DDÕs Ultimate Guide to
Mac OS Security
Last
updated: 01/11/03
Recent Links:
Some good Mac Security Sites:
Mac
Security News Portal
http://www.macintoshsecurity.com/
STOS
Apple Security Sites:
Apple
Security Site
http://www.info.apple.com/usen/security/
Apple
Security Updates
http://www.info.apple.com/usen/security/security_updates.html
http://www.apple.com/macosx/technologies/security.html
Apple
Security Info
http://developer.apple.com/internet/macosx/securityintro.html
http://developer.apple.com/internet/macosx/securitycompare.html
Mod-ssl
http://developer.apple.com/internet/macosx/modssl.html
OS Security sites related to Mac OS X:
FreeBSD
http://www.FreeBSD.org/security/index.html
http://www.FreeBSD.org/security/index.html#tat
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/faq/security.html
http://www.freebsd.org/security/security.html#spg
OpenBSD
http://www.openbsd.com/security.html
NetBSD
http://www.netbsd.org/Security/
Seminars
http://www.osxfaq.com/Seminars/security/index.ws
Security Articles:
MacWrite
Security Series
http://www.macwrite.com/macsecurity/mac-os-x-security-intro.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-1.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-2.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-3.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-4.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-5.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-6.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-7.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-8.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-9.php
http://www.macwrite.com/macsecurity/mac-os-x-security-part-x.php
http://www.macwrite.com/macsecurity/mac-os-x-security-epilog.php
SANS
Articles
http://rr.sans.org/mac/osx_analysis.php
http://rr.sans.org/mac/default_install.php
http://rr.sans.org/mac/freebsd.php
http://rr.sans.org/mac/OSX_sec.php
http://rr.sans.org/mac/macosx.php
http://rr.sans.org/mac/macOS_X.php
http://rr.sans.org/mac/mac_sec.php
More Interesting Articles
http://www.macosxhints.com/article.php?story=20010125010757972
http://maccentral.macworld.com/news/0006/23.macosx.shtml
http://www.oreillynet.com/pub/a/wireless/2001/11/20/secure_webcam.html
http://www.transceiver.co.uk/txt/osx.html
http://www.uh.edu/infotech/services/documentation/2002/osx/osx_security-main.html
http://rsug.itd.umich.edu/software/radmind/
Tutorials:
Apache
Security
http://httpd.apache.org/docs/misc/security_tips.html
http://www.linuxplanet.com/linuxplanet/tutorials/1527/1/
http://www.intersectalliance.com/projects/ApacheConfig/
http://www.apacheweek.com/security/
http://www.oreilly.com/catalog/apache2/chapter/ch13.html
http://stein.cshl.org/~lstein/talks/perl_conference/apache_security/
http://www.bignosebird.com/apache/a11.shtml
http://www.securiteam.com/securityreviews/5WP0M1P6KC.html
http://www.linuxplanet.com/linuxplanet/tutorials/1527/4/
http://www.intranetjournal.com/articles/200005/apachndex.html
http://www.eweek.com/article2/0,3959,1866,00.asp
http://www.infosecuritymag.com/articles/april01/features1_web_server_sec.shtml
Apache on Mac OS X
http://www.macdevcenter.com/pub/ct/49
SSH
Faqs
http://www.employees.org/~satch/ssh/faq/ssh-faq.html
http://www.onsight.com/faq/ssh/ssh-faq.html
http://www.openssh.com/faq.html
SSH
Info (MacOSXHints)
http://www.macosxhints.com/article.php?story=20010401050833391
http://www.macosxhints.com/article.php?story=20020710081854599
http://www.macosxhints.com/article.php?story=20020708094743450
http://www.macosxhints.com/article.php?story=20020618220328510
http://www.macosxhints.com/article.php?story=20020528084325174
http://www.macosxhints.com/article.php?story=20020318015820524
http://www.macosxhints.com/article.php?story=2002012509205049
http://www.macosxhints.com/article.php?story=20020102170903846
http://www.macosxhints.com/article.php?story=20011206171635606
http://www.macosxhints.com/article.php?story=20011207004643312
http://www.macosxhints.com/article.php?story=20011128174701140
http://www.macosxhints.com/article.php?story=20011118023512968
http://www.macosxhints.com/article.php?story=20011018033112543
http://www.macosxhints.com/article.php?story=20010920213417365
http://www.macosxhints.com/article.php?story=20010917031724504
http://www.macosxhints.com/article.php?story=2001052910385397
http://www.macosxhints.com/article.php?story=20010427210214541
http://www.macosxhints.com/article.php?story=20010414173020484
OpenSSL
Internet
Port Numbers
http://www.iana.org/assignments/port-numbers
Mac OS X Security Apps:
Good Tools (General)
http://www.macsecurity.org/tools/
http://www.macosxapps.com/index.php?topic=security
Intrusion Detection
Snort
for Mac OS X
http://homepage.mac.com/nickzman/
NMAP
http://www.insecure.org/nmap/index.html/
NMAP
Gui for Mac OS X
http://faktory.org/m/software/nmap/
File Integrity
Tripwire
http://sourceforge.net/projects/tripwire
http://www.tripwire.com//products/tripwire_asr/
Radmind (This is a great package from U Mich)
Fcheck (It will compile under Mac OS X)
http://www.geocities.com/fcheck2000/fcheck.html
Checkmate
http://personalpages.tds.net/~brian_hill/checkmate.html
SamHain
http://samhain.sourceforge.net/surround.html?main_q.html&2
Osiris
Aide
http://www.cs.tut.fi/~rammer/aide.html
Vulnerability Assessments
MacAnalysis
Nessus
SSH Tools
OpenSSH
http://www.stepwise.com/Articles/Workbench/2001-12-17.01.html
SSH
Helpers
http://www.arenasoftware.com/grepsoft/
http://www.gideonsoftworks.com/sshhelper.html
http://www.codefab.com/unsupported/SSHPassKey_v1.1-1-README.html
Secure File Transfer
Secure
FTP
http://pro.wanadoo.fr/chombier/
http://www.rbrowser.com/DownLoad.html
http://www.glub.com/products/secureftp/
http://members.ozemail.com.au/~pli/netfinder/
http://www.panic.com/transmit/download.html
Secure
Server
http://www.glub.com/products/ftpswrap/
http://rsug.itd.umich.edu/software/fugu/
Secure
AFP
Firewalls
Brickhouse
http://personalpages.tds.net/~brian_hill/brickhouse.html
Firewalk
http://www.pliris-soft.com/products/firewalkx/index.html
Impasse
http://glu.com/products/impasse/
Addresser
http://software.theresistance.net/#macfree
sunShield
http://homepage.mac.com/opalliere/Menu3.html
Norton
Firewall
http://www.symantec.com/sabu/nis/npf_mac/index.html
WhoÕs
there?
http://www2.opendoor.com/WhosThere/WhosThereDownloadNow.html/
Netsentry
http://www.sustworks.com/site/index.html
NetBarrier
http://www.intego.com/netbarrier/home.html
VPNs
DigiTunnel
VPNConnect
http://www.shiftmanager.net/~kurt/VTUN_ON_OSX/VTUNonOSX.html
PiePants
http://homepage.mac.com/robthedude/PiePants/
File Encryption
OpenGPG
http://macgpg.sourceforge.net/
GPGFileTool
http://macgpg.sourceforge.net/
GPG
Tools
http://www.tomsci.com/gpgtools/
PGP
http://www.pgp.com/display.php?pageID=21
SubRosa
Tresor
http://www.warlord.li/english/tresor.html
Mail
Encryption
EntourageGPG
http://software.simonster.com/entourageGPG.php
GPGMail
http://www.sente.ch/software/GPGMail/
Passwords Handling
http://www.web-confidential.com/
http://www.koingosw.com/products/password_retriever.shtml
http://www.CryptonicTech.com/products.html#PasswordGenerator
http://home.snafu.de/erich/shareware/forgotit_dl.html
(Hey I wrote
this!)
More Crypto
http://www.codetek.com/php/index.php
OpenFirmware Password:
http://docs.info.apple.com/article.html?artnum=120095
Good tutorial
http://www.macosxlabs.org/documentation/firmware_security/intro.html
Secure File Deletion
BCWipe (compiles nicely for Mac OS X, just do a make)
http://www.jetico.com/bcwipe3.htm
SuperScrubber (Very nice app, DoD Spec device wiping)
http://www.jiiva.com/superscrubber/ss-mc001.html
Safe Shred
http://www.codetek.com/php/safeshred.php
ShredIt
http://www.mireth.com/pub/download.html
Aladdin Secure Delete
http://www.aladdinsys.com/secure_delete/
Symantec
Good Old rm ÐP
Read the man
page (man rm)
Anti-Virus
http://www.symantec.com/avcenter/download/pages/US-NMC.html
http://www.virusbarrier.com/virusbarrier/home.html
http://www.mcafeeb2b.com/naicommon/download/dats/find.asp
http://www.sophos.com/downloads/beta/mac.html
Anti-Spam
http://www.railheaddesign.com/pages/software/spamstopper/spamstopper.html
http://www.matterform.com/?page=spamfire
http://www.frank-blome.de/mailfilterx/index.html
Laptop Tracking
http://www.pcphonehome.com/download.html
http://www.stealthsignal.com/web/main.asp
http://www.OCF.Berkeley.EDU/~radian/robert/
Wireless
Wireless Security
http://www.80211-planet.com/news/article/0,,1481_1383361,00.html
MacStumbler
http://homepage.mac.com/macstumbler/
General Security Sites:
Cert Unix Security Checklist
http://www.cert.org/tech_tips/usc20_full.html
CERT Home Security
http://www.cert.org/tech_tips/home_networks.html
CERT Intruder Detection Checklist
http://www.cert.org/tech_tips/intruder_detection_checklist.html
Incident Reporting Guidelines
http://www.cert.org/tech_tips/incident_reporting.html
Unix Computer Security
http://www.unixtools.com/security.html
FIRST
SecurityPortal
CERIAS
http://www.cerias.purdue.edu/hotlist/
Qualys
NFRSecurity
SecurityFocus
SC OnLine
Computer Security Institute
ITSecurity
http://www.itsecurity.com/defaultie5.htm
CIAC
OÕReilly
NIPC
http://www.nipc.gov/warnings/computertips.htm
EPIC
Packet Storm
http://packetstorm.decepticons.org/
NSA Security Recommendation Guides
NSA Infosec
http://www.nsa.gov/isso/index.html
GRC
Firewalls
SecureRoot
UseNix
CIAC Documents
http://www.ciac.org/cgi-bin/index/documents
DOE Information Security
Information Security Magazine
http://www.infosecuritymag.com
Shmoo
Great Mac OS X Sites
http://osx.hyperjeff.net/Links.html
http://www.macosxhints.com/links.php