Enterprise Mac Security

El Capitan

Third Edition

Charles Edge Daniel O’Donnell Enterprise Mac Security: El Capitan Copyright © 2016 by Charles Edge and Daniel O’Donnell This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. ISBN-13 (pbk): 978-1-4842-1711-5 ISBN-13 (electronic): 978-1-4842-1712-2 Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein. Managing Director: Welmoed Spahr Lead Editor: Louise Corrigan Development Editor: James Markham Technical Reviewer: Jim Graham Editorial Board: Steve Anglin, Pramila Balen, Louise Corrigan, Jim DeWolf, Jonathan Gennick, Robert Hutchinson, Michelle Lowman, James Markham, Susan McDermott, Matthew Moodie, Jeffrey Pepper, Douglas Pundick, Ben Renow-Clarke, Gwenan Spearing Coordinating Editor: Jill Balzano Copy Editor: Jim Compton Compositor: SPi Global Indexer: SPi Global Artist: SPi Global Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation. For information on translations, please e-mail [email protected], or visit www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/bulk-sales. Any source code or other supplementary material referenced by the author in this text is available to readers at www.apress.com. For detailed information about how to locate your book’s source code, go to www.apress.com/source-code/.

To my sweet little Emerald, with all of my love! – Charles Edge

Contents at a Glance

About the Authors ��xxi About the Technical Reviewer ��xxiii Acknowledgments ��xxv Introduction ��xxvii

■■Part I: The Big Picture �� 1 ■■Chapter 1: Security Quick-Start �� 3 ■■Chapter 2: Services, Daemons, and Processes �� 29 ■■Chapter 3: Securing User Accounts �� 49 ■■Chapter 4: File System Permissions �� 83 ■■Chapter 5: Reviewing Logs and Monitoring �� 115

■■Part II: Securing the Ecosystem �� 151 ■■Chapter 6: Application Signing and Sandbox �� 153 ■■Chapter 7: Securing Web Browsers and E-mail �� 197 ■■Chapter 8: Malware Security: Combating Viruses, Worms, and Root Kits �� 221 ■■Chapter 9: Encrypting Files and Volumes �� 243

v vi Contents at a Glance

■■Part III: Securing the Network �� 277 ■■Chapter 10: Securing Network Traffic �� 279 ■■Chapter 11: Managing the Firewall �� 299 ■■Chapter 12: Securing a Wireless Network �� 323

■■Part IV: Securely Sharing Resources �� 345 ■■Chapter 13: File Services �� 347 ■■Chapter 14: iCloud Security �� 361 ■■Chapter 15: Remote Connectivity �� 375 ■■Chapter 16: Server Security �� 391

■■Part V: Securing the Workplace �� 439 ■■Chapter 17: Network Scanning, Intrusion Detection, and Intrusion Prevention Tools �� 441 ■■Chapter 18 Backup and Fault Tolerance �� 459 ■■Appendix A: InfoSec Acceptable Use Policy �� 487 ■■Appendix B: CDSA �� 495 ■■Appendix C: Introduction to Cryptography �� 497

Index �� 501

Contents

About the Authors ��xxi About the Technical Reviewer ��xxiii Acknowledgments ��xxv Introduction ��xxvii

■■Part I: The Big Picture �� 1 ■■Chapter 1: Security Quick-Start �� 3 Securing the Mac OS X Defaults �� 3 Customizing System Preferences �� 4 Users & Groups �� 4 Login Options �� 7 Passwords ��9 Administrators ��9 Security & Privacy Preferences �� 10 General �� 11 FileVault �� 12 Firewall �� 15 Software Update �� 16 Bluetooth Security �� 17

vii viii Contents

Printer Security �� 19 Sharing Services �� 21 Erasing Disks �� 22 Using Secure Empty Trash �� 23 Using Encrypted Disk Images �� 24 Securing Your Keychains �� 26 Best Practices �� 27 ■■Chapter 2: Services, Daemons, and Processes �� 29 Introduction to Services, Daemons, and Processes �� 29 Viewing What’s Currently Running �� 31 The Activity Monitor ��31 The ps Command ��36 The top Output ��37 Viewing Which Daemons Are Running ��39 Viewing Which Services Are Available ��40 Stopping Services, Daemons, and Processes �� 41 Stopping Processes ��42 Stopping Daemons �� 43 Types of launchd Services �� 44 GUI Tools for Managing launchd �� 45 Changing What Runs at Login �� 45 Validating the Authenticity of Applications and Services �� 47 Summary �� 47 ■■Chapter 3: Securing User Accounts �� 49 Introducing Identification, Authentication, and Authorization �� 49 Managing User Accounts �� 50 Introducing the OS X Account Types ��51 Adding Users to Groups ��53 Enabling the Superuser Account ��55 Contents ix

Setting Up Parental Controls ��57 Managing the Rules Put in Place ��65 Advanced Settings in System Preferences �� 68 Working with Local Directory Services �� 69 Creating a Second Local Directory Node ��72 External Accounts ��72 Restricting Access with the Command Line: sudoers �� 73 Securing Mount Points �� 78 SUID Applications: Getting into the Nitty-Gritty �� 79 Creating Files with Permissions �� 80 Summary �� 81 ■■Chapter 4: File System Permissions �� 83 Mac File Permissions: A Brief History of Time �� 84 POSIX Permissions �� 85 Modes in Detail ��86 Inheritance ��89 The Sticky Bit ��91 The suid/sguid Bits ��91 POSIX in Practice ��92 Access Control Lists �� 94 Access Control Entries ��95 Effective Permissions ��98 ACLs in Practice ��99 Administering Permissions �� 101 Using the Finder to Manage Permissions �� 105 Using chown and chmod to Manage Permissions �� 106 The Hard Link Dilemma �� 109 Using mtree to Audit File System Permissions �� 111 Summary �� 113 x Contents

■■Chapter 5: Reviewing Logs and Monitoring �� 115 What Exactly Gets Logged? �� 115 Using Console �� 117 Viewing Logs ��117 Marking Logs ��118 Searching Logs ��119 Finding Logs �� 120 What Happened to the Secure.log?? ��121 Reviewing User-Specific Logs �� 122 Reviewing Command-Line Logs �� 124 Reviewing Library Logs �� 125 Breaking Down Maintenance Logs �� 126 daily.out ��127 Yasu ��128 Weekly.out ��129 Monthly.out ��130 What to Worry About �� 130 Activity Monitor �� 131 Virtual Machine and Bootcamp Logs �� 131 Event Viewer ��131 Task Manager ��133 Performance Alerts ��135 Review Regularly, Review Often �� 136 Accountability ��136 Incident Response ��137 BSM – Auditing with the Basic Security Module �� 138 The Audit Daemon and Audit Commands �� 140 Configuring the Audit System �� 141 Default Audit Settings �� 141 Naming of the Audit Trail Files �� 143 Contents xi

Setting the Hostname in Audit Trails �� 144 Audit Trail Configurations for High Security Environments �� 145 More On Audit Trails �� 146 Viewing Audit Trails �� 147 Output and Interpretation of Audit Trails �� 147 Summary �� 149 ■■Part II: Securing the Ecosystem �� 151 ■■Chapter 6: Application Signing and Sandbox �� 153 Application Signing �� 153 Application Authentication ��155 Application Integrity ��157 Gatekeeper: Signature Enforcement in OS X ��158 Signing and Verifying Applications ��167 Sandboxing �� 170 Sandbox Profiles ��172 The Anatomy of a Profile ��175 Sandbox Profiles in Action ��180 The Seatbelt Framework ��193 Summary �� 195 ■■Chapter 7: Securing Web Browsers and E-mail �� 197 Securing Web Browsers and E-mail �� 197 A Quick Note About Passwords �� 198 Securing Your Web Browser �� 199 Securing Safari ��199 Securing Firefox ��202 Securely Configuring Mail �� 209 Using SSL ��209 Securing Outlook ��212 Fighting Spam �� 215 The Anatomy of Spam ��215 xii Contents

Desktop Solutions for Securing E-mail �� 218 Using PGP to Encrypt Mail Messages ��218 GPG Tools ��219 Summary �� 219 ■■Chapter 8: Malware Security: Combating Viruses, Worms, and Root Kits �� 221 Classifying Threats �� 222 The Real Threat of Malware on the Mac ��224 Script Malware Attacks ��226 Socially Engineered Malware ��226 Using Antivirus Software �� 227 Built Into Mac OS X ��227 Antivirus Software Woes ��228 McAfee VirusScan ��228 Norton AntiVirus ��228 ClamXav ��229 Sophos Anti-Virus ��236 Best Practices for Combating Malware ��236 Other Forms of Malware �� 237 Adware ��237 Spyware ��238 Root Kits ��239 Summary �� 242 ■■Chapter 9: Encrypting Files and Volumes �� 243 Using the Keychain to Secure Sensitive Data �� 244 Keychains ��244 Creating Secure Notes and Passwords ��247 Managing Multiple Keychains ��250 Using Disk Images as Encrypted Data Stores �� 253 Creating Encrypted Disk Images ��254 Interfacing with Disk Images from the Command Line ��260 Contents xiii

Encrypting User Data Using FileVault �� 266 Once FileVault Is Enabled ��269 The FileVault Master Password ��271 FileVault command Line �� 271 Check Point ��273 Symantec Endpoint Encryption ��273 WinMagic SecureDoc ��274 Summary �� 275 ■■Part III: Securing the Network �� 277 ■■Chapter 10: Securing Network Traffic �� 279 Understanding TCP/IP �� 279 Types of Networks �� 281 Peer-to-Peer ��282 Considerations When Configuring Peer-to-Peer Networks ��282 Client-Server Networks ��283 Understanding Routing �� 284 Packets ��284 Port Management �� 287 DMZs and Subnets �� 287 Spoofing �� 288 Stateful Packet Inspection �� 289 Data Packet Encryption �� 289 Understanding Switches and Hubs �� 290 Managed Switches ��291 Restricting Network Services �� 293 Security Through 802.1x �� 294 Proxy Servers �� 295 Squid ��296 Summary �� 298 xiv Contents

■■Chapter 11: Managing the Firewall �� 299 Introducing Network Services �� 300 Controlling Services �� 301 Configuring the Firewall �� 304 Working with the Firewall in OS X ��304 Setting Advanced Features �� 308 Blocking Incoming Connections ��308 Allowing Signed Software to Receive Incoming Connections ��309 Going Stealthy ��310 Testing the Firewall �� 310 Configuring the Application Layer Firewall from the Command Line �� 312 Using Mac OS X to Protect Other Computers �� 313 Enabling Internet Sharing ��313 Working from the Command Line �� 315 Getting More Granular Firewall Control ��315 Using pf with IceFloor ��317 Summary �� 321 ■■Chapter 12: Securing a Wireless Network �� 323 Wireless Network Essentials �� 324 Introducing the Apple AirPort �� 325 AirPort Utility ��326 Configuring the Current AirPorts ��326 Limiting the DHCP Scope ��333 Securing Computer-to-Computer Networks �� 334 Wireless Topologies �� 335 Wireless Hacking Tools �� 336 KisMAC ��336 Detecting Rogue Access Points ��338 iStumbler and Mac Stumbler ��339 Contents xv

Ettercap ��341 Network Utility ��341 NetSpot Pro ��341 Cracking WEP Keys �� 342 802.1x �� 342 General Safeguards Against Cracking Wireless Networks �� 343 Summary �� 344 ■■Part IV: Securely Sharing Resources �� 345 ■■Chapter 13: File Services �� 347 The Risks in File Sharing �� 347 Peer-to-Peer vs. Client-Server Environments �� 348 File Security Fundamentals �� 348 LKDC ��349 Using POSIX Permissions ��349 Getting More out of Permissions with Access Control Lists ��350 Sharing Protocols: Which One Is for You? �� 351 Apple Filing Protocol ��352 Setting Sharing Options ��353 Samba ��354 Using Apple AirPort to Share Files ��355 Third-Party Problem Solver: DAVE ��358 Permission Models �� 359 Summary �� 360 ■■Chapter 14: iCloud Security �� 361 The Apple ID �� 361 What an Apple ID Provides Access To ��362 Securing the Apple ID ��364 Suppress the iCloud Options at Startup �� 365 Disable Access to iCloud �� 365 xvi Contents

Secure iCloud On Macs �� 366 iCloud Drive ��368 Caching Server and iCloud ��370 Find My Mac ��370 Back to My Mac ��371 The Mac App Store ��372 Summary �� 373 ■■Chapter 15: Remote Connectivity �� 375 Remote Management Applications �� 376 Apple Remote Desktop ��376 Screen Sharing ��376 Implementing Back to My Mac ��379 Configuring Remote Management ��380 Using Secure Shell �� 383 Enabling SSH ��383 Further Securing SSH ��384 Using a VPN �� 385 Connecting to Your Office VPN ��385 Setting Up L2TP ��386 Setting Up PPTP ��386 Connecting to a Cisco VPN ��388 Summary �� 390 ■■Chapter 16: Server Security �� 391 Limiting Access to Services �� 391 The Root User �� 394 Foundations of a Directory Service �� 394 Defining LDAP ��395 Kerberos ��395 Configuring and Managing Open Directory �� 397 Securing Open Directory Accounts by Enabling Password Policies ��401 Securing LDAP by Preventing Anonymous Binding ��404 Contents xvii

Securely Binding Clients to Open Directory ��405 Further Securing LDAP: Implementing Custom LDAP ACLs ��408 Creating Open Directory Users and Groups ��409 Securing Kerberos from the Command Line ��413 Managed Preferences and Profiles ��414 Active Directory Integration ��417 Web Server Security in OS X Server �� 421 Using Realms ��422 SSL Certs on Web Servers ��423 File Sharing Security in OS X Server �� 424 A Word About File Size ��427 AFP ��427 Limiting Access to a Service �� 429 DNS Best Practices �� 430 SSL �� 431 Reimporting Certificates ��433 SSH �� 433 The serveradmin Command Line Interface �� 435 Messages Server �� 435 Securing the Mail Server �� 436 Limiting the Protocols on Your Server ��437 Summary �� 437 ■■Part V: Securing the Workplace �� 439 ■■Chapter 17: Network Scanning, Intrusion Detection, and Intrusion Prevention Tools �� 441 Scanning Techniques �� 441 Fingerprinting ��442 Enumeration ��444 Vulnerability and Port Scanning ��445 xviii Contents

Intrusion Detection and Prevention �� 448 Host-based Intrusion Detection System ��448 Network Intrusion Detection ��450 Security Auditing on the Mac �� 453 Nessus ��453 Metasploit ��457 Summary �� 457 ■■Chapter 18 Backup and Fault Tolerance �� 459 Time Machine �� 460 Restoring Files from Time Machine ��465 Using a Network Volume for Time Machine ��466 SuperDuper �� 467 Use CrashPlan To Back Up To The Cloud �� 468 Checking Your Backups ��482 Using Tape Libraries �� 483 Backup vs. Fault Tolerance �� 483 Fault-Tolerant Scenarios ��484 Round-Robin DNS ��484 Load-Balancing Devices ��485 Cold Sites ��485 Hot Sites ��486 Backing up Services �� 486 Summary �� 486 ■■Appendix A: InfoSec Acceptable Use Policy �� 487 1.0 Overview �� 487 2.0 Purpose �� 487 3.0 Scope �� 488 4.0 Policy �� 488 4.1 General Use and Ownership ��488 4.2 Security and Proprietary Information ��489 Contents xix

4.3 Unacceptable Use ��490 4.4 Blogging ��492 5.0 Enforcement �� 493 6.0 Definitions �� 493 Term Definition ��493 7.0 Revision History �� 493 ■■Appendix B: CDSA �� 495 ■■Appendix C: Introduction to Cryptography �� 497

Index �� 501

About the Authors

Charles S. Edge Jr. is a Product Manager at JAMF Software and the former CTO of 318, which at the time was the largest consultancy for Mac in the Entperprise. Charles maintains the Bushel blog at blog.bushel.com as well as a personal site at krypted.com. Charles is the author of a number of titles on Mac OS X Server and systems administration topics going back to OS X 10.3, including a number of titles from Apress for Mac OS X. He has spoken at a variety of conferences including DefCon, Black Hat, LinuxWorld, Macworld, MacSysAdmin, X World, ACES, the Penn State Mac Admins Conferene, and the Apple WorldWide Developers Conference. Charles is the developer of the SANS course on Mac OS X Security and coauthor of its best practices guide to securing Mac OS X as well. Charles now lives in Minneapolis, Minnesota, with his sweet little daughter, Emerald.

Daniel (Dan) O’Donnell has been working with computers since the pre-GUI days when he was an undergraduate physics student. He touched his first Macintosh keyboard in 1984 and bought his first computer, a Mac SE, in 1987. He began working as a Mac administrator for the American Film Institute and UCLA Film School, then as a Mac admin and server manager in broadcast television production for NBC, then as chief enterprise Mac administrator and eventually Corporate Information Systems Security Officer for the RAND Corporation, a world renowned think tank in Southern California. He has integrated OS X into Microsoft networks, and has configured Macs for US Government certifications in high security computing networks. He was the first person to introduce log aggregation with OS X into a high security government network environment. Dan has presented on various aspects of the OS X operating system at Macworld, Mac IT Conference, Splunk User Conference and other technical conferences since 2007. He is currently working on a project to incorporate another layer of security into OS X and other unix-like platforms.

xxi

About the Technical Reviewer

Jim Graham received a bachelor of science in electronics with a specialty in telecommunications from Texas A&M University in 1989. He was published in the International Communications Association’s 1988 issue of ICA Communique (“Fast Packet Switching: An Overview of Theory and Performance”). He has worked as an associate network engineer in the Network Design Group at Amoco Corporation in Chicago, Illinois; as a senior network engineer at Tybrin Corporation in Fort Walton Beach, Florida; and as an intelligence systems analyst at both 16th Special Operations Wing Intelligence and HQ US Air Force Special Operations Command Intelligence at Hurlburt Field, Florida. He received a formal letter of commendation from the 16th Special Operations Wing Intelligence in 2001.

xxiii

Acknowledgments

I'd like to first and foremost thank the Mac InfoSec community. This includes everyone from the people that design the black box to the people that dissect it and the people that help others learn how to dissect it. We truly stand on the shoulders of giants. Of those at Apple that need to be thanked specifically: Schoun Regan, Joel Rennich, Greg Smith, JD Mankovsky, Drew Tucker, Stale Bjorndal, Cawan Starks, Eric Senf, Jennifer Jones, and everyone on the development team. And of course the one and only Josh “old school game console ninja who has massive dogs” Wisenbaker! Outside of Apple, thanks to Arek Dreyer and the other Peachpit authors for paving the way to build another series of Mac systems administration books by producing such quality. And a special thanks to the late Michael Bartosh for being such an inspiration to us all to strive to understand what is going on under the hood. The crew at 31JAMF Software also deserves a lot of credit. It's their hard work that gave me the time to complete yet another book! And finally, a special thanks to Apress for letting us continue to write books for them. They fine-tune the dribble I provide into a well-oiled machine of mature prose. And I’ll just include my co-author in the Apress family: Dan, thanks for the countless hours to make the deadlines and looking forward to the next round! —Charles Edge

xxv

Introduction

A common misconception in the Mac community is that the Mac is more secure than any other operating system on the market. Although this might be true in most side-by-side analyses of security features right out of the box, what this isn’t taking into account is that security tends to get overlooked once the machine starts to be configured for its true purposes. For example, when sharing is enabled or remote control applications are installed, a variety of security threats are often established—no matter what the platform is. In the security sector, the principle of least privilege is a philosophy that security professionals abide by when determining security policies. This principle states that if you want to be secure, you need to give every component of your network the absolute minimum permissions required to do its job. But what are those permissions? What are the factors that need to be determined when making that decision? No two networks are the same; therefore, it’s certainly not a decision that can be made for you. It’s something you will need to decide for yourself based on what kinds of policies are implemented to deal with information technology security.

Security Beginnings: Policies Security in a larger organization starts with a security policy. When looking to develop security policies, it is important that the higher-level decision makers in the organization work hand in hand with the IT team to develop their policies and security policy frameworks. A security policy, at a minimum, should define the tools used on a network for security, the appropriate behavior of employees and network users, the procedures for dealing with incidents, and the trust levels within the network. The reason policies become such an integral part of establishing security in a larger environment is that you must be secure but also be practical about how you approach security in an organization. Security can be an impediment to productivity, both for support and for nonsupport personnel. People may have different views about levels of security and how to enforce them. A comprehensive security policy makes sure everyone is on the same page and that the cost vs. protection paradigm that IT departments follow are in line with the business logic of the organization.

xxvii xxviii Introduction

On small networks, such as your network at home, you may have a loose security policy that states you will occasionally run security updates and follow a few of the safeguards outlined in this book. The smaller a network environment, the less likely security is going to be taken seriously. However, for larger environments with much more valuable data to protect, the concern for security should not be so flippant. For example, the Health Insurance Portability and Accountability Act (HIPAA) authorizes criminal penalties of up to $250,000 and/or 10 years imprisonment per violation of security standards for patient health information. The Gramm-Leach-Bliley Act establishes financial institution standards for safeguarding customer information and imposes penalties of up to $100,000 per violation. Everyone in an organization should be concerned about security policies, because everyone is affected to some extent. Users are often affected the most, because policies often consist of a set of rules that regulate their behavior, sometimes making it more difficult for them to accomplish their tasks throughout their day. The IT staff should also be consulted and brought into the decision-making process since they will be required to implement and comply with these policies, while making sure that the policies are realistic given the budget available. In addition, you must notify people in advance of the development of the policy. You should contact members of the IT, management, and legal departments as well as a random sampling of users in your environment. The size of your policy development will be determined by the scope of the policy and the size of your organization. Larger, more comprehensive policies may require many people to be involved in the policy development. Smaller policies may require participation by only one or two people within the organization. As an example, a restrictive policy that requires all wireless users to use a RADIUS server would incur IT costs not only from the initial install but also with the installs and configurations necessary to set up the RADIUS clients on each of the workstations. A more secure RADIUS server would also cause additional labor over other less secure protocols such as WEP. You also need to consider IT budgeting and staffing downtime. When developing your actual policy, keep the scope limited to what is technically enforceable and easy to understand, while protecting the productivity of your users. Policies should also contain the reasons a policy is needed and cover the contacts and responsibilities of each user. When writing your policy, discuss how policy violations will be handled and why each item in the policy is required. Allow for changes in the policies as things evolve in the organization. Keep the culture of your organization in mind when writing your security policy. Overly restrictive policies may cause users to be more likely to ignore them. Staff and management alike must commit to the policies. You can often find examples of acceptable use policies in prepackaged policies on the Internet and then customize them to fulfill your organization’s needs.

A Word About Network Images Whether you are a home user or a corporate network administrator, the overall security policy of your network will definitely be broken down into how your computers will be set up on the network. For smaller environments, this means setting up your pilot system exactly the way you want it and then making an image of the setup. If anything were to happen to a machine on your network (intrusion or virus activity, for example), you wouldn’t need to redo everything from scratch. If you’re in a larger, more corporate environment, then you’ll create Introduction xxix

an image and deploy it to hundreds or thousands of systems using DeployStudio, NetInstall, Casper Suite, FileWave, or a variety of other tools with which you may or may not have experience.

Risk Management By the end of this book, we hope you will realize that if a computer is plugged into a network, it cannot be absolutely guaranteed secure. In a networked world, it is not likely that you will be able to remove all of the possible threats from any networked computing environment. To compile an appropriate risk strategy, you must first understand the risks applicable in your specific environment. Risk management involves making decisions about whether assessed risks are sufficient enough to present a concern and the appropriate means for controlling a significant risk to your environment. From there, it is important to evaluate and select alternative responses to these risks. The selection process requires you to consider the severity of the threat. For example, a home user would likely not be concerned with security threats and bugs available for the Open Directory services of OS X Server and Profile Manager. However, in larger environments running Open Directory, it would be important to consider these risks. Risk management not only involves external security threats but also includes fault tolerance and backup. Accidentally deleting files from systems is a common and real threat to a networked environment. For larger environments with a multitude of systems requiring risk management, a risk management framework may be needed. The risk management framework is a description of streams of accountability and reporting that will support the risk management process for the overall environment, extending beyond information technology assets and into other areas of the organization. If you are managing various systems for a large organization, it is likely there is a risk management framework and that the architecture and computer policies you implement are in accordance with the framework. All too often, when looking at examples of risk management policies that have been implemented in enterprise environments, many Mac administrators will cite specific items in the policies as “not pertaining” to their environment. This is typically not the case, because best practices are best practices. There is a reason that organizations practice good security, and as the popularity of Mac based network environments grows, it is important that administrators learn from others who have managed these enterprise-class environments. As mentioned earlier, managing IT risk is a key component of governmental regulations. Organizations that fall under the requirements of Sarbanes-Oxley, HIPPA, or the Gramm- Leach-Bliley Act need to remain in compliance or risk large fines and/or imprisonment. Auditing for compliance should be performed on a regular basis, with compliance documentation ready and available to auditors. Defining what is an acceptable risk is not something that we, the authors of this book, can decide. Many factors determine what is an acceptable risk. It is really up to you, the network administrator, to be informed about what those risks are so that you can make an informed decision. We will discuss options and settings for building out secure systems and a secure networked environment for your system. However, many of the settings we encourage you to use might impact your network or system in ways that are not acceptable to your xxx Introduction

workflow. When this happens, a choice must be made between usability and performance. Stay as close to the principle of least privilege as much as possible, keeping in mind that you still need to be able to do your job.

How This Book Is Organized The first goal of this book is to help you build a secure image, be it at home or in the office, and then secure the environment in which the image will be used. This will involve the various options with various security ramifications, but it will also involve the network, the sharing aspects of the system, servers, and finally, if something drastic were to happen, the forensic analysis that would need to occur. Another goal of this book is to provide you with the things to tell users not to do. Adding items to enforce your policy and security measures will help you make your network, Mac, or server like a castle, with various levels of security, developed in a thoughtful manner. To help with this tiered approach, we’ve broken the book down into five parts.

Part 1: The Big Picture First, an introduction to the world of security on the Mac comprises Part 1: Chapter 1, “Security Quick-Start”: If you have time to read only one chapter, this is the chapter for you. In this chapter, we cover using the GUI tools provided by Apple to provide a more secure environment and the best practices for deploying them. We give recommendations and explain how to use these various features and when they should be used. We also outline the risks and strategies in many of their deployments. Chapter 2, “Services, Daemons and Processes”: In this chapter, we look at the processes that run on your computer. We look at the ownership, what starts processes and what stops them. This is one of the most integral aspects of securing a system and so we decided to look at it early in the book. Chapter 3, “Securing User Accounts”: Mac OS X is a multiuser operating system. One of the most important security measures is to understand the accounts on your system and when you are escalating privileges for accounts. This chapter explains how to properly secure these users and groups. Chapter 4, “Permissions: POSIX and ACLs”: Once you have secured your user accounts, you’ll want to secure what resources each has access to. This starts with the files and folders that they can access, which we cover in Chapter 4. Chapter 5, “Reviewing Logs and Monitoring”: What good are logs if they aren’t reviewed? In this chapter, we discuss what logs should be reviewed and what is stored in each file. We then move on to various monitoring techniques and applications and the most secure ways to deploy them in typical environments. Introduction xxxi

Part 2: Securing the Ecosystem Part 2 gets down to some of the essential elements of security on a Mac: Chapter 6, “Application Security: Signing and Sandbox”: Apple has built a number of sophisticated security controls into Mac OS X. These give you the ability to control exactly which resources applications have access to. By controlling resource accessibility you can limit the damage that can be done by a rogue application or process. Chapter 7, “The Internet: Web Browsers and E-mail”: Safari, Firefox, Internet Explorer, Mail. app, and Entourage—with all these programs to manage, how do you lock them all down appropriately? In this chapter, we discuss cookies, Internet history, and browser preferences and when you should customize these settings. We also give some tips for third-party solutions for protecting your privacy. In addition, this chapter provides readers with best security practices for the mail clients that they likely spend much of their time using. Chapter 8, “Malware Protection”: Viruses, spyware, and root kits are at the top of the list of security concerns for Windows users. However, Mac users are not immune. In this chapter, we go into the various methods that can be used to protect Mac systems against these and other forms of malware. Chapter 9, “Encrypting Files and Volumes”: Permissions can do a good job in protecting access to files unless you have a system that has dubious physical security. An additional layer of security that you can take on top of permissions is to encrypt data. In Chapter 9 we look at encrypting the files, folders and even the boot volume of OS X.

Part 3: Securing the Network Part 3 describes how you secure a Mac network: Chapter 10, “Securing Network Traffic”: As useful as securing the operating system is, securing the network backbone is a large component of the overall security picture. In this chapter, we explore some of the techniques and concepts behind securing the network infrastructure. This includes the common switches, hubs, and firewalls used in Mac environments and the features you may have noticed but never thought to tinker with. We also cover how to stop some of the annoying issues that pop up on networks because of unauthorized (and often accidental) user behavior. Chapter 11, “Firewalls: IPFW and ALF”: The firewall option in OS X is just a collection of check boxes. Or is it? We discuss using and securing the OS X software firewall, and we go into further detail on configuring this option from the command line. We also discuss some of the other commands that, rather than block traffic, allow an administrator to actually shape the traffic, implementing rules for how traffic is handled, and mitigate the effects that DoS attacks can have on the operating system. Chapter 12, “Wireless Network Security”: Wireless networking is perhaps one of the most insecure things that users tend to implement themselves. In this chapter, we cover securing wireless networks, and then, to emphasize how critical wireless security is (and how easy it is to subvert it if done improperly), we move on to some of the methods used to exploit wireless networks. xxxii Introduction

Part 4: Securely Sharing Resources One of the biggest threats to your system is sharing resources. But it doesn’t have to be. Part 4 covers the most common resources shared out from a Mac OS X computer, including the following: Chapter 13, “File Services: AFP, SMB, and FTP”: What is a permission model, and why do you need to know what it is, when all you want to do is allow people access to some of the files on my computer? Knowing the strategies involved in assigning file permissions is one of the most intrinsic security aspects of a shared storage environment. It is also important to understand the specific security risks and how to mitigate them for each protocol used, including AFP, FTP, and SMB, which are all covered in this chapter. Chapter 14, “Web Security: Apache”: Apache is quite possibly the most common web server running on the *nix platform. Entire books are dedicated to explaining how to lock down this critical service. In this chapter, we focus on the most important ways to lock down the service and some Apple-centric items of Apache not usually found in discussions about Apache on the *nix platform. We also provide you with other resources to look to if you require further security for your web server. Chapter 15, “Securely Controlling a Mac”: One of the most dangerous aspects of administration is the exposure of the very tools you use to access systems remotely. Many of these programs do not always need to be running and can be further secured from their default settings. In this chapter, we cover many of the methods for protecting these services and some of the ways that vendors should change their default settings to make them more secure. We also cover some of the ways you can secure these tools, and we help administrators make choices about how to best implement remote administration utilities to counteract these shortcomings. Chapter 16, “Basic OS X Server Security”: Mac OS X Server is very much like Mac OS X Client, without many of the bells and whistles and with a more optimized system for sharing resources. This is true with many server-based operating systems. Because a OS X server fills a different role in a networked environment, it should be treated differently from OS X. For this reason, we cover many of the security options that are available as well as those that are crucial to securing OS X Server. We also cover many of the security options from OS X that should specifically not be used in OS X Server. Included with server security is directory services, which are critical to expanding technology infrastructures. By interconnecting all the hosts of a network, you are able to better control the settings and accounts on systems. In this chapter, we also focus on the ways to securely deploy OS X clients to various directory services and point out the items to ask for (if you are in a larger network infrastructure) or to set up in order to help make the directory service environment as secure as possible. Introduction xxxiii

Part 5: Securing the Workplace How secure is your work environment’s network? This part explores security as it pertains to environments with multiple Mac computers connected on a network: Chapter 17, “Network Scanning, Intrusion Detection, and Intrusion Prevention Tools”: Host-based intrusion detection systems (IDS) are quickly becoming a standard for offering signature-based and anomaly-based detection of attacks. Some of these tools allow for augmenting the operating system settings to further secure the hosts on which they run. In this chapter, we provide a best practices discussion for deploying and using IDSs. We also cover the various attacks that have been developed over the past few years against IDS systems and explore add-ons for IDSs that provide rich aggregated data about the systems. Chapter 18, “Backup and Fault Tolerance”: If you don’t have a backup plan now, then you will after you read this chapter. Backups are the last line of defense in a security environment. Backups are critical and should be provided in tiers. In this chapter, we describe some of the strategies for going about implementing a backup plan, from choosing the right software package to properly implementing it. We also cover some of the more common techniques for providing fault-tolerant services and the security risks that can be introduced by doing so.