Mac OS X Security Part Ten: Online Resources & Tutorials

All of these are accessed in System Preferences. The same article then goes on to recommending BrickHouse, which we ourselves discussed early on in this series. Finally it notes that quite a lot of information is logged to file by default in OS X, helpful if disaster does strike.

A key site to visit for all things network security is The SANS Institute. The hub for experts on internet security is the CERT Coordination Center. On the virus front, you'll want to know about Symantec's Security Response group, and McAfee's Virus Information Library (although I frankly find McAfee's site unwieldy to use). For a good and breezy introduction to the virus threat and some protections, read a white paper by Barbara Higgins. There are unix viruses out there; it's only a matter of time until they're ported to OS X. For a feel of the hazards that unix is exposed to, give a quick read on the same site to the somewhat heady promo piece for Vfind, apparently the first antirus software for unix. The message: It's not just viruses.

As you know from earlier in this series, both Norton and McAfee have cooked up OS X antivirus products. At the time, they were beta software. McAfee emailed me this week to notify me that its beta program for the product has concluded. Norton's NAV for OS X does not do scans automatically, its biggest shortcoming in its current form. The release version will be fully automatic, just as all its other versions are now. So no worries. The kinks will be worked out in time.

At some point you may find yourself poking around with OS X's NetInfo Manager. For an introduction, give a read to What Is NetInfo?, an Apple TIL. In my article Mac OS X hosts File we used NetInfo and a hosts file to cull out unwanted ad servers.

A well-written paper entitled The Challenges of Integrating the Unix and Mac OS Environments gives a good overview of OS X's heritage, and addresses several security concerns, including why this Mac OS is even bothered with users and passwords at all. The latter may seem as so much extra baggage compared to classic Mac OS, and even as an intrusion into one's personal computer experience. This article addresses those issues very well.

Securemac.com has tended to have evolved into something of an OS X specialty site. You could spend quite a bit of time digesting the many excellent white papers available there. A place to start might be with the three-part tutorial entitled Mac OS X Security.

A nice tutorial simply entitled Internet Security by the International Engineering Consortium works just the way you'd expect an online tutorial should. Chapters are manageable, and you can handle one a day, or the whole thing in an extended sitting. There is even a self-test at the end. I'll let you know how I scored. I discovered this one on a British university site that has several other good references, including an older but timely tutorial entitled Network Security. I found a bite-sized tutorial entitled Practical Unix Security referenced there, that was originally given as a presentation. Again, it's a little dated but still interesting and relevant in many ways. While most of these tutorials are geared to network security in an organization, you can pick up some good ideas for your home or SOHO setup too.

The unix references get pretty dry pretty quickly if you aren't comfortable around unix. Should you desire to play with the OS X shell, as it's known, you might enjoy a browse at my article entitled The Mac OS X Shell. When you're ready for a unix tutorial - and there are quite a few variations of unix around - you might try this gem from the UK entitled UNIX Tutorial for Beginners , or this slightly more terse one entitled A Basic UNIX Tutorial. Keep in mind that OS X is based upon BSD-unix, should that come up. When you're comfortable enough, you may find this quick reference from Webmonkey handy. Here's an even quicker one from UofW. By the way, some of the OS X online manuals, known as man pages, have fairly old dates, which tells me that Apple has been working on this stuff for quite a while.

Perhaps it's because their focus is elsewhere, I don't know, but many commercial outfits are not aware of the now-standard security tools available in unix. Specifically, I'm thinking of the multitude of web hosting services that use ftp for handling their customers' site updates. Standard ftp, like several other tools, places plain-text passwords onto the internet, which are virtually child's play to read. Secure ftp, or sftp, is available for OS X, the newest kid on the block, as well as most other unix variations. Yet Telus, my Internet Service Provider and a relatively big player in this industry, apparently hasn't heard of it. Someone should demo a G4 server running Apache for them. Anyway, my social comment aside, a lot of this unix security stuff is cutting edge, and there just isn't a single source to learn about it.

There is a risk of drowning in information, or of possibly compromising your system when applying a security measure blindly. My intention here is to collect enough good resources on the subject to present a balanced picture. This series has already outlined basic steps for securing an OS X system or network. Like a buffet dinner, you can try what you feel like trying, and implement what seems reasonable for you. You're in good company with OS X.

As I write, it's Saturday evening, September 29th. Apple released OS X.1 upgrade packages to its dealers this morning. I had to cover a staffing hole at our office today, so I dropped by my Apple dealer later in the afternoon. They were all gone! Well, this shop is a going concern even on a Monday, much less a Saturday, so I wasn't overly surprised. I then dropped by a downtown place that sells anything that has a plug on it. Macs aren't their biggest interest, so I'll bet they were even more surprised than I would have been to find customers lined up at opening time this morning, waiting for their free copies of the upgrade! All copies were gone within the first half-hour. It was at that moment that I realized this OS X thing is really going to fly. Regular readers of my Critical Mass column know that I've made every logical case possible for OS X, but the street-wise among us know that logic seems to have surprisingly little to do with people's computer-related decisions. Maybe that tide is turning.

Next time, we'll step back, see where we are, and wind up this series. Ciao.