Mac OS X Security

The following review was originally made for the Lower East Side Mac Unix Users Group, (lesmuug.org).OVERVIEW--I was heading out soon to my first 'DefCon Experience' this summer, so when I saw this Security book with a really ugly green-trippy cover on the LESMUUG bookshelf, I was immediately interested.I'd read loads of security materials before, some good, some completely stupid. Good security is never an absolute, any experienced locksmith or network security admin knows this, so I'm wary of any resource which states 'Do this, and your safe' (except from the author of the resource).This book met, and exceeded my base expectations, starting out expressing this very sentiment- and constantly refers to the idea that every feature (even just booting), carries with it consequences- some having greater chances of being compromised in some way.That stated, every nuts-and-bolts section deals with the risks involved with a given system component, and gives best-practice real world examples. Noteworthy, is that the book rarely says 'do this', as this violates basic principles security, but instead explains how your system works in the context of securing your data, gives general conceptual workarounds, and assesses their general consequences.Clear distinctions between Mac OSX, Darwin, and Mac OSX Server are clearly defined and referenced- and the information covered definitely applies to the future with 'Panther', (though some of the locations of various resources will likely change).BOOK SUMMARY--The book is divided up into sections for easy reference, but I'll summarize it all by grouping things into 3 main sections:1) Finder: User (finder level) Application security2) Darwin: Server and general UNIX security3) Enterprise Security/Authentication systems built into MOSX and how-to use themAll the sections cross reference each-other nicely, (for example, secure Mail.app usage [and protecting local mail data], is totally shot if your mail server is insecure). The materials on User-level security really go deep into the way the system relies on various system frameworks, and how these frameworks are secured.It also goes into depth on how Keychain.app works, and how to effectively use it- (as well as touching on how developers can implement it).To me, a web application developer, the Darwin and general UNIX security section was most useful to me, as it gave the MOSX equivalents for a lot of what I do daily on freeBSD servers (and gave a deeper understanding of how thoughtfully designed Darwin is!)Additionally, clear how-to's of almost every basic secure system is covered, (SSL, SSH, Tunneling, authentication best practice, etc...), excellent practical info for both newbies and professionals alike. (All of it made me want to do more system development and hosting on Darwin after going through this!)The Enterprise security sections (network/security) give a great overview of both practical use, and the internals of things like NetInfo, LDAP, Kerberos, e

If you're the owner of a Macintosh running OS X and security is either a concern or an interest, this book is a great reference.It covers both the very basics in good layman's terms and identifies what is useful information to the average user, such as safely sharing a computer between many users, encrypting files, saving passwords, and how to prevent unauthorized use.For system administrators and power users, it points out and describes the security considerations of using the more advanced features features of Mac OS X, including file sharing, NetInfo, the Apache web server, and the many networking features and protocols for which Mac OS X includes support.In order to prevent and monitor for security incidents, the book contains a good description of monitoring an OS X system, and in the unfortunate case of such an incident happening, forensics tools are discussed as well.In summary, "Mac OS X Security" is a comprehensive reference on the security features, functionality, and strengthening of Apple's new operating system with good information for OS X users of all levels of skill.-Peter Bartoli