Le guide 'Mac OS X security configuration' est gratuit et peut être téléchargé sur le site de la NSA (document PDF 3 Mo).
Table des matières
1
Preface 9 About This Guide
9 Target Audience
9 Whats New in Mac OS X Version 10.4
10 Whats in This Guide
11 Using This Guide
11 Using Onscreen Help
11 Mac Help
12 The Mac OS X Server Suite
13 Getting Documentation Updates
13 Getting Additional Information
14 Acknowledgments
Chapter 1 15 Introducing Mac OS X Security Architecture
Security Architectural Overview
16
16 UNIX Infrastructure
16 Access Permissions
16 Security Framework
17 Layered Security Defense
18 Built-In Security Services
18 Keychain Services
18 Secure Transport Services
18 Certificate, Key, and Trust Services
18 Authorization Services
19 Smart Card Services
19 Authorization versus Authentication
Chapter 2 21 Installing Mac OS X
System Installation Overview
21
21 Disabling the Open Firmware Password
22 Installing from CD or DVD
23 Installing from the Network
23 Restoring from Preconfigured Disk Images
23 Initializing System Setup
23 Using Setup Assistant
24 Creating Initial System Accounts
25 Setting Correct Time Settings
25 Updating System Software
26 Updating from an Internal Software Update Server
27 Updating from Internet-Based Software Update Servers
27 Updating Manually from Installer Packages
28 Verifying the Integrity of Software
28 Repairing Disk Permissions
29 Kinds of Permissions
29 POSIX Permissions Overview
29 ACL Permissions Overview
30 Using Disk Utility to Repair Disk Permissions
Chapter 3 31 Protecting Hardware and Securing Global System Settings
31 Protecting Hardware
32 Disabling Hardware
33 Removing Mac OS 9
33 Using the Command Line to Remove Mac OS 9
34 Running Mac OS 9 from a CD or DVD
34 Running Mac OS 9 from a Disc Image
35 Securing System Startup
36 Using the Open Firmware Password Application
37 Configuring Open Firmware Settings
38 Using Command-Line Tools to Secure Startup
38 Requiring a Password for Single-User Mode
Configuring Access Warnings
39
39 Enabling Access Warnings for the Login Window
40 Enabling Access Warnings for the Command Line
Chapter 4 41 Securing Accounts
Types of User Accounts
41
42 Guidelines for Creating Accounts
42 Defining User IDs
43 Securing Nonadministrator Accounts
45 Securing Administrator Accounts
46 Securing the System Administrator Account
47 Understanding Directory Domains
48 Understanding Network Services, Authentication, and Contacts
49 Configuring LDAPv3 Access
50 Configuring Active Directory Access
50 Using Strong Authentication
51 Using Password Assistant
52 Using Smart Cards
52 Using Tokens
52 Using Biometrics
53 Setting Global Password Policies
53 Storing Credentials
54 Using the Default User Keychain
55 Securing Keychain Items
56 Creating Additional Keychains
57 Using Portable and Network-Based Keychains
Chapter 5 59 Securing System Preferences
59 System Preferences Overview
61 Securing .Mac Preferences
63 Securing Accounts Preferences
66 Securing Appearance Preferences
67 Securing Bluetooth Preferences
68 Securing CDs & DVDs Preferences
69 Securing Classic Preferences
71 Securing Dashboard and Exposé Preferences
72 Securing Date & Time Preferences
74 Securing Desktop & Screen Saver Preferences
76 Securing Displays Preferences
76 Securing Dock Preferences
77 Securing Energy Saver Preferences
78 Securing International Preferences
79 Securing Keyboard & Mouse Preferences
Securing Network Preferences
80
82 Securing Print & Fax Preferences
84 Securing QuickTime Preferences
85 Securing Security Preferences
87 Securing Sharing Preferences
90 Securing Software Update Preferences
91 Securing Sound Preferences
92 Securing Speech Preferences
93 Securing Spotlight Preferences
95 Securing Startup Disk Preferences
96 Securing Universal Access Preferences
Chapter 6 97 Securing Data and Using Encryption
97 Understanding Permissions
97 Setting POSIX Permissions
98 Viewing POSIX Permissions
99 Interpreting POSIX Permissions
100 Modifying POSIX Permissions
100 Setting File and Folder Flags
100 Viewing Flags
100 Modifying Flags
101 Setting ACL Permissions
101 Enabling ACL
102 Modifying ACL Permissions
102 Setting Global File Permissions
103 Securing Your Home Folder
104 Encrypting Home Folders
105 Using FileVault Master Keychain
105 Encrypting Portable Files
106 Creating a New Encrypted Disk Image
107 Creating an Encrypted Disk Image from Existing Data
107 Creating Encrypted PDFs
108 Securely Erasing Data
109 Using Disk Utility to Securely Erase a Disk or Partition
109 Using Command-Line Tools to Securely Erase Files
110 Using Secure Empty Trash
Using Disk Utility to Securely Erase Free Space
111
Using Command-Line Tools to Securely Erase Free Space
111
Chapter 7 113 Securing Network Services
113 Securing Apple Applications
Securing Mail
113
Securing Web Browsing
114
Securing Instant Messaging
115
115 Securing VPN
Securing Firewall
117
About Internet Sharing
118
Enabling TCP Wrappers
119
120 Securing SSH
Enabling an SSH Connection
120
Configuring a Key-Based SSH Connection
121
124 Preventing Connections to Unauthorized Host Servers
Using SSH as a Tunnel
125
126 Securing Bonjour
127 Securing Network Services
Securing AFP
127
128 Securing Windows Sharing
128 Securing Personal Web Sharing
128 Securing Remote Login
Securing FTP Access
129
129 Securing Apple Remote Desktop
129 Securing Remote Apple Events
129 Securing Printer Sharing
129 Securing Xgrid
130 Intrusion Detection Systems
Chapter 8 131 Validating System Integrity
131 About Activity Analysis Tools
131 Using Auditing Tools
132 Configuring Log Files
132 Configuring syslogd
133 Local System Logging
134 Remote System Logging
135 About File Integrity Checking Tools
135 About Antivirus Tools
Appendix A 137 Security Checklist
137 Installation Action Items
138 Hardware and Core Mac OS X Action Items
138 Account Configuration Action Items
139 Securing System Software Action Items
139 .Mac Preferences Action Items
140 Accounts Preferences Action Items
140 Appearance Preferences Action Items
140 Bluetooth Preferences Action Items
141 CDs & DVDs Preferences Actions Items
141 Classic Preferences Action Items
Dashboard and Exposé Preferences Action Items
142
142 Date & Time Preferences Action Items
Desktop & Screen Saver Preferences Action Items
142
142 Dock Preferences Action Items
Energy Saver Preferences Action Items
143
143 Securing International Preferences
Securing Keyboard & Mouse Preferences
143
143 Network Preferences Action Items
Print & Fax Preferences Action Items
144
144 QuickTime Preferences Action Items
Security Preferences Action Items
144
145 Sharing Preferences Action Items
Software Update Preferences Action Items
145
Sound Preferences Action Items
145
145 Speech Preferences Action Items
146 Spotlight Preferences Action Items
146 Startup Disk Preferences Action Items
146 Data Maintenance and Encryption Action Items
146 Network Services Configuration Action Items
148 System Integrity Validation Action Items
Appendix B 149 Daily Best Practices
149 Password Guidelines
149 Creating Complex Passwords
150 Using an Algorithm to Create a Complex Password
151 Safely Storing Your Password
151 Password Maintenance
152 Email, Chat, and Other Online Communication Guidelines
152 Computer Usage Guidelines
Glossary 155
Index 167
Derniers commentaires