DOCSLIB.ORG

Draft SP 800-179 Rev. 1

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

1 DRAFT NIST Special Publication 800-179 2 Revision 1 3 Guide to Securing macOS 10.12 4 Systems for IT Professionals 5 A NIST Security Configuration Checklist 6 7 8 9 Lee Badger 10 Murugiah Souppaya 11 Mark Trapnell 12 Eric Trapnell 13 Dylan Yaga 14 Karen Scarfone 15 16 17 18 C O M P U T E R S E C U R I T Y 19 20 21 DRAFT NIST Special Publication 800-179 22 Revision 1 23 24 Guide to Securing macOS 10.12 25 Systems for IT Professionals 26 A NIST Security Configuration Checklist 27 28 Lee Badger 29 Murugiah Souppaya 30 Mark Trapnell 31 Eric Trapnell 32 Dylan Yaga 33 Computer Security Division 34 Information Technology Laboratory 35 36 Karen Scarfone 37 Scarfone Cybersecurity 38 Clifton, VA 39 40 41 42 43 44 October 2018 45 46 47 48 49 U.S. Department of Commerce 50 Wilbur L. Ross, Jr., Secretary 51 52 National Institute of Standards and Technology 53 Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology NIST SP 800-179 REV. 1 (DRAFT) SECURING MACOS 10.12 SYSTEMS: NIST SECURITY CONFIGURATION CHECKLIST 54 Authority 55 This publication has been developed by NIST in accordance with its statutory responsibilities under the 56 Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law 57 (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, 58 including minimum requirements for federal information systems, but such standards and guidelines shall 59 not apply to national security systems without the express approval of appropriate federal officials 60 exercising policy authority over such systems. This guideline is consistent with the requirements of the 61 Office of Management and Budget (OMB) Circular A-130. 62 Nothing in this publication should be taken to contradict the standards and guidelines made mandatory 63 and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should 64 these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of 65 Commerce, Director of the OMB, or any other federal official. This publication may be used by 66 nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States. 67 Attribution would, however, be appreciated by NIST. 68 National Institute of Standards and Technology Special Publication 800-179 Revision 1 69 Natl. Inst. Stand. Technol. Spec. Publ. 800-179 Rev. 1, 130 pages (October 2018) 70 CODEN: NSPUE2 71 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 72 experimental procedure or concept adequately. Such identification is not intended to imply recommendation or 73 endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best 74 available for the purpose. 75 There may be references in this publication to other publications currently under development by NIST in 76 accordance with its assigned statutory responsibilities. The information in this publication, including concepts and 77 methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, 78 until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain 79 operative. For planning and transition purposes, federal agencies may wish to closely follow the development of 80 these new publications by NIST. 81 Organizations are encouraged to review all draft publications during public comment periods and provide feedback 82 to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at 83 https://csrc.nist.gov/publications. 84 85 Public comment period: October 19, 2018 through November 16, 2018 86 National Institute of Standards and Technology 87 Attn: Computer Security Division, Information Technology Laboratory 88 100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930 89 Email: [email protected] 90 All comments are subject to release under the Freedom of Information Act (FOIA). 91 i NIST SP 800-179 REV. 1 (DRAFT) SECURING MACOS 10.12 SYSTEMS: NIST SECURITY CONFIGURATION CHECKLIST 92 Reports on Computer Systems Technology 93 The Information Technology Laboratory (ITL) at the National Institute of Standards and 94 Technology (NIST) promotes the U.S. economy and public welfare by providing technical 95 leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test 96 methods, reference data, proof of concept implementations, and technical analyses to advance 97 the development and productive use of information technology. ITL’s responsibilities include the 98 development of management, administrative, technical, and physical standards and guidelines for 99 the cost-effective security and privacy of other than national security-related information in 100 federal information systems. The Special Publication 800-series reports on ITL’s research, 101 guidelines, and outreach efforts in information system security, and its collaborative activities 102 with industry, government, and academic organizations. 103 104 Abstract 105 This publication assists IT professionals in securing Apple macOS 10.12 desktop and laptop 106 systems within various environments. It provides detailed information about the security features 107 of macOS 10.12 and security configuration guidelines. The publication recommends and 108 explains tested, secure settings with the objective of simplifying the administrative burden of 109 improving the security of macOS 10.12 systems in three types of environments: Standalone, 110 Managed, and Specialized Security-Limited Functionality. 111 112 Keywords 113 Apple OS X; checklist; endpoint device security; hardening guide; host security; macOS; mobile 114 device security; operating system security; secure configuration. ii NIST SP 800-179 REV. 1 (DRAFT) SECURING MACOS 10.12 SYSTEMS: NIST SECURITY CONFIGURATION CHECKLIST 115 116 Supplemental Content 117 For additional documents that support this publication, see: 118 https://github.com/usnistgov/applesec. 119 120 Trademark Information 121 All registered trademarks or trademarks belong to their respective organizations. iii NIST SP 800-179 REV. 1 (DRAFT) SECURING MACOS 10.12 SYSTEMS: NIST SECURITY CONFIGURATION CHECKLIST 122 Table of Contents 123 Executive Summary ..................................................................................................... ix 124 Changes in SP 800-179 Revision 1 ............................................................................ xii 125 1. Introduction ............................................................................................................ 1 126 1.1 Purpose and Scope ........................................................................................ 1 127 1.2 Audience ......................................................................................................... 1 128 1.3 Document Structure ........................................................................................ 1 129 2. macOS Security Guide Development ................................................................... 3 130 2.1 macOS System Roles and Requirements ....................................................... 3 131 2.2 Security Categorization of Information and Information Systems ................... 4 132 2.3 Threats to macOS Technologies..................................................................... 6 133 2.3.1 Local Threats ........................................................................................ 6 134 2.3.2 Remote Threats .................................................................................... 9 135 2.4 macOS Environments ................................................................................... 12 136 2.4.1 Standalone ......................................................................................... 13 137 2.4.2 Managed ............................................................................................ 13 138 2.4.3 Specialized Security-Limited Functionality (SSLF) ............................. 14 139 2.5 Security Controls Documentation.................................................................. 15 140 2.6 Implementation and Testing of Security Controls ......................................... 16 141 2.7 Monitoring and Maintenance ......................................................................... 16 142 2.8 Summary of Recommendations .................................................................... 17 143 3. macOS Security Components Overview ............................................................ 19 144 3.1 System Integrity Protection ........................................................................... 19 145 3.2 Gatekeeper ................................................................................................... 19 146 3.3 Software Updates ......................................................................................... 19 147 3.4 Privacy Settings ............................................................................................ 19 148 3.5 Credential Management ................................................................................ 20 149 3.6 Host-Based Firewalls .................................................................................... 20 150 3.7 Storage Encryption ....................................................................................... 21 151
Recommended publications
  • IT Essentialsv6.0 Macos Software Labs

    IT Essentialsv6.0 Macos Software Labs

    IT Essentials v6.0 macOS Software Labs 10.1.1.1 Setup and Configure macOS ............................................................. 1 10.1.1.2 About This Mac .................................................................................... 20 10.1.1.3 Basic System Preferences in macOS ............................................ 25 10.1.1.4 Install Software in macOS ............................................................. 45 10.1.1.5 Common System Utilities in macOS .................................................... 52 10.1.1.6 Task Scheduler in macOS ....................................................... 60 10.1.1.7 Terminal Commands in macOS .......................................................... 65 10.4.1.1 Lab – Setup and Configure macOS Introduction In this lab, you will setup macOS 10.12 Sierra in VMware Player on Windows Recommended Equipment • VMware Player 12.5 or higher • macOS VMware Image file System requirements • 2GB of Memory (minimum) 4GB or higher (recommended) • Number of Processors: 2 (minimum) 4 (recommended) • Graphics memory: 256 MB Part 1: Prepare for installation Step 1: Install VMware Workstation on Your PC a. Download and install VMware player 12.5 or higher to your Windows PC. b. Extract macOS Sierra VMware Image File c. Download the macOS VMware Image file. d. Once you have downloaded the macOS VMware Image file, then you must extract it using WinZip, WinRAR, 7zip, or Windows Expand. Save it to the Virtual Machines folder or ask your instructor for help with the location. This file contains a macOS 10.12 Sierra folder, unlock208 folder, VM Tools.iso, and instructions. Step 2: Install Mac Patch Tool for VMware a. Open the unlocker208 folder. b. Right click win-install.cmd and Run as Administrator. © 2017 All rights reserved. This document is Public. Page 1 of 19 1 of 83 Lab – Setup and Configure macOS Step 3: Open a Virtual Machine a.
  • Learn Yosemite OS X from PCM's Apple Experts

    Learn Yosemite OS X from PCM's Apple Experts

    Learn Yosemite OS X from PCM’s Apple Experts Yosemite 101: OS X Support Essentials Give PCM the opportunity to train your team to support users of Apple’s Mac OS X Yosemite. Our Apple certified trainers are ready to come to your location and provide PCM’s Apple certified trainers will teach your team Yosemite OS X fundamentals and how to be efficient with you with invaluable Yosemite tools and resources. hands-on instruction. OS X Yosemite Support Essentials is a three-day, Who Should Attend hands-on course that provides an in-depth explo- • Help desk specialists, technical coordinators, ration of troubleshooting on Mac OS X v10.10 Yo- service technicians, and others who support semite. This course is designed to give you a tour Mac users. of the breadth of functionality of Mac OS X v10.10 • Technical support personnel in businesses that Yosemite and the best methods for effectively use Macs. supporting users of Mac OS X v10.10 Yosemite • Technical coordinators or power users who systems. The course is a combination of lectures manage networks of computers running and hands-on case study exercises that provide Mac OS X — such as teachers and technology practical real-world experience. specialists who manage networks or computer labs. At your location For a class at your location, PCM will provide an What You Will Learn Apple Certified Trainer, all the student materials, • The troubleshooting process and how to and an exam voucher for each attendee (up to become more efficient with available tools 6 students included in price).
  • Dropdmg 3.6.2 Manual

    Dropdmg 3.6.2 Manual

    DropDMG 3.6.2 Manual C-Command Software c-command.com February 16, 2021 Contents 1 Introduction 4 1.1 Feature List..............................................4 2 Installing and Updating 6 2.1 Requirements.............................................6 2.2 Installing DropDMG.........................................7 2.3 Updating From a Previous Version.................................7 2.4 Reinstalling a Fresh Copy......................................8 2.5 Uninstalling DropDMG.......................................9 2.6 Security & Privacy Access......................................9 3 Using DropDMG 13 3.1 Basics................................................. 13 3.2 Making a Bootable Device Image of a Hard Drive......................... 14 3.3 Backing Up Your Files to CD/DVD................................ 16 3.4 Burning Backups of CDs/DVDs................................... 17 3.5 Restoring Files and Disks...................................... 18 3.6 Making Images With Background Pictures............................. 19 3.7 Protecting Your Files With Encryption............................... 20 3.8 Transferring Files Securely...................................... 21 3.9 Sharing Licenses and Layouts.................................... 21 3.10 Splitting a File or Folder Into Pieces................................ 22 3.11 Creating a DropDMG Quick Action................................ 22 4 Menus 23 4.1 The DropDMG Menu........................................ 23 4.1.1 About DropDMG...................................... 23 4.1.2 Software
  • Tinkertool System 7 Reference Manual Ii

    Tinkertool System 7 Reference Manual Ii

    Documentation 0642-1075/2 TinkerTool System 7 Reference Manual ii Version 7.5, August 24, 2021. US-English edition. MBS Documentation 0642-1075/2 © Copyright 2003 – 2021 by Marcel Bresink Software-Systeme Marcel Bresink Software-Systeme Ringstr. 21 56630 Kretz Germany All rights reserved. No part of this publication may be redistributed, translated in other languages, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written permission of the publisher. This publication may contain examples of data used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. The publisher may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Make sure that you are using the correct edition of the publication for the level of the product. The version number can be found at the top of this page. Apple, macOS, iCloud, and FireWire are registered trademarks of Apple Inc. Intel is a registered trademark of Intel Corporation. UNIX is a registered trademark of The Open Group. Broadcom is a registered trademark of Broadcom, Inc. Amazon Web Services is a registered trademark of Amazon.com, Inc.
  • Everything You Need to Know About Apple File System for Macos

    Everything You Need to Know About Apple File System for Macos

    WHITE PAPER Everything you need to know about Apple File System for macOS Picture it: the ship date for macOS High Sierra has arrived. Sweat drips down your face; your hands shake as you push “upgrade.” How did I get here? What will happen to my policies? Is imaging dead? Fear not, because the move from HFS+ (the current Mac file system) to Apple File System (APFS) with macOS High Sierra is a good thing. And, with this handy guide, you’ll have everything you need to prepare your environment. In short, don’t fear APFS. To see how Jamf Pro can facilitate seamless macOS High Sierra upgrades in your environment, visit: www.jamf.com • After upgrading to macOS High Sierra, end users will Wait, how did we get here? likely see less total space consumed on a volume due to new cloning options. Bonus: End users can store HFS, and the little known MFS, were introduced in 1984 up to nine quintillion files on a single volume. with the original Macintosh. Fast forward 13 years, and • APFS provides us with a new feature called HFS+ served as a major file system upgrade for the Mac. snapshots. Snapshots make backups work more In fact, it was such a robust file system that it’s been the efficiently and offer a new way to revert changes primary file system on Apple devices. That is all about to back to a given point in time. As snapshots evolve change with APFS. and APIs become available, third-party vendors will Nineteen years after HFS+ was rolled out, Apple be able to build new workflows using this feature.
  • Grapher 12 Quick Start Guide

    Grapher 12 Quick Start Guide

    GrapherTM Registration Information Your Grapher serial number is located on the CD cover or in the email download instructions, depending on how you purchased Grapher. Register your Grapher serial number online at www.GoldenSoftware.com. This information will not be redistributed. Registration entitles you to free technical support, free minor updates, and upgrade pricing on future Grapher releases. The serial number is required when you run Grapher the first time, contact technical support, or purchase Grapher upgrades. For future reference, write your serial number on the line below. _________________________________ GrapherTM Quick Start Guide The Ultimate Technical Graphing Package Golden Software, LLC 809 14th Street, Golden, Colorado 80401-1866, U.S.A. Phone: 303-279-1021 Fax: 303-279-0909 www.GoldenSoftware.com COPYRIGHT NOTICE Copyright Golden Software, LLC 2016 The GrapherTM program is furnished under a license agreement. The Grapher software and quick start guide may be used or copied only in accordance with the terms of the agreement. It is against the law to copy the software or quick start guide on any medium except as specifically allowed in the license agreement. Contents are subject to change without notice. Grapher is a registered trademark of Golden Software, LLC. All other trademarks are the property of their respective owners. March 2016 Quick Start Guide Table of Contents Introduction to Grapher ......................................................................................1 System Requirements ........................................................................................2
  • Software List (1-3-2017)

    Software List (1-3-2017)

    Software List (1-3-2017) Information Commons BU 104 LLCD Adobe Flash Academic online JVC Pro HD Manager Chrome Acrobat Adobe Reader DC Adobe Photoshop CS6 Adobe Itunes Adobe Reader XI Comprehensive Medical Terminology Maple 16 Drive M:\ Glencoe Keyboarding Microsoft Office 2016 Firefox Itunes Microsoft Publisher Irwin/GDP Keyboarding Kurzeil 3000 MS visual studio 2015 Itunes Microsoft Office Suite 2007 Quicktime Kurzweil 3000 v.12 Quick time SPSS for Windows Maple 16 Skills bank real player Microsoft Office 2016 Vista 3-Scanners MS platform installer Windows 7 & 10 Microsoft Visio 2016 Wellington Center sharepoint MS SQL Internet Explorer XPS viewer MS Visual Studio 2015 ITunes Express for desktop Quicken deluxe 2014 McAfee Express for Web VLC Media Player Quicktime MS silverlight Windows 10 " " Media Player Statdisk Scanner Mozilla Firefox Skype 2016 MS silverlight Adobe Reader XI windows dvd maker wolfram cdf player Windows 8 Onedrive Filezilla Microsoft Office Suite 2013 notepad++ Gimp 2 Maple 16 respounds/lockdown opera mobile emulator Statdisk 3D builder VM ware/ vsphere Wolfram CDF Player MS Azure wire shark VLC Media Player cisco packet tracker MACS Software (Information Commons) 3D builder Brunswick Front Desk Computers java development kit Windows 7 System project 2016 Adobe 9 Developer notepad++ Apple Itunes Utilities IBM Iseries access for windows Time Machine Intel Management and Security TextEdit UC 222 Iseries navigator System Preferences Acrobat Reader XI Malware Bytes Anti Malware Stickies Adult Clinical Simulation Mcaffe
  • Best Practices for Integrating OS X with Active Directory

    Best Practices for Integrating OS X with Active Directory

    Apple Technical White Paper Best Practices for Integrating OS X with Active Directory OS X Mountain Lion v10.8 Contents Introduction ........................................................................................................................3 How to Integrate OS X with Active Directory .......................................................4 Enterprise Integration Challenges .............................................................................7 Deployment Strategies ..................................................................................................9 Home Directories ..............................................................................................................10 Conclusion ...........................................................................................................................11 Appendix A: More Information ....................................................................................12 Appendix B: Third-Party Add-on Solutions ............................................................13 2 Apple Technical White Paper Best Practices for Integrating OS X with Active Directory Introduction Apple’s support for Active Directory within OS X enables Mac clients and servers to integrate smoothly into existing Active Directory environments, and provides the option of deploying a single, directory services infrastructure that can support both Mac and Windows clients. Apple’s Built-in Solution Large organizations have a need to manage user identities and access across a variety
  • Security Analysis and Decryption of Lion Full Disk Encryption

    Security Analysis and Decryption of Lion Full Disk Encryption

    Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption Omar Choudary Felix Grobert¨ ∗ Joachim Metz ∗ University of Cambridge [email protected] [email protected] [email protected] Abstract 1 Introduction Since the launch of Mac OS X 10.7, also known as Lion, With the launch of Mac OS X 10.7 (Lion), Apple has Apple includes a volume encryption software named introduced a volume encryption mechanism known as FileVault 2 [8] in their operating system. While the pre- FileVault 2. Apple only disclosed marketing aspects of vious version of FileVault (introduced with Mac OS X the closed-source software, e.g. its use of the AES-XTS 10.3) only encrypted the home folder, FileVault 2 can en- tweakable encryption, but a publicly available security crypt the entire volume containing the operating system evaluation and detailed description was unavailable until (this is commonly referred to as full disk encryption). now. This has two major implications: first, there is now a new functional layer between the encrypted volume and We have performed an extensive analysis of the original file system (typically a version of HFS Plus). FileVault 2 and we have been able to find all the This new functional layer is actually a full volume man- algorithms and parameters needed to successfully read ager which Apple called CoreStorage [10] Although this an encrypted volume. This allows us to perform forensic full volume manager could be used for more than volume investigations on encrypted volumes using our own encryption (e.g. mirroring, snapshots or online storage tools.
  • How to Disable Gatekeeper and Allow Apps from Anywhere in Macos Sierra

    How to Disable Gatekeeper and Allow Apps from Anywhere in Macos Sierra

    How to Disable Gatekeeper and Allow Apps From Anywhere in macOS Sierra Gatekeeper, first introduced in OS X Mountain Lion, is a Mac security feature which prevents the user from launching potentially harmful applications. In macOS Sierra, however, Apple made some important changes to Gatekeeper that seemingly limit the choices of power users. But don’t worry, Gatekeeper can still be disabled in Sierra. Here’s how. Stand out at the party or promote your business with colorful powder coated and custom engraved Yeti tumblers from Perfect Etch. Traditionally, Gatekeeper offered three settings of increasing security: anywhere, App Store and identified developers, and App Store only. The first choice, as its name describes, allowed users to launch applications from any source, effectively disabling the Gatekeeper feature. The second choice allowed users to run apps from the Mac App Store as well as from software developers who have registered with Apple and securely sign their applications. Finally, the most secure setting limited users to running apps obtained from the Mac App Store only. While the secure options were good ideas for less experienced Mac users, power users found Gatekeeper to be too limiting and typically sought to disable it by setting it to “Anywhere.” In macOS Sierra, however, the “Anywhere” option is gone, leaving “App Store” and “App Store and identified developers” as the only two options. Disable Gatekeeper in macOS Sierra The Gatekeeper settings can be found in System Preferences > Security & Privacy > General. The Gatekeeper options are located beneath “All apps downloaded from:” with the choice of “Anywhere” missing. Thankfully, the “Anywhere” setting can be restored to Gatekeeper in Sierra with a Terminal command.
  • Open Directory Administration for Version 10.5 Leopard Second Edition

    Open Directory Administration for Version 10.5 Leopard Second Edition

    Mac OS X Server Open Directory Administration For Version 10.5 Leopard Second Edition Apple Inc. © 2008 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to make sure that the information in this manual is correct. Apple Inc., is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino CA 95014-2084 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, iCal, iChat, Leopard, Mac, Macintosh, QuickTime, Xgrid, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. Finder is a trademark of Apple Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. UNIX is a registered trademark of The Open Group. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products.
  • The Apple Ecosystem

    The Apple Ecosystem

    APPENDIX A The Apple Ecosystem There are a lot of applications used to manage Apple devices in one way or another. Additionally, here’s a list of tools, sorted alphabetically per category in order to remain vendor agnostic. Antivirus Solutions for scanning Macs for viruses and other malware. • AVG: Basic antivirus and spyware detection and remediation. • Avast: Centralized antivirus with a cloud console for tracking incidents and device status. • Avira: Antivirus and a browser extension. Avira Connect allows you to view device status online. • BitDefender: Antivirus and malware managed from a central console. • CarbonBlack: Antivirus and Application Control. • Cylance: Ransomware, advanced threats, fileless malware, and malicious documents in addition to standard antivirus. • Kaspersky: Antivirus with a centralized cloud dashboard to track device status. © Charles Edge and Rich Trouton 2020 707 C. Edge and R. Trouton, Apple Device Management, https://doi.org/10.1007/978-1-4842-5388-5 APPENDIX A THe AppLe ECOSYSteM • Malware Bytes: Antivirus and malware managed from a central console. • McAfee Endpoint Security: Antivirus and advanced threat management with a centralized server to track devices. • Sophos: Antivirus and malware managed from a central console. • Symantec Mobile Device Management: Antivirus and malware managed from a central console. • Trend Micro Endpoint Security: Application whitelisting, antivirus, and ransomware protection in a centralized console. • Wandera: Malicious hot-spot monitoring, jailbreak detection, web gateway for mobile threat detection that integrates with common MDM solutions. Automation Tools Scripty tools used to automate management on the Mac • AutoCasperNBI: Automates the creation of NetBoot Images (read: NBI’s) for use with Casper Imaging. • AutoDMG: Takes a macOS installer (10.10 or newer) and builds a system image suitable for deployment with Imagr, DeployStudio, LANrev, Jamf Pro, and other asr or Apple Systems Restore-based imaging tools.