Re: Mac X-Server Security Questions...

[Florian Rommel <frommel () gmail com>]

Hi Brad,
Ok, let's start this whole thing a bit slower...

May I ask why you would need file sharing (smb or apple) on an 
unprotected internet connection? I mean OS X Server comes with a VPN 
server and Other clients can connect to it (Windows and Mac AFAIK).

As far as not believing you, well I do believe you, the whole thing just 
seemed so far out especially from a security perspective. Also you didnt 
mention in your first post that this was a OS X server, just OSX machine 
that got compromised.  As for the non-NAT offices, yea I ave come across 
a few as well. I have also come across some offices that bought firewall 
services from a ISP and it was never enabled. You can imagine the 
surprise when blaster hit.

About information.. I don't kow where you are located but the NSA OS X 
guides seem to be very good for learning how to nail OS X down.

About your first post however, you did get kinda vague about the whole 
setup, since I understood that the machines were Desktop machines and 
were  connected and file sharing was enabled by default. And you blamed 
it on the Mac users.

"For several years PCs have been such a huge
target that folks in the Mac world have gotten a little too comfortable.
Only now in the past month I've personally seen two instances of
completely unprotected OS-X boxes getting almost totally compromised."

and then:

"Now in the PC world nobody in their right mind leaves Windows' file
sharing ports open to the Internet, yet in the Mac world it seems like
people leave AFP (and Samba) widely accessible."

However you wrote that filesharing is needed and that it had been 
enabled, so how are people in the Mac world leaving smb and afp wide 
open if it had to be enabled because it was needed?

You got a box compromised that had file sharing enabled widely open on 
the internet. I could be the same would happen with almost  any box.


Anyway, I guess we all got off on the wrong foot, so for that I 
apologize however in my defense and by reading another reply to your 
post, I wasnt the only one who "sniffed" some FUD....

Also I highly recommend the NSA guides, even if you dont llive in the US...


Kind Regards,

//Florian Rommel, CISSP



---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------