Security Configuration For Version 10.5 Leopard Second Edition
K Apple Inc.
© 2008 Apple Inc. All rights reserved.
The owner or authorized user of a valid copy of Mac OS X software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of thispublication or for providing paid-for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino, CA 95014-2084 408-996-1010 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo(Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AirPort, AppleScript, AppleShare, AppleTalk, Bonjour, Boot Camp, ColorSync, Exposé, FileVault, FireWire, iCal, iChat, iMac, iSight, iTunes, Keychain, Leopard, Mac, Mac Book, Macintosh, Mac OS,QuickTime, Safari, Xgrid, Xsan, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. Apple Remote Desktop, Finder, MacBook Air, QuickTime Broadcaster, Spotlight, and Time Machine are trademarks of Apple Inc. MobileMe is a service mark of Apple Inc., registered in the U.S. and other countries.
Adobe and PostScript are trademarks of Adobe Systems Incorporated. TheBluetooth® word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Apple is under license. Intel, Intel Core, and Xeon are trademarks of Intel Corp. in the U.S. and other countries. Java™ and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. PowerPC™ and the PowerPC logo™are trademarks of International Business Machines Corporation, used under license therefrom. UNIX is a registered trademark of The Open Group. X Window System is a trademark of the Massachusetts Institute of Technology This product includes software developed by the University of California, Berkeley, FreeBSD, Inc., The NetBSD Foundation, Inc., and their respective contributors. Other company andproduct names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. 019-1387/2008-12
11 11 11 12 13 13 13 14 15 15 16 16 17 19 20 20 20 21 2122 22 22 23 23 23 24 25 25 25 26 26 27
About This Guide Target Audience What’s New in Version 10.5 What’s in This Guide Using This Guide Using Onscreen Help Mac Help The Mac OS X Server Administration Guides Viewing PDF Guides on Screen Printing PDF Guides Getting Documentation Updates Getting Additional Information Acknowledgments Introduction to Mac OS X Security Architecture ArchitecturalOverview UNIX Infrastructure Access Permissions Security Framework Layered Security Defense Credential Management Network Security Public Key Infrastructure (PKI) Authorization Versus Authentication Security Features in Mac OS X Leopard Mandatory Access Controls Sandboxing Parental Controls Enhanced Protection Against Trojan Applications Application-Based Firewall Signed Applications Smart CardUnlock of FileVault and Encrypted Storage Sharing and Collaboration Services
27 28 28 Chapter 2 29 29 29 30 31 31 31 32 32 33 33 33 34 35 36 37 37 38 38 38 41 41 42 42 43 43 44 45 46 46 47 48 48 49 50 50
Enhanced Encrypted Disk Image Cryptography Enhanced VPN Compatibility and Integration Improved Secure Connectivity Installing Mac OS X System Installation Overview Disabling...