Enterprise Mac Security: El Capitan PDF

522 Pages·2016·16.03 MB·English

by Charles Edge, Daniel O’Donnell (auth.)

Checking for file health...

Save to my drive

Quick download

E d BOOKS FOR PROFESSIONALS BY PROFESSIONALS® g e · D Enterprise Mac Security, Third Edition o n n Enterprise Mac A common misconception in the Mac community is that Mac’s operating system is more secure e than others. While this might be have been true in certain cases, security on the Mac has always l l still been a crucial issue. With the release of OS X El Capitan, the operating system is taking large strides in getting even more secure. Even still, when sharing is enabled or remote control E applications are installed, Mac OS X faces a variety of security threats, whether these have been Security exploited or not. n Enterprise Mac Security is a definitive, expert-driven update of the popular, slash-dotted first t e edition which was written in part as a companion to the SANS Institute course for Mac OS X. It contains detailed Mac OS X security information, and walkthroughs on securing systems, r including the new El Capitan operating system. p r This book caters to both the beginning home user and the seasoned security professional not i El Capitan accustomed to the Mac, establishing best practices for Mac OS X for a wide audience. s e — The authors of this book are seasoned Mac and security professionals, having built many of the largest network infrastructures for Apple and spoken at both DEFCON and Black Hat on OS X M Securing El Capitan in the enterprise security. a and beyond c — S e Third Edition c — u r Charles S. Edge Jr. i t y Daniel O’Donnell E l C a p i t a IISSBBNN 99787-81--14-84428-4127-111-7511-5 Shelve in: n Macintosh/Operating System User level: Beginning–Advanced 9 781484 217115 SOURCE CODE ONLINE www.apress.com Enterprise Mac Security El Capitan Third Edition Charles Edge Daniel O’Donnell Enterprise Mac Security: El Capitan Copyright © 2016 by Charles Edge and Daniel O’Donnell This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. ISBN-13 (pbk): 978-1-4842-1711-5 ISBN-13 (electronic): 978-1-4842-1712-2 Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein. Managing Director: Welmoed Spahr Lead Editor: Louise Corrigan Development Editor: James Markham Technical Reviewer: Jim Graham Editorial Board: Steve Anglin, Pramila Balen, Louise Corrigan, Jim DeWolf, Jonathan Gennick, Robert Hutchinson, Michelle Lowman, James Markham, Susan McDermott, Matthew Moodie, Jeffrey Pepper, Douglas Pundick, Ben Renow-Clarke, Gwenan Spearing Coordinating Editor: Jill Balzano Copy Editor: Jim Compton Compositor: SPi Global Indexer: SPi Global Artist: SPi Global Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail [email protected], or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation. For information on translations, please e-mail [email protected], or visit www.apress.com. Apress and friends of ED books may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Special Bulk Sales–eBook Licensing web page at www.apress.com/bulk-sales. Any source code or other supplementary material referenced by the author in this text is available to readers at www.apress.com. For detailed information about how to locate your book’s source code, go to www.apress.com/source-code/. To my sweet little Emerald, with all of my love! – Charles Edge Contents at a Glance About the Authors ��xxi About the Technical Reviewer ��xxiii Acknowledgments ��xxv Introduction ��xxvii ■ Part I: The Big Picture ��1 ■ Chapter 1: Security Quick-Start ��3 ■ Chapter 2: Services, Daemons, and Processes ��29 ■ Chapter 3: Securing User Accounts ��49 ■ Chapter 4: File System Permissions ��83 ■ Chapter 5: Reviewing Logs and Monitoring��115 ■ Part II: Securing the Ecosystem ��151 ■ Chapter 6: Application Signing and Sandbox ��153 ■ Chapter 7: Securing Web Browsers and E-mail ��197 ■ Chapter 8: Malware Security: Combating Viruses, Worms, and Root Kits ��221 ■ Chapter 9: Encrypting Files and Volumes ��243 v vi Contents at a Glance ■ Part III: Securing the Network ��277 ■ Chapter 10: Securing Network Traffic ��279 ■ Chapter 11: Managing the Firewall ��299 ■ Chapter 12: Securing a Wireless Network ��323 ■ Part IV: Securely Sharing Resources ��345 ■ Chapter 13: File Services ��347 ■ Chapter 14: iCloud Security ��361 ■ Chapter 15: Remote Connectivity ��375 ■ Chapter 16: Server Security ��391 ■ Part V: Securing the Workplace ��439 ■ Chapter 17: Network Scanning, Intrusion Detection, and Intrusion Prevention Tools ��441 ■ Chapter 18 Backup and Fault Tolerance ��459 ■ Appendix A: InfoSec Acceptable Use Policy ��487 ■ Appendix B: CDSA ��495 ■ Appendix C: Introduction to Cryptography ��497 Index ��501 Contents About the Authors ��xxi About the Technical Reviewer ��xxiii Acknowledgments ��xxv Introduction ��xxvii ■ Part I: The Big Picture ��1 ■ Chapter 1: Security Quick-Start ��3 Securing the Mac OS X Defaults ��3 Customizing System Preferences��4 Users & Groups ��4 Login Options ��7 Passwords ��9 Administrators ��9 Security & Privacy Preferences ��10 General ��11 FileVault ��12 Firewall ��15 Software Update ��16 Bluetooth Security ��17 vii viii Contents Printer Security ��19 Sharing Services ��21 Erasing Disks ��22 Using Secure Empty Trash ��23 Using Encrypted Disk Images ��24 Securing Your Keychains ��26 Best Practices ��27 ■ Chapter 2: Services, Daemons, and Processes ��29 Introduction to Services, Daemons, and Processes ��29 Viewing What’s Currently Running ��31 The Activity Monitor ��31 The ps Command ��36 The top Output ��37 Viewing Which Daemons Are Running ��39 Viewing Which Services Are Available ��40 Stopping Services, Daemons, and Processes ��41 Stopping Processes ��42 Stopping Daemons ��43 Types of launchd Services ��44 GUI Tools for Managing launchd ��45 Changing What Runs at Login ��45 Validating the Authenticity of Applications and Services ��47 Summary ��47 ■ Chapter 3: Securing User Accounts ��49 Introducing Identification, Authentication, and Authorization ��49 Managing User Accounts ��50 Introducing the OS X Account Types ��51 Adding Users to Groups ��53 Enabling the Superuser Account ��55 Contents ix Setting Up Parental Controls��57 Managing the Rules Put in Place ��65 Advanced Settings in System Preferences��68 Working with Local Directory Services ��69 Creating a Second Local Directory Node ��72 External Accounts ��72 Restricting Access with the Command Line: sudoers ��73 Securing Mount Points ��78 SUID Applications: Getting into the Nitty-Gritty ��79 Creating Files with Permissions ��80 Summary ��81 ■ Chapter 4: File System Permissions ��83 Mac File Permissions: A Brief History of Time ��84 POSIX Permissions ��85 Modes in Detail ��86 Inheritance ��89 The Sticky Bit ��91 The suid/sguid Bits ��91 POSIX in Practice ��92 Access Control Lists ��94 Access Control Entries ��95 Effective Permissions ��98 ACLs in Practice ��99 Administering Permissions ��101 Using the Finder to Manage Permissions ��105 Using chown and chmod to Manage Permissions ��106 The Hard Link Dilemma ��109 Using mtree to Audit File System Permissions ��111 Summary ��113 x Contents ■ Chapter 5: Reviewing Logs and Monitoring��115 What Exactly Gets Logged? ��115 Using Console ��117 Viewing Logs ��117 Marking Logs ��118 Searching Logs ��119 Finding Logs ��120 What Happened to the Secure�log?? ��121 Reviewing User-Specific Logs ��122 Reviewing Command-Line Logs ��124 Reviewing Library Logs ��125 Breaking Down Maintenance Logs ��126 daily�out ��127 Yasu ��128 Weekly�out ��129 Monthly�out ��130 What to Worry About ��130 Activity Monitor ��131 Virtual Machine and Bootcamp Logs ��131 Event Viewer ��131 Task Manager ��133 Performance Alerts ��135 Review Regularly, Review Often ��136 Accountability ��136 Incident Response ��137 BSM – Auditing with the Basic Security Module ��138 The Audit Daemon and Audit Commands ��140 Configuring the Audit System ��141 Default Audit Settings ��141 Naming of the Audit Trail Files ��143

See more

Enterprise Mac Security: El Capitan PDF

Preview Enterprise Mac Security: El Capitan

The list of books you might like