|
A. Purpose
These guidelines are intended to produce a level of security
in Mac OS X systems that represents a reasonable balance between
security and functionality/usability. Although Macs are easy
to use, securing the underlying operating system is much more
complicated than simply using a Mac. For one thing, every
Mac OS X system boots Mac OS X but may also run Classic; if
Classic is running[2], the number of functions
and configurations needing to be secured increases substantially.
The fact that Mac OS X comes in server and workstation versions
to some degree also complicates securing Mac OS X systems
because different things generally need to be done to secure
servers as opposed to workstations, the latter of which almost
invariably do not require as high a level of security as the
former.
B. Caveats
This checklist is intended to apply to Mac OS X 10.2. If you
run an older version of Mac OS X, differences between the
different versions of this operating system (e.g., between
Mac OS X 10.1 and Mac OS X 10.2) may render certain steps
inapplicable or only partially applicable. Furthermore, Apple's
Software Update mechanism does not push security updates to
older versions, so upgrading to Mac OS X 10.2 is highly advisable.
If you do not have version 10.2, you’ll need to carefully
test each step to ensure that it works as expected on your
particular system.
Additionally, although Mac OS X server and workstation are
similar, security needs for each are likely to differ. In
general, servers need to be more secure than workstations.
For this reason, we have provided separate checklists for
the two versions:
____________________
1. These guidelines were written by Gene
Schultz of the Computer Protection Program. Annette Greiner,
Keith Olsen, Christopher Payne, Nat Stoddard, and Dave Busby
provided generous amounts of input and feedback. Chip Smith
also provided a final “sanity check” of this document.
2. For OS X Server systems it is best for
the sake of security to not install Classic at all.
|
