Re: Mac X-Server Security Questions...
From: Florian Rommel (frommel_at_gmail.com)
Date: 04/07/05
- Previous message: Tiberio Martinez: "Re: SUS server"
- In reply to: David Haines: "Re: Mac X-Server Security Questions..."
- Next in thread: Brad Berson: "RE: Mac X-Server Security Questions..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 07 Apr 2005 11:18:24 +0300 To: security-basics@securityfocus.com
Is it just me of is the original article slightly FUDish? Maybe a Troll,
but ok, I'll bite....
I have worked with Macs for quite a while and have very strong Security,
Unix , Windows Background. I yet have to find a consumer OS (I am aware
of OpenBSD et all but those are hardly consumer OSs) that is as locked
down as OS X. Plus the users are much LESS gullable then the normal
Windows user.
If ,as mentioned, the OS X boxes got compromised (how do you define
"almost completely") then a number of things HAD to happen before:
1.: The user had to have enabled filesharing, which in its own is not
bad and shouldnt really compromise the machine. However would you care
to explain why there is file sharing open and , i suppose you are in a
work LAN, NO Firewall in front?
2.:The user had to have allowed system wide access to something, meaning
he/she had to type in her password for a program to access system files.
Or...
3: the user had to have the root user enabled which in itself is already
nearly ALWAYS unnecessary.
because out of the box, which is what MOST users use on their Mac
(including my wife and she is a Comp Sci student), OS X has 3 very
important things NOT enabled:
1. no root user is enabled, the user is an "admin" which is nothinglike
the Windows Admin, he/she can install programs System wide BUT he/she
has to authenticate if system files are acccessed, otherwise NO GO.
2: no Services ar enabled by default, granted the firewall isnt on
either but how to you connect to an "unprotected" machine if it isnt
listening to anything?
3: Automatic updates checking enabled. This prompts you as soon as an
update is available.
Now, something had to be wrong in those 3 for your users to get
compromised. And that means its the user, not the OS..
However I still find it hard to believe that these boxes got "almost
totally" compromised AFTER all patches wer installed and no specific
file sharing got enabled....
I think it is sad that people have to thru these great lengths to spread
FUD and try to make another OS look good. How then do you define "noone
in their right mind" that leaves file sharing on on windows? Ever seen a
default installation of Windows? ever seen a user that just bought his
PC at the local shop and connected it to the internet? If noone is in
their right mind, how do you explain the millions of zombies out there?....
Move along, nothing to see...
//Florian Rommel, CISSP
http://www.2blocksaway.com
---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals. Norwich University is fulfilling this demand with its MS in
Information Security offered online. Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.
http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------
- Previous message: Tiberio Martinez: "Re: SUS server"
- In reply to: David Haines: "Re: Mac X-Server Security Questions..."
- Next in thread: Brad Berson: "RE: Mac X-Server Security Questions..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
