Mac users traditionally look down on Windows users, as they perceive “their” operating system (OS) to be “completely” secure. One of the main strengths of Mac’s operating system, OS X, is that new users can quickly use the computer productively. They rarely know about the technical details, however, so teaching them about security fundamentals is essential. This book is a welcome variation on the many security books written for end users.
Chapter 1 promises to give a quick start to security. It explains basic security settings, such as setting a login password, Bluetooth security, and securely deleting data. Most important, it explains how to secure keychains: the standard password safe on Macs.
Security fundamentals are covered in chapter 2. The authors explains why OS X is a more appealing target for attackers than OS 9. The chapter continues by elaborating on physical security and firmware security. Protecting the computer’s firmware is important to prevent unauthorized access to user data by booting the computer with a different OS.
Setting up the computer for multiple users, and securing user accounts, is the topic of chapter 3. Even though Mac fans think there is no malware for Macs, worms and Trojans do exist. In chapter 4, the authors provide an overview of current risks and software available to detect malware. Most malware spreads via email, or risky behavior when surfing the Internet; chapter 5 addresses this issue.
The more advanced topics start with chapter 6. Users may not find log files or even know that they exist (chapter 6). A simple application (console) can help readers gain an overview of which files exist, where they are located, and the fact that one can view the file with a simple click. While most of Apple’s user interface is simple to use, the vast number of log files and the number of entries overburden users.
An introduction to network security (chapter 7) encompasses a general introduction to transmission control protocol/Internet protocol (TCP/IP), routing, demilitarized zones (DMZs), hardware such as switches and hubs, and protocols such as 802.1x. OS X comes with a firewall (chapter 8) that can be set up to block certain services and ports. Securing a wireless network (chapter 9) is very important for end users, as many have a wireless access point to connect to their digital subscriber line (DSL) service at home. The book explains how weak encryption compromises security. While the authors state that WiFi protected access with pre-shared key (WPA-PSK) is hard to hack, they could emphasize more directly that WPA-PSK can currently only be attacked successfully if a weak password has been chosen.
Chapter 10 explains how to secure file sharing, and chapter 11 discusses Web site security. These chapters are certainly interesting, but I’m not sure how many users actually use their Mac as a Web server. Remote connectivity (chapter 12) and server security (chapter 13) are also features that I assume to be not as widely used. The question is whether this book gives enough detail for real server admins, or whether it is just a brief how-to for would-be admins. The remaining chapters explain advanced tools: nessus and metasploit. This part of the book can be seen as a starter for readers who want to use Macs in a server environment. I have to admit that I have never seen a large or even medium-sized Mac server infrastructure, but there have to be some out there.
The book is an excellent resource for Mac users, and it should be on the mandatory reading list for anyone who purchases a Mac. If I could change one thing, it would be moving chapter 15 to the first part of the book. Chapter 15 describes Mac’s built-in backup software, Time Machine. Given that most users forget to make backups, this software is incredibly easy to use, especially if used with Mac’s Time Capsule, the single most important reason why I like Macs.
