hardening
Latest
Sysadmin 101: Securing Leopard
Security researchers at Corsaire have published a PDF whitepaper discussing best practices for securing Mac OS X 10.5 Leopard in a networked environment. The whitepaper is free. "While the default installation provides a relatively secure system, it may not always meet organizational security requirements. This guide is aimed at users in environments requiring stronger security controls in their operating system, making full use of the protection features offered by Mac OS X 10.5," the whitepaper says in its introduction. "It may also be of use to System Administrators wishing to enforce an organization-wide desktop security policy." The guide also discusses key security differences between Leopard and Tiger, and builds upon previous guides for those operating systems. A direct link to the PDF is available here.
Another Look at Mac OS X Security
I take security exploits seriously. I'm responsible for many hundreds of Macintosh computers that reside in many different environments, not to mention half-a-dozen X-Serves, several of which are production boxes open to the world. When a security exploit is announced, I look to see if it will impact my workstations and servers and whether I need to take immediate action. And with the exception of the recent Safari exploit that was patched last week by Apple's Security 2006-001 Update, there hasn't yet been a single vulnerability that significantly affects my computers' operations. [Note, reader Brent points to a ZDnet article just published a few hours ago that claims Apple hasn't adequately fixed the Safari exploit in question].So when an article claiming "Mac OS X hacked in less than 30 minutes" popped up on my news radar last night, I read through it and quickly dismissed it as a non-story, and a journalistically unsound one at that. Neither this article or any of its copycats (up to more than six now), has bothered to even attempt to actually explain the "hack" or the "exploit." Plain and simple, folks, these articles are full of hype, empty of facts, and are bunk:
