[Ham-Mac] Open Publication - New NSA Security Guidelines for Mac OS
X Published
k9zw at mac.com
k9zw at mac.com
Fri Mar 23 02:53:09 EST 2007
New NSA Security Guidelines for Mac OS X Published
InfoSec News
Thu Mar 22 02:02:39 CST 2007
http://www.macobserver.com/article/2007/03/20.8.shtml
By John Martellaro
March 20th, 2007
The National Security Agency (NSA) has published version 2 of its
security guidelines for Mac OS X. The security documents are available
in PDF format on their OS Guides page [1] for Mac OS X.
These documents for Mac OS X and Mac OS X Server represent best
practices for securing the OS and are widely used by the industry as
internal standards for configuring Mac OS X. The document is actually
written by experts at Apple and endorsed by the NSA which says on its
Website," It is our belief that these guides establish the latest best
practices for securing the products and recommend that traditional
customers of our security recommendations use the Apple guides when
securing Macintosh OS X 10.4.x and Macintosh OS X Server 10.4.x."
Practices such as setting up admin accounts, generating passwords, the
proper way to remove Classic, which can be a serious security problem
for Mac OS X, managing the root account, and the use of Access Control
Lists (ACLs) is covered.
Out of the box, Mac OS X is fairly secure, especially with respect to
closed ports. However, for those in the enterprise who want to take
advantage of every feature of Mac OS X to lock down and secure the OS
against not only network but local intrusions, this is a must read.
[1] http://www.nsa.gov/snac/downloads_macOSX10_4Server.cfm?
MenuID=scg10.3.1.1
More information about the Ham-Mac
mailing list