Security Basics mailing list archives
Mac X-Server Security Questions...
From: "Brad Berson" <brad.berson () bytebrothers org>
Date: Tue, 5 Apr 2005 11:20:11 -0400
So here's where I'm coming from... I've been doing PC stuff for twenty years. I program, I know networking, applications, know Windows inside and out, and am fairly conversant in security matters from a Windows POV and in general, I think. For several years PCs have been such a huge target that folks in the Mac world have gotten a little too comfortable. Only now in the past month I've personally seen two instances of completely unprotected OS-X boxes getting almost totally compromised. The boxes in question have since been rebuilt and put behind firewalls, and post-mortem forensics are a bit light because the folks who do the Mac work in my organisation went into "oh $#!+" mode, but now I'm interested in learning this environment and figuring out how to permit access while protecting the system. As for what happened, the account database was definitely compromised, and fairly secure passwords were discovered. My initial worry was that Samba would have some NetBIOS -like hole that permitted account enumeration but so far I've seen no supporting evidence, so I'm assuming the account list was compromised through one of many vulnerabilities in OS-X and its accompanying layered packages. The scary part is that in once instance, a freshly rebuilt box, patched and up to date, went back on-line without a firewall and was compromised again in about an hour. So we might have had a zero-day issue just to make things more entertaining. So behind closed ports it stays, at least for now. Now in the PC world nobody in their right mind leaves Windows' file sharing ports open to the Internet, yet in the Mac world it seems like people leave AFP (and Samba) widely accessible. I find this exceptionally scary. Then when you tell the folks how scary that is, they recoil in horror at the idea of having any obstacle in their way to point and click heaven. So what do we do? VPN? What sort of solutions are there? And is there anything special I need to know about OS-X in terms of unusual vulnerabilities from an architecture standpoint? (BSD heritage, I know). Thanks for any input. -Brad --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- Mac X-Server Security Questions... Brad Berson (Apr 06)
- Re: Mac X-Server Security Questions... Javier Blanque (Apr 06)
- Re: Mac X-Server Security Questions... David Haines (Apr 06)
- Re: Mac X-Server Security Questions... Florian Rommel (Apr 07)
- IDMS Database... Tuck Wai Chan (Apr 07)
- <Possible follow-ups>
- RE: Mac X-Server Security Questions... Brad Berson (Apr 07)
- Re: Mac X-Server Security Questions... Javier Blanque (Apr 07)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 08)
- RE: Mac X-Server Security Questions... Brad Berson (Apr 08)
- Re: Mac X-Server Security Questions... Florian Rommel (Apr 08)
- Re: Mac X-Server Security Questions... Florian Rommel (Apr 08)
(Thread continues...)