Apple has released “Mac OS X Security Configuration For Version 10.5 Leopard” a 240-page guide which provides instructions and recommendations for securing Mac OS X version 10.5 or later, and for maintaining a secure computer.
Mac OS X v10.5 offers the following major security enhancements:
• Better Trojan horse protection. Mac OS X v10.5 marks files that are downloaded to help prevent users from running malicious downloaded applications.
• Stronger runtime security. New technologies such as library randomization and sandboxing help prevent attacks that hijack or modify the software on your system.
• Easier network security. After you’ve activated the new Mac OS X v10.5 application firewall, it configures itself so you get the benefits of firewall protection without needing to understand the details of network ports and protocols.
• Improved secure connectivity. Virtual private network (VPN) support has been enhanced to connect to more of the most popular VPN servers—without additional software.
• Meaningful security alerts. When users receive security alerts and questions too frequently, they may fall into reflexive mode when the system asks a security-related question, clicking OK without thought. Mac OS X v10.5 minimizes the number of security alerts that you see, so when you do see one, it gets your attention.
Apple’s “Mac OS X 10.5 Leopard Security Configuration” guide includes the following chapters:
• Chapter 1, “Introduction to Mac OS X Security Architecture,” explains the infrastructure of Mac OS X. It also discusses the layers of security in Mac OS X.
• Chapter 2, “Installing Mac OS X,” describes how to securely install Mac OS X. The chapter also discusses how to securely install software updates and explains permissions and how to repair them.
• Chapter 3, “Protecting System Hardware,” explains how to physically protect your hardware from attacks. This chapter also tells you how to secure settings that affect users of the computer.
• Chapter 4, “Securing Global System Settings,” describes how to secure global system settings such as firmware and Mac OS X startup. There is also information on setting up system logs to monitor system activity.
• Chapter 5, “Securing Accounts,” describes the types of user accounts and how to securely configure an account. This includes securing the system administrator account, using Open Directory, and using strong authentication.
• Chapter 6, “Securing System Preferences,” describes recommended settings to secure Mac OS X system preferences.
• Chapter 7, “Securing Data and Using Encryption,” describes how to encrypt data and how to use Secure Erase to verify that old data is completely removed.
• Chapter 8, “Securing System Swap and Hibernation Storage,” describes how to secure your system swap and hibernation space of sensitive information.
• Chapter 9, “Avoiding Multiple Simultaneous Account Access,” describes how to avoid fast user switching and local account access to the computer.
• Chapter 10, “Ensuring Data Integrity with Backups,” describes the Time Machine architecture and how to securely backup and restore your computer and data.
• Chapter 11, “Information Assurance with Applications,” describes how to protect your data while using Apple applications.
• Chapter 12, “Information Assurance with Services,” describes how to secure your computer services. It also describes how to protect the computer by securely configuring services.
• Chapter 13, “Advanced Security Management,” describes how to use security audits to validate the integrity of your computer and data.
• Appendix A, “Security Checklist,” provides a checklist that guides you through securing your computer.
• Appendix B, “Security Scripts,” provides a script template for creating a script to secure your computer.
In addition, the Glossary defines terms you’ll encounter as you read the guide.
Apple’s “Mac OS X Security Configuration For Version 10.5 Leopard” guide (3.4MB, .pdf) is here.