Apple Training Series Mac OS X Security and Mobility v10.6 Robert Kite, Ph.D., Michele Hjörleifsson, and Patrick Gallagher Apple Training Series: Mac OS X Security and Mobility v10.6 Robert Kite, Ph.D., Michele Hjörleifsson, and Patrick Gallagher Published by Peachpit Press. For information on Peachpit Press books, contact: Peachpit Press 1249 Eighth Street Berkeley, CA 94710 510/524-2178 510/524-2221 (fax) Find us on the Web at: www.peachpit.com To report errors, please send a note to [email protected] Peachpit Press is a division of Pearson Education Copyright © 2010 by Apple Inc. Apple Training Series Editor: Rebecca Freed Instructional Designers: Shane Ross, John Signa Production Editor: Danielle Foster Copyeditor: Gail Nelson-Bonebrake Tech Editors: Todd Dailey, Shawn Geddis Proofreader: Suzie Nasol Compositor: Danielle Foster Indexer: Valerie Perry Cover Illustrator: Kent Oberheu Cover Production: Happenstance Type-O-Rama Notice of Rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. For infor- mation on getting permission for reprints and excerpts, contact [email protected]. Notice of Liability The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been taken in the preparation of the book, neither the authors nor Peachpit shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the computer software and hardware products described in it. Trademarks Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and Peachpit was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other affiliation with this book. ISBN 13: 978-0-321-63535-8 ISBN 10: 0-321-63535-3 9 8 7 6 5 4 3 2 1 Printed and bound in the United States of America To my beautiful wife Rhiannon and wonderful son Brendan. Thanks for putting up with this... three times. —Patrick Gallagher To my family for giving me inspiration, and Master Chief Samuel Blair my mentor, thank you. Dreams make all things possible; hard work makes them reality. —Mike Hjörleifsson This page intentionally left blank Acknowledgments Patrick Gallagher First, I would like to thank the team who worked on this at Apple, Peachpit, and our own respective companies. It was certainly a group effort that pulled it through. There are too many people to name, and I sus- pect there are a number of behind-the-scenes people whom I can’t put names to. You are included here, too. Thanks also to my clients and co-workers for tolerating these distractions and for recognizing that what I learn during these endeavors makes us more valuable. Finally, thanks to all of my family and friends for putting up with the late nights, missing weekends, missed phone calls, late arrivals, cancelled engage- ments, general distraction, etc. I will do better. Michele (Mike) Hjörleifsson First, I would like to thank the development team for being so helpful to a first-timer. To Shawn Geddis, John Signa, and Shane Ross at Apple for being a great help and resource through the project. To my friends at PrimeKey for their insights into PKI. To my best friend Ed Volz and my wife Dawn for tolerating my crazy hours, canceled engagements, etc. Robert Kite, Ph.D. This project could not have been completed without the help of friends, colleagues and family. Darcy, Kelly, Alex, and Kate—I realize the hours were long and I missed a lot. Jan and George Barton: Thanks! Arek Dreyer, Kevin White, Ben Greisler, Andrew Johnson, and Steve Cervera: Your assistance and participation were greatly appreciated. My colleagues at SARCOM were instrumental in the successful completion of this project. Earl Greer: Thanks for the brainstorming sessions. Tip Lovingood: Once again, thanks for the lab work; I couldn’t have done it without you. Shane Ross and John Signa from Apple, as always, were amazing to work with. Rebecca Freed from Peachpit: Thanks for the hard work. Bob Lindstrom: Thanks for jumping in. Once again, I am grateful for your insight and ability to make what I write readable. And lastly, LeRoy Dennison and Judy Lawrence: Your advice and sup- port was very helpful throughout this project. v This page intentionally left blank Contents at a Glance Getting Started .....................................xiii Part 1 Providing Network Services Chapter 1 Understanding the Domain Name System .................. 3 Chapter 2 Using DHCP ......................................... 49 Chapter 3 Network Address Translation/Gateway .................... 73 Part 2 Securing Systems and Services Chapter 4 Using a Firewall ...................................... 101 Chapter 5 Virtual Private Networks .............................. 135 Chapter 6 Keys and Certificates .................................. 165 Part 3 Working with Mobile Devices Chapter 7 Providing iPhone Applications ......................... 221 Chapter 8 Using Mobile Access Server ............................ 277 Index .............................................305 vii This page intentionally left blank Contents Getting Started .............................xiii Part 1 Providing Network Services Understanding the Domain Name System ....... 3 Chapter 1 Using the DNS: The Big Picture .......................... 4 Configuring a DNS Service ............................. 10 Configuring the DNS with Server Admin ................. 13 Configuring DNS with BIND ........................... 24 Creating Secure and Private DNS Servers ................. 32 Troubleshooting a DNS ................................ 38 What You’ve Learned .................................. 44 References ........................................... 45 Chapter Review ....................................... 46 Using DHCP .............................. 49 Chapter 2 Understanding How DHCP Works ....................... 50 Configuring a DHCP Service ............................ 51 Configuring DHCP Using Server Admin .................. 53 Troubleshooting DHCP ................................ 62 What You’ve Learned .................................. 68 References ........................................... 69 Chapter Review ....................................... 70 Network Address Translation/Gateway ......... 73 Chapter 3 Using NAT ........................................... 74 Configuring a NAT Gateway ............................ 76 Configuring NAT Using the Gateway Setup Assistant ....... 77 Using Server Admin to Configure NAT ................... 82 ix