Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The Ultimate OS X Hardening Guide Collection

Published: 2012-02-20
Last Updated: 2012-02-20 02:04:54 UTC
by Johannes Ullrich (Version: 1)
7 comment(s)

Many security professionals tend to use OS X systems. Maybe for the nice and shiny looks, or the Unix under pinnings that make it a great platform to run current tools. However, the operating system itself isn't exactly "secure out of the box" and like all operating systems can profit from some additional hardening tricks. 

I have recently looked over a number of OS X hardening guides, and found that not many specifically address the latest version of OS X (Lion, 10.7), nor are they necessarily well maintained. Instead of coming up with another (soon to be outdated) guide, I am trying to come up with a "meta guide". If you know of a good hardening guide for OS X: Please let me know. Also, if there are any tricks that you find useful (or things that fired back and didn't work at all): Let me know too. 

Most notably: Apple released a guide for each version of OS X up to Snow Leopard, but I can't find one for Lion. Does it exist?

Here are some of the guides that I have sound so far:

Apple: http://www.apple.com/support/security/guides/
NSA Guide: http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf
Mac Shadows: http://www.macshadows.com/kb/index.php?title=Hardening_Mac_OS_X
Univ. Texas: https://wikis.utexas.edu/display/ISO/Mac+OS+X+Server+Hardening+Checklist
Center for Internet Security: http://benchmarks.cisecurity.org/en-us/?route=downloads.browse.category.benchmarks.os.unix.osx

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

7 comment(s)
Diary Archives