Macintosh Security Basics - MacOS (mainly v. 9.x) and Mac OS X : File Sharing and Network/Internet client security

Macintosh Security Basics - Presentation Notes
Presentation for ENGS 69: Engineering Secure Computer Systems
Thayer School of Engineering, Dartmouth College
Winter 2002-2003

Marion Bates Investigative Research for Infrastructure Assurance

Overview Macintosh Security Basics

What we’ll cover:
Basic system security for MacOS (mainly v. 9.x) and Mac OS X, including:

• File Sharing (from both client and server perspectives)
• Network/Internet client security (“safe surfing”)
• Firewalls, viruses, email
• OS X basics, bonuses, and pitfalls We’ll start with MacOS 9, since OS X inherits from 9. 2

INDEX
Page 1
A little bit of history | There can be only one | Macs can serve | Ok, so what’s Timbuktu? | General Security implications | Unique is good | Unique but still pretty versitile | Versitile in not so nice ways | What to do | Physical Security | Physical Security Solutions | File Sharing | Password Encryption | OS 9 on Both Ends | OS 9 to old server | Os 9 to OS X | What if it IS clear text? | Done with client, now: Server FS | The point of diversification

Page 2
Configuring a File Sharing server | File Sharing control panel | Security Through Obscurity | Owner is Omnipotent | File Sharing over TCP | Apps over the net and Program Linking | Recommended initial setup | Other users | Creating accounts | Users and Groups | User Identity | User Sharing | Groups |

Page 3
Guest | On to the Files | Example | We can do this | Set the permissions | Control-click | Specify Access for each Joe |

Page 4
The Joes’ read-only folder | Drop Box | The MP3’s folder | Check for Leaks | File Sharing Wrap-up | More File Sharing Wrap-up |

Page 5
Personal Web Sharing | PWS Features | PWS Caveats and Wrap-up | Remote Access | Moving on: “Safer Surfing” | Web browsing | Ok, now I can’t use the web at all | FTP | What you can do |

Page 6
Fetch gets teeth | Fetch security options |

Page 7
Fetch security options 2 | E-Mail | PGP | Attachments (“Enclosures”) | More on email at Dartmouth | BlitzMail’s brethren | Viruses! | Countermeasures | Firewalls |

Page 8
Test it | MAC OS X | MAC OS X Continued | Macs and Unix | There can be many | Users and Folders | Users and Apps | BSD File Security | Classic | Classiconfusion | More on Classic/X | OS X Security “out of the box” | What is THAT port? | More on ports and services | Logs | Unix and Mac can collide | Apache vulnerability! | Ease of Use |

Page 9
OS X 10.2 Sharing pane | File Sharing | Connecting to other servers |

Page 10
Connecting with 10.2 | Connecting to other servers | Firewalling on OS X |

Page 11
Firewalling on OS X - Part 2 | Useful Tools - Network Utility | Useful Tools - Keychain | Useful Tools - Process Viewer |

Page 12
Useful Tools - NetInfo Manager | Useful Tools - Terminal | Useful Tools - tcpdump | Useful Tools - MacSniffer | Useful Tools - MacJanitor | Useful Tools - CheckMate |

Page 13
Useful Tools - CheckMate - Part 2 | GPG Mac | MacSFTP Carbon | Surfing Differences | Patches | Patching 3rd Party Software | Conclusions | Appendix A - URLs and sources | Appendix B - Supplemental Info