The Unix/BSD underpinnings of Mac OS X have implications that ordinary Mac users have never before been faced with. Mac OS X can be used as both a powerful Internet server, or, in the wrong hands, a very powerful attack launch point. "Maximum Mac OS X Security" takes a Unix-oriented approach, going into significantly greater depth on OS X security topics.
I. MAC OS X SECURITY BASICS: LEARNING TO THINK SECURE.
1. An Introduction to Mac OS X Security.
What Is Security? Traditional Mac OS Versus Mac OS X. Understanding the Threat. Summary.
2. Thinking Secure: Security Philosophy and Physical Concerns.
Physical System Vulnerabilities. Server Location and Physical Access. Server and Facility Location. Physical Access to the Facility. Computer Use Policies. Physical Security Devices. Network Considerations. Summary.
3. People Problems: Users, Intruders, and the World Around Them.
Your Users: People with Whom You Share Your Computer. The Bad Guys: People Who Would Do Your System Harm. Everybody Else. Summary.
II. VULNERABILITIES AND EXPOSURES: HOW THINGS DON'T WORK, AND WHY.
4. Theft and Destruction of Property: Data Attacks.
Keeping Data Secret: Cryptography, Codes, and Ciphers. Data-Divulging Applications. Steganography and Steganalysis: Hiding Data in Plain Sight, and How to Find and Eliminate It. Summary.
5. Picking Locks: Password Attacks.
Typical Password Mechanisms. Testing Password Security. Improving Password Security, and Alternatives to the Standard Password Mechanisms in Mac OS X. Summary.
6. Evil Automatons: Malware, Trojans, Viruses, and Worms.
Defining Software Behavioral Space. Malware. Malware Threats. Solving the Problem. Summary.
7. Eavesdropping and Snooping for Information: Sniffers and Scanners.
Eavesdropping and Information Gathering. Monitoring Traffic with tcpdump. Sniffing Around with Ettercap. Network Surveys with NMAP. Other Information-Gathering Tools. Ethics of Information Gathering. Additional Resources. Summary.
8. Impersonation and Infiltration: Spoofing.
Spoofing Attacks. Spoofing Defenses. Summary.
9. Everything Else.
DoS. Buffer Overflows. Session Hijacking. Everything Else. Additional Resources. Summary.
III. SPECIFIC MAC OS X RESOURCES AND HOW TO SECURE THEM: SECURITY TIPS, TRICKS, AND RECIPES.
10. User, Environment, and Application Security.
Adding a New User. Using the NetInfo Database to Customize a User. Sane User Account Management. Skeleton User Accounts. Command-Line Administration Tools. Restricting User Capabilities. Summary.
11. Introduction to Mac OS X Network Services.
What Is a Network Service? Network Service Vulnerabilities. Controlling Mac OS X Network Service Processes. Protecting inetd with TCP Wrappers. Increasing Security with xinetd. Summary.
12. FTP Security.
FTP Vulnerabilities. Activating the FTP Server. Configuring the Default lukemftpd FTP Server. Setting Up Anonymous FTP. Replacing the Mac OS X FTP Server. Alternatives to FTP. Summary.
13. Mail Server Security.
Basic Vulnerabilities. Sendmail. Activating Sendmail on Mac OS X. Protecting Sendmail. Updating Your Sendmail Installation. Postfix as an Alternative. Installing Postfix. Protecting Postfix. Delivering MailUW IMAP. Summary.
14. Remote Access: Secure Shell, VNC, Timbuktu, Apple Remote Desktop.
What Is SSH? SSH Vulnerabilities. Vulnerabilities in telnet and rlogin. Activating SSH. Advanced SSH Features. GUI Access Methods. Summary.
15. Web Server Security.
Introducing Apache. SSL-Protected Apache. Additional Resources. Summary.
16. File Sharing Security.
Apple Filing Protocol. WebDAV. Sharing Files with Samba. Common Unix Printing System. Other Resources. Summary.
IV. PREVENTION, DETECTION, AND REACTION TO ATTACKS: HEALTH CARE AND CHECKUPS FOR YOUR MACHINE.
17. Blocking Network Access: Firewalls.
Firewalling. Built-In GUI Mac OS X Firewall Tools. Built-In Command-Line Mac OS X Firewall Tools. Firewall Hardware. Firewall Resources. Summary.
18. Alarm Systems: Intrusion Detection.
What Is Intrusion Detection? Psionic PortSentry. Snort. IDS Resources. Summary.
19. Logs and User Activity Accounting.
The Role of Logs. User Logins and Accounting. Automated Log Monitoring: LogSentry. Common System Log Changes. Summary.
20. Disaster Planning and Recovery.
What Is Disaster Recovery and Why Do You Need It? Creating a Disaster Recovery Plan. Mac OS X Backup Software. Synchronizing Files: rsync. Summary.
Appendix A. Glossary.
Appendix B. Security Resources.
Appendix C. Secure Web Development.
Web Development Risks. Protecting Your Web Applications. Adding and Using suEXEC. Testing for Known CGI Vulnerabilities: Whisker. Additional Resources.