Magnet Mail Archive: Mac OS X security guidelines from LBNL

From: Aron Roberts <aron_at_socrates.berkeley.edu>
Date: Tue Mar 15 2005 - 13:31:15 PST

Regarding securing Macintoshes from attack, Marilyn Saarni noted
that LBNL, our neighbors on the hill, updated and expanded their Mac
OS X security guidelines just last week:

http://www.lbl.gov/ITSD/Security/systems/mac_guidelines.html

These guidelines can serve as either an excellent primary resource
or as a supplemental document for securing a Macintosh running Mac OS
X (workstation or server) on the Berkeley campus network.

Two caveats:

First, as Marilyn pointed out, "These guidelines are mostly for
"strictest" security, and sometimes you can't get things done if you
use such strict security." However, from an initial quick scan of
the workstation and server guidelines, my impression is that you
should be able to follow most, if not all, of the recommendations in
these guidelines without causing undue inconvenience to the vast
majority of your Mac OS X users.

In addition, there are a few places in these guidelines which
necessarily contain references specific to LBNL site licenses,
installers, and the like, but those appear to be fairly clearly
delineated in most instances from the generally applicable
recommendations.

Aron Roberts
Workstation Software Support Group

P.S. Credit for this LBNL document goes to Eugene ("Gene") Schultz.
Tom Hitchcock provided screen shots, and others are credited in the
document itself: "Annette Greiner, Keith Olsen, Christopher Payne,
Nat Stoddard, and Dave Busby provided generous amounts of input and
feedback [and] Chip Smith also provided a final 'sanity check' of
this document." Marilyn noted that "Gene really worked hard to make
it user-friendly, and he will continue to revise it."

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Tue Mar 15 13:34:21 2005

This archive was generated by hypermail 2.1.8 : Tue Mar 15 2005 - 13:34:21 PST