Home > Articles > Security > Network Security

A Simple Guide To Macintosh Security

By Larry Loeb
Sep 10, 2004

Article Contents

Page 1 of 4 Next >

Larry Loeb

Learn more…

Voulez-Vous un Rendezvous? The Simple Guide to Apple Networking: Feb 11, 2005
Yellow Dog Linux for the Macintosh: Popping the Kernel: Jan 28, 2005
Hands-On GarageBand: The Instruments: Dec 23, 2004
A Simple Guide To Macintosh Security: Sep 10, 2004

Sorry, this author hasn't posted any blogs.

Like this article? We recommend
Maximum Mac OS X Security

Macintosh security is built in, not added as an afterthought. The design of Mac's OS X made security a top priority and achieved it in many different ways. Larry Loeb gives you an update on some of the ways security has been implemented.

Security on the Macintosh is not a feature that has been bolted on to the OS; it's an integral design point of how the OS functions. OS X is based on the FreeBSD flavor of Unix, and is open source at its core. This means that the idea of security through obscurity (keeping your security methods secret) has been rejected by Apple. It has long been a principle of truly secure systems that they should not contain secrets because once the secrets are discovered by an adversary, the entire system will be compromised. Any truly secure method should function to keep security, even if the method is publicly known. Hence the reliance on open source, which can be inspected by anyone. If there is a vulnerability, it can be found and corrected by the review process that occurs within the community.

OS X Architecture

The system architecture of OS X is built on the Common Data Security model, as shown in the following figure. This infrastructure makes it simple for application developers to integrate security tools into their applications through system APIs.

Figure 1

There are ways that OS X improves on UNIX's standard security methods.

First, the root user of a classic UNIX system is by default not enabled. The same functionality is available to the administrator, who is the first user to sign on to the system after the software has been installed. The administrator sets the password (which can be long) that the system uses to authenticate any later action that can affect security. So any malware that attempts to install itself as root will fail.

Second, the system installs with all communication ports secured as the default action. Only those ports that are required for user-desired communications are opened; the others remain closed. It is much harder for an attacker to obtain entry via a port that the user may not be monitoring.

Security matters are handled primarily by the Security panel of the System Preferences mechanism (it looks like the following figure).

Figure 2

Page 1 of 4 Next >

Discussions

Make a New Comment

You must log in in order to post a comment.

Related Resources

OnHomeandOffice (Video)

Recent Episodes

OnNetworking (Audio + Video)

Recent Episodes

See More Podcasts

Social Networking for the Anti-Socialites: By John Traenkenschuh on November 11, 2009 No Comments; How would Scrooge handle today's emphasis on social networking?

Out of Sight: By John Traenkenschuh on August 29, 2009 No Comments; Must data be live for you to Live?

Windows 7 Feature Focus: Cutting Through the Myths About XP Mode: By Mark Edward Soper on July 14, 2009 No Comments; Windows 7's XP Mode (aka Virtual Windows XP) is one of the most misunderstood options available for Windows 7 Professional, Ultimate, and Enterprise editions. Go beyond the myths and get the FAQs you need to find out if XP Mode is right for you.