posted by Bill Leeper on Tue 7th Feb 2006 23:55 UTC
Icon"Assuming that 'because it's a Mac, it's safe' is no longer wise" is probably one of this book's most important themes. It has been my experience that too many Mac users "know" that OS X is secure and therefore they have nothing to worry about. This book shows just how wrong that attitude is.

As for me, I liked the book, It is a hard book to read, mainly because of the detail it goes into. Be prepared to spend some time with it.

The biggest problem I had with this book is an inherent problem with printed books in the information age: the information is a bit dated. It was written around OS X 10.2.2 but despite its relative antiquity, it should pretty much apply to the latest version of OS X as well. The tools mentioned throughout the book still exist and will have been updated by now and the links I followed out are still valid.

If you are an OS X user and are at all interested in security then read this book. It gives step-by-step instructions on how to secure a Mac and is actually a good primer on UNIX security in general. It is laid out in four parts: Basic Security, Vulnerabilities and Exposures, Mac Specific Resources and How to Secure Them, and Prevention, Detection and Reaction to Attacks.

Part 1 is a very good primer about policies for anyone needing to set up a network involving Macs or even multiple users on a single computer. It talks about how to write rules and usage guidelines for your users that will not only help secure the system, but will also ensure that your guidelines are enforceable.

Part 2 goes into how to protect your sensitive data from the different types of attacks. It covers the methods and programs that can be used against you and how to stop them.

This section is a very good primer on how to choose a secure password. It has been my experience that Mac users are no different than Windows users in this respect. They don't know how to choose a password. Most I know will be very surprised at how easy and fast it is too crack the typical password. This section covers the tools that can be used and also list some impressively short times to crack a password. Using an alpha only password with only lower case, in this case asdzxc, a cracking program using the dictionary approach had the password added to the end of a 234,000 word dictionary. It took just 77 seconds to crack the password. changing the rules in the cracking program to force it to try checking variants based on common password patterns still allowed the password to be cracked in just over 21 minutes. This is a must read for just about everyone.

Part 3 provides in-depth information about server resources such as FTP, and File Sharing, and provides tips and tricks to use to protect those services. It provides sample configuration files and explains in line-by-line detail what the files do. Some handy tables list the most common switches and explains what they are for.

Part 4 covers Intrusion Detection and how to react to an attack. It also has coverage of the basics of backing up your data to prepare for disaster and recovery.

In summary, it's a great book for those serous about understanding security, but most computer novices would be better off spending their money elsewhere. There are several chapters that have useful information for you, but not enough to make it worthwhile. Some UNIX knowledge is required to get the most out of this book. If you have a bit of computer knowledge and would like to learn more about security then I would suggest getting this book. It is a very good primer on security and will teach you what you need to know to secure your system. If you are a fledgling System Administrator then definitely get this book. It will teach you everything you wish you already knew about setting up and securing Mac OS X systems in a network environment.

For more information, or to purchase this book, see it at Amazon.com:

e p (0)    18 Comment(s)

Technology White Papers

See More