JonHoyle.com Mirror of MacCompanion
http://www.maccompanion.com/macc/archives/July2008/Books/LeopardSecurity.htm

macCompanion MyAppleSpace Forum Archives Products Services About Us FAQs

Resources

                                           

Consultants

Developers

Devotees

Downloads

"Foreign" Macs

Forums

Hearsay

Link Lists

Mac 3D

Macazines

Mac Jobs

MUG Shots

News

Radio

Reviews

Think Different

Training

 

Foundations of Mac OS X Leopard

 

Security

Reviewed by Robert Pritchett

Authors: Charles S Edge Jr., William Barker , Zack Smith

Apress

http://www.apress.com/book/view/9781590599891

Released: April 2008

Pages: 488

$40 USD

ISBN13: 978-1-59059-989-1

 

Strengths: Provides an updated resource to  Apple OS security.

 

Weaknesses: None found.

 

Introduction

 

Foundations of Mac OS X Leopard Security is written in part as a companion to the SANS Institute course for Mac OS X - http://www.sans.org/sans2008/ . It contains detailed Mac OS X security information, but also walkthroughs on securing systems.

 

By using the SANS Institute course as a sister to the book, the focus includes both the beginning home user and the seasoned security professional not accustomed to the Mac, and allows this title to establish the “best practices” for Mac OS X for a wide audience. Additionally, the authors of the book are seasoned Mac and security professionals, having built many of the largest network infrastructures for Apple and spoken at both DefCon and Black Hat on OS X security.

 

What I Learned

 

With the recent flurry of Trojan activities and Email Phishing expeditions, social engineering efforts and even the Adobe Acrobat 8 exploit that caused us to even update the February issue of macCompanion magazine's  PDF issue, we have to be on guard and ever-vigilant, even on the Apple platform.

 

This vigilance is even more of an issue on the Intel-based machines from Apple, as they are even more prone to vulnerabilities and exploits based on their chipset than the previous-generation IBM-based chipsets that used Virtual PC to navigated in the landmine-infested non-Mac environments.

 

I learned a little bit more about the stealth mode, hiding wireless networks, file services through AirPort, blocking hosts based on robot.txt and using the .htaccess file for protecting directories.

 

The book has 5 parts in 16 chapters and 4 appendices on security fundamentals, and essentials including malware security about viruses, work ms and rootkits, log reviewing and monitoring, network traffic, setting up the <ac OS X firewall, securing a wireless network, sharing files services, and securing websites as well as remote connectivity and server security, workplace security on network scanning, intrusion detection and prevention tools, backups and fault tolerance and forensics.

 

The appendices cover Xsan security, acceptable use polices, secure development and an intro to cryptography.

 

Conclusions

 

If you want an updated book on Mac Leopard Security, this is it.

 

Recommendation

 

Even though these guys seem to be speaking to the PC-side, they did their homework. After all, they all work for one of the largest Mac security consulting firms, 318 - http://www.318.com/