than Windows) that people actually apply when updates come.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Put an unpatched WinXP on the Internet and watch how quickly it is cracked by an automated process randomly scanning IP blocks.
So you'd turn down $5 million for a chance at a portion of $90 million?No. If they were easy to crack, they would be cracked. Automatically. By a zombie scanning IP blocks.
The real issue is that Macs are very secure ON THEIR OWN. Not in relation to anything else.Today, most boxes are cracked via worms, browser exploits and email attachments.
Removing entire avenues of attack is possible with a Mac. Remove an avenue of attack and you've increased your security.
Then, as long as the DIS-INFECTION rate is HIGHER than the INFECTION rate, those systems will be "secure". At least, they will not be cracked by worms, browser exploits or email attachments.
I don't think that's it at all. It's there is very little market for OS X security books at this point. Most people don't care. Let me explain.
On the home end of things, Macs are great and relatively secure. They do fine. That said, how many people buy books on Windows Security for those home computers? I'm going to say very few. Most people don't care or don't know they should do something to increase security.
The other front is businesses. Most businesses don't use Macs, by a large margin. Macs have a smaller enterprise market share than overall market share. If you are asked to secure a server or desktop, chances are it will be Windows or Linux.
These kind of books are, for the most part, targeted at administrators, businesses, etc. Since that market (administrators of Macs) is so small (compared to administrators of Windows boxes) there are very few books written.
This is compounded by the most important boxes to secure: web facing boxes (like servers). OS X Server's market share is very tiny compared Windows and Linux.
The books aren't there because the demand for them isn't very big, not because Mac users are think they are invulnerable from arrogance.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Link please? I only ask because often the Mac viruses that people point to turn out to be trojans, such as the Leap-A "worm" that requires a user to open a file that downloaded as a tgz, unzip it, then run the executable inside.
Cwm, fjord-bank glyphs vext quiz
Sure they have, its just not a very useful platform to write viruses for since they have such a tiny market share
There are now tens of millions of macs being used now. That's active use, not just purchased...
Now you tell me how in this day and age where viruses are all about building up botnets which are then sold, that a fairly homogenous systems with MILLIONS of systems to be had, is not a juicy target?
Marketshare alone is meaningless as a reason not to write viruses when you get to those kinds of numbers.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Take 'em all down, Fanboi! Good dog!
And with that message, your contentless response to a well-written message puts on display the fullest measure of your intelligence.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Mac OS X is based on the Mach kernel and is derived from the Berkeley Software Distribution (BSD) implementation of Unix in Nextstep.
So the kernel is not Mach but based on it. Specifically the kernel is a hybrid kernel called XNU that was developed by Next. The other parts are based on Nextstep's BSD.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Mac OS X has some advantages in security. But I can't really say those advantages are due to Apple being somehow inherently 'better' coders than Microsoft or having made some kind of perfect system.
I slightly disagree with that statement.
Most programming done on other systems for higher level OS and application stuff, is C or C++.
In OS X, it is Objective C.
SImply because of the message passing nature and the way the frameworks are built, I would say that generally any application written in Objective C would have many fewer problems with things like buffer overruns. Also possible, is that the very dynamic nature of Objective C makes it more likely code will be checking inputs from other modules for sanity.
This would also agree with your assessment that Quicktime seems to show more problems than other areas of code - because more of it is at a very low level that is more pure C and uses the frameworks less.
But I do agree with your assessment that Apple being willing to break from legacy code makes a difference too.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"Sadly, there are plenty of Mac hipsters out there who do think that it is totally immune."
Are there? Show me a quote or two where somebody has actually written that. NOBODY actually believes Mac OS is totally immune, not even the most fervent of hipsters.
The pursuit of absolute tolerance leads to the most rigorous and ludicrous intolerance. - REX MURPHY
Back when Windows was first designed Microsoft assumed there was only one user on the computers and there was not way to get at the computer other than via the keyboard/mouse.
Unix was designed from the first to be used on a shared computer. The idea was that computers were so expensive that you could only afford one for an entire department, so you hooked up a bunch of terminals and let lots of peopleuse the machine at the same time. The "prime directive" of OS design was "it should not be possable for one user to screw up an others users work."
Unix was designed to run on very expensive shared computers while Windows was designed to run on cheap in-expensive personal computers that were owned and used by just one person. Mac OS X is based in Unix and ha very stong abillty to pertition users from each other. Untill recent years Windows did not even have to concept that there might be more then one user
You need to stop and think about what you're saying a bit more. Targetting unpatched linux servers is not the same thing as targetting OSX. The people searching for vulnerabilities aren't looking for vulnerabilities in 'unpached linux servers'. If you're looking for a NEW vulnerability it's not going to have a patch for it, so patched or not makes no difference. The security professionals and hackers that look for exploits in linux find them in the most up to date linux servers. The problem is only unpatched servers end up getting hit by these exploits. Why? Because the exploit gets published and a patch is made to prevent it. Only the 'unpatched linux servers' remain vulnerable. Why is this different from OSX? Because people have much more of an incentive to hack linux than even Windows, this is so unlike OSX that one would rather draw comparisons with Windows' situation rather than OSX's. Linux dominates the server market (just like windows dominates the server market), and as far as value is concerned, servers tend to contain much more information of value than desktops. Hackers have more of an incentive to hit Linux than even Windows. The reason linux stay's secure is because of the open source mentality which eases identification of vulnerabilities by security professionals (and others) and results in speady patches. Actually, the 'unpatched linux servers' argument is actually an argument against you. Linux is generally accepted to be the most secure OS. Why? Because all known vulnerabilities get patched as soon as they're found. But yet these vulnerabilities are still exploited and black-hats still target it looking for futher vulnerabilities despite it's alleged 'security'. Why does this happen? Market share. The same or much worse would probably happen to OSX if had a dominant market share.
I own four macs and am a sysadmin to a company running about 45 macs. I really like Mac OSX as an OS, as it is generally very robust and flexible, and, in my experience, the OS contains many features that make it both more productive and secure than Windows.
That, however, is a generalisation. Windows has made strides to improve its security record and Vista is much better in this respect than XP was (even if one does get the feeling that a lot of Vista functionality was "bolted on" after the fact). I would be wary of making wild claims about Vista being less secure than OSX, but I think, in general, Apple's use of ACLs in 10.5, coupled with other security features do give it a slight edge.
That said, the exploit this week about the Applescript ARDAgent vulnerability, and above all, the general reaction of Mac users to this vulnerability, and again as expressed in this slashdot comments section, coupled with my experiences with my users at work shows me a few things:
Mac users in general, tend to hold on to myths and marketing claims put out by Apple's PR more that users of other platforms do. I honestly think that the Mac vs. PC ads do Mac users a disservice because so many belive the claims without even asking any questions about them. An example: PC is frustrated because Mac now has Office 2008 which can do all that Office 2007 can. This is simply false. Office 2008 lacks VBA for one thing, lacks conditional formatting in Excel for another, and is so slow, it is barely usable on a new Mac Pro tower. Our older Office version, Office v.X runs faster in Rosetta emulation.
Another example. Coincidentally, I discovered this week that Apple Mail will run a Mac application thta has been attached to an email directly out of Mail. It will warn you, twice, about this, but Windows warns you about new apps as well that hasn't stopped millions of clueless end users ignoring the warnings and just clicking away. I did a few tests on users at work and they *all* opened the app. An app, combined with the applescript ARDAgent exploit would be an excellent way for an attacker to install a trojan for phishing or zombie purposes.
The atttude of Mac users that the platform is magically secure than Windows (it is more secure than XP, but not much more than Vista if at all) in the same way that Mac users were still crowing about Win98 BSODs the same way Windows users were crowing about OS9 crashing all over the place, years after neither one was used very much any more, is indicative of the problems that we, the Mac using community will face when malware exploits start to gather pace on the Mac.
I honestly believe that the Mac has been mostly protected by its small marketshare up until now. Most exploits come out of China and Russia, and most malware authors there do not have Macs. That will eventually change.
I say that Mac users should be less confident in the platform and more aware of security. I suspect that in 5 years, Anti-Virus software will also be a mainstay on OSX.
I've always thought there's a slightly different phenomenon at work for Mac users.
See, Mac users really like what they're using. If you go to the trouble of buying a Mac, you're joining a group of people that is generally supportive of their computing platform.
So I think there are a lot fewer people who are really interested in breaking into Macs and damaging their computing platform's reputation.
To show this principle in action, take a look at the iPhone hacking community and how quickly they found exploits. The difference? The motivation for breaking iPhone's security was to be able to write software for the device. They were not trying to be destructive and did not see themselves as destructive.
So it would appear that there are fewer "destructive hackers" for Apple products than there are for other platforms. People are only really interested in breaking into Apple systems when there is some kind of hacking challenge, or when a product like iPhone or Apple TV is preventing them from using the devices as they wish.
I do believe that Apple has better security overall than Windows, but at the same time I also think the overall software environment is far more benign.
D
Think about how spyware gets on a computer.
From what I understand, there are two basic ways: Drive by downloads and host programs that carry spyware with their installation.
Drive by downloads under Windows are installed thanks to Internet Explorer bugs. IE is capable of installing operating system updates and so it automatically has the access needed to do so.(*) Safari has no special operating system privileges and so it cannot install software on its own without user intervention.
As far as I can tell, other spyware vectors such as commercially developed BitTorrent clients and "smiley face" silliness have not taken off on the Mac.
So as far as I know, the major ways to distribute spyware don't exist on the Mac and probably never will. Thus, Apple is likely to be spared the spyware phenomenon, at least to the dreadful extent it occurs on Windows machines.
D
(*) I think Vista was supposed to fix this but I don't know if that is the case or not. In any event, most Windows users continue to use XP.
That does not mean that you can't set your kids up with a limited account--it simply means that due solely to the way Alpha Centauri is written, it won't work with a more secure setup. But that's not Microsoft's fault--complain to Firaxis.
If you haven't been down-modded lately, you aren't trying.
Sacred cows make the best hamburger.
Actually, the Mac out of the box was nigh-impossible to get into, so they created a way for hackers to send a URL to an email address which would cause safari to automatically open the URL on the machine. The winner got in through a Safari vulnerability.
DISCLAIMER: I work at Microsoft.
Pretty much everyone who posts about this is full of shit.
Vista has had 34 vulnerabilities over the last 1.5 years. That's less than Mac OS X over the same period.
If you want to argue that Mac OS X is "more secure", you need to do it on grounds other than vulnerabilities. At best, Mac OS X and Vista are similar in the number and severity of vulnerabilities.
So the new big thing on Slashdot, since the vulnerability statistics don't back up the "more secure" argument, is to argue that Mac OS is "intrinsically" more secure than Windows.
I have no idea what people are talking about there. Vista has ACLs, just like Mac OS X. Vista has sudo (UAC in Vista), just like Mac OS X. Vista disables network-facing services by default, just like Mac OS X. Vista has a firewall, just like Mac OS X.
So, you can wave your hands and say that Mac OS X is secure because it's "UNIX". But I'm not impressed. There's nothing "intrinsically" secure about UNIX compared to any other modern OS.
What I can say is that Apple doesn't take security bugs seriously. Microsoft acknowledges when there is a reported vulnerability and reports when a fix is delivered. Apple pretends that vulnerabilities don't exist. Apple sometimes stealth-patches vulnerabilities away. And Apple frequently tries to downplay the severity of vulnerabilities.
Take, for example, the root privilege escalation vulnerability reported several days ago in Mac OS X. That kind of bug is extremely serious, yet we had 20 people on Slashdot commenting about how it's not a big deal. Apple hasn't even acknowledged that there's a problem.