Friday, May 8, 2009

Book Review: Mac OS X Leopard Security

One of the interesting challenges I've faced recently in my project load was how to deal with security training for Mac OS X. While Windows and Unix training are common and easily available, the only Mac OS security training available was a pending SANS course, and a dated Apple course.

What's a security guy to do? Our Mac community is generally aware that their resistance to attacks thus far has been more based on being a smaller community than on the Mac having some mystical inherent resistance to compromise - although a few holdouts beg to differ. We have begun to see the beginnings of a Mac OS malware threat, and we have definitely seen more standard SSH compromises of systems with weak passwords.

My best solution was to identify a book to serve as a resource and as a basis for short workshops for our Mac support staff. Our staff range in expertise from hardcore Mac techs to staffers who are interested either at the hobby level, or who support a handful of random Macs in their department. Thus, the book had to cover both the basics and more advanced topics. In addition, it had to be current - many MacOS 10.3 and 10.4 books are out there, but far fewer cover 10.5.

I read reviews and flipped through quite a few books before settling on Charles Edge, William Barker, and Zack Smith's Foundations of Mac OS X Leopard Security. The book has received many positive Amazon reviews as well as a Slashdot review, and had actually been independently purchased by a couple of our campus administrators based on their own flip-throughs of the book.

What does the book offer? Well, it offered a lot of what I was looking for, including:

  • GUI based instructions for most basic MacOS security topics
  • Details on malware, rootkits, and
  • User account security
  • File services security
  • Server security
  • And a selection of advanced topics
What you don't get is a down and dirty command line level toolkit, although many command line basics are covered. The book also makes no mention of security standards and profiles such as the CIS standards. Overall though, our Mac admins have generally been impressed, and have read it closely enough that they have pointed out a couple of mistakes.

Does Foundations of Mac OS X Leopard Security replace a training class? No. But it does give the staff a ready resource and a common body of knowledge on which we can base our own discussions. I'll schedule followup discussions of specific topics as necessary, and we'll keep our eyes open for training. For the time being, I'd recommend this book to anybody needing a good primer on Mac OS security.

No comments: