- Page 1 and 2:
Mac OS XSecurity ConfigurationFor V
- Page 3 and 4:
1 ContentsPreface 11 About This Gui
- Page 5 and 6:
52 PowerPC-Based Systems52 Using th
- Page 7 and 8:
130 Encrypting Home Folders131 Over
- Page 9 and 10:
172 Securing Network Sharing Servic
- Page 11 and 12:
About This GuidePrefaceThis guide p
- Page 13 and 14:
 Chapter 13, “Advanced Security
- Page 15 and 16:
This guide...User ManagementWeb Tec
- Page 17 and 18:
For additional security-specific in
- Page 19 and 20:
1 Introductionto Mac OS X SecurityA
- Page 21 and 22:
Apple built the foundation of Mac O
- Page 23 and 24:
These functions are used when the s
- Page 25 and 26:
Parental ControlsParental controls
- Page 27 and 28:
Other commercial smart card vendors
- Page 29 and 30:
2 InstallingMac OS X2Use this chapt
- Page 31 and 32:
9 In the “Install Summary screen,
- Page 33 and 34:
Avoid names and short names like
- Page 35 and 36:
From the Command Line:# Updating fr
- Page 37 and 38:
From the Command Line:# Updating Ma
- Page 39 and 40:
When you use Disk Utility to verify
- Page 41 and 42:
3 ProtectingSystem Hardware3Use thi
- Page 43 and 44:
OS ComponentsMac OS X provides kern
- Page 45 and 46:
From the Command Line:# Removing Bl
- Page 47 and 48:
From the Command Line:# Securing Vi
- Page 49 and 50:
From the Command Line:# Securing Fi
- Page 51 and 52:
4 SecuringGlobal System Settings4Us
- Page 53 and 54:
You can test your settings by attem
- Page 55 and 56:
Intel-based and PowerPC-based compu
- Page 57 and 58:
When an application requests author
- Page 59 and 60:
5 SecuringAccounts5Use this chapter
- Page 61 and 62:
It is risky to assign the same user
- Page 63 and 64:
To securely configure an account wi
- Page 65 and 66:
Securing Administrator AccountsEach
- Page 67 and 68:
3 In the Defaults specification sec
- Page 69 and 70:
The authentication and contacts sea
- Page 71 and 72:
 FIPS-181 compliant: According to
- Page 73 and 74:
Before the smart card processes inf
- Page 75 and 76:
You can create multiple keychains,
- Page 77 and 78:
2 Enter a name, select a location f
- Page 79 and 80:
Using Portable and Network-Based Ke
- Page 81 and 82:
6 SecuringSystem Preferences6Use th
- Page 83 and 84:
Securing .Mac Preferences.Mac is a
- Page 85 and 86:
3 Don’t register your computer fo
- Page 87 and 88:
To securely configure Accounts pref
- Page 89 and 90:
To securely configure Appearance pr
- Page 91 and 92:
This does not prevent users from re
- Page 93 and 94:
4 Choose a time zone.From the Comma
- Page 95 and 96:
From the Command Line:# Securing De
- Page 97 and 98:
2 From the Sleep pane, set “Put t
- Page 99 and 100:
From the Command Line:# Securing Ex
- Page 101 and 102: To securely configure Network prefe
- Page 103 and 104: If the account you want to manage i
- Page 105 and 106: To securely configure Print & Fax p
- Page 107 and 108: You can find and install third-part
- Page 109 and 110: FileVault SecurityMac OS X includes
- Page 111 and 112: Â “Set access for specific servi
- Page 113 and 114: You can change your computer’s na
- Page 115 and 116: To securely configure Software Upda
- Page 117 and 118: The following shows the Text to Spe
- Page 119 and 120: By placing specific folders or disk
- Page 121 and 122: To enter Target Disk Mode, hold dow
- Page 123 and 124: 7 SecuringData and UsingEncryption7
- Page 125 and 126: Interpreting POSIX PermissionsTo in
- Page 127 and 128: In this example, the folder named s
- Page 129 and 130: Not all applications recognize the
- Page 131 and 132: If you want to protect file or fold
- Page 133 and 134: This provides network management of
- Page 135 and 136: Make sure the size of the image is
- Page 137 and 138: A zero-out erase sets all data bits
- Page 139 and 140: Using Secure Empty TrashSecure Empt
- Page 141 and 142: 8 SecuringSystem Swap andHibernatio
- Page 143 and 144: 9 AvoidingMultiple SimultaneousAcco
- Page 145 and 146: 10 EnsuringData Integrity withBacku
- Page 147 and 148: 11 InformationAssurance withApplica
- Page 149 and 150: Â NTLMÂ Kerberos Version 5 (GSSAP
- Page 151: Safari supports server-side and cli
- Page 155 and 156: Website forms can include items tha
- Page 157 and 158: iChat AV Encryption leverages a PKI
- Page 159 and 160: When you and your buddy have the .M
- Page 161 and 162: IPSec requires security certificate
- Page 163 and 164: Mac OS X includes a firewall. If yo
- Page 165 and 166: 4 Click Advanced.5 Select the Enabl
- Page 167 and 168: 12 InformationAssurance withService
- Page 169 and 170: Before using Bonjour to connect to
- Page 171 and 172: Securing the Back to My Mac (BTMM)
- Page 173 and 174: Screen Sharing (VNC)Screen Sharing
- Page 175 and 176: From the Command Line:# Disable Fil
- Page 177 and 178: Enabling an SSH ConnectionTo enable
- Page 179 and 180: 5 On the client, enter a complex pa
- Page 181 and 182: $ mkdir ~/.ssh/2 If ~/.ssh/known_ho
- Page 183 and 184: You can add a specific host and opt
- Page 185 and 186: The first time you connect, you hav
- Page 187 and 188: From the Command Line:# Remote Appl
- Page 189 and 190: From the Command Line:# Internet Sh
- Page 191 and 192: 13 AdvancedSecurity Management13Use
- Page 193 and 194: When a program asks for a right, Au
- Page 195 and 196: The Security Server requests authen
- Page 197 and 198: Validating File IntegrityWhen downl
- Page 199 and 200: To inspect a specific requirement,
- Page 201 and 202: The following sample line specifies
- Page 203 and 204:
If auditing is enabled, the /etc/rc
- Page 205 and 206:
Intrusion Detection SystemsAn intru
- Page 207 and 208:
ASecurity ChecklistAAppendixUse the
- Page 209 and 210:
Account Configuration Action ItemsF
- Page 211 and 212:
Action Items Completed? NotesSecure
- Page 213 and 214:
Action Item Completed? NotesInstall
- Page 215 and 216:
BSecurity ScriptsBAppendix# Updatin
- Page 217 and 218:
# Securing Global System Settings#
- Page 219 and 220:
# Securing Energy Saver Preferences
- Page 221 and 222:
defaults write "com.apple.speech.re
- Page 223 and 224:
GlossaryGlossaryThis glossary defin
- Page 225 and 226:
computational cluster A group of co
- Page 227 and 228:
FTP File Transfer Protocol. A proto
- Page 229 and 230:
NetBoot server A Mac OS X server yo
- Page 231 and 232:
public key One of two asymmetric ke
- Page 233 and 234:
streaming Delivery of video or audi
- Page 235 and 236:
IndexIndex.Mac preferences 83-85, 1
- Page 237 and 238:
Gglobal file permissions 128-129gri
- Page 239 and 240:
SSafari preferences 150, 152-156san