UNCLASSIFIED ii Warnings • Do not attempt to implement any of the settings in this guide without first testing in a non-operational environment. This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address local operational and policy concerns.• The security changes …

Scope of Guidance Apple’s Mac OS X operating system is very versatile and can be used not only as a client workstation, but also to manage and serve entire networks of machines and users. Apple offers two versions of the operating system: Mac OS X and Mac OS X Server . The two products offer many of the same administration and configuration features. The server version provides additional tools designed to assist the administrator in managing networks of computers and users, to include other environments such as Windows and other UNIX-based systems. The default configuration for Mac OS X Server is not as “locked-down” from a security standpoint as Mac OS X. This is by design, since a server being used to administer an entire network will typically need more services available. The goal of this guidance is to provide instruction on securing Mac OS X Server systems, including secure configuration of a system running Mac OS X Server 10.3.x; the management of network vice local user accounts; managing Mac OS X 10.3.x clients using Mac OS X Server 10.3.x; the configuration of specific server functions, such as mail or web services; and using the built-in IP filtering features. This guidance is designed to give instruction on securing a Mac OS X Server 10.3.x system, and on securely managing Mac OS X servers and clients in a networked environment. It does not provide instruction on securing a Mac OS X client machine. For assistance in securing Mac OS X 10.3.x clients, please see the “Apple Mac OS X v10.3.x Panther Security Configuration Guide.” It also does not provide complete guidance on installation of a Server and the various services that may be run on that machine. For information on correctly installing and configuring server and server functions, consult the Apple system administration guidance, listed in the References chapter. This guidance cannot cover all possible network architectures where Mac OS X Server might be used. The instructions here are designed to assist the administrator in designing a secure network architecture using Mac OS X Server, in making sure systems used in the designed network are configured securely, and in determining the best ways to securely manage OS X systems in a networked environment. Good network security and design must be used for this guidance to be effective, and it is expected that anyone using this guidance will be familiar with general computer and network security principles. Finally, it is assumed that anyone using this guidance is familiar with UNIX security basics, such as setting file permissions, setting file paths, and use of the setuid bit. These security basics are well documented; therefore, this guide will not address them. Guidance in this document is intended for a system running Mac OS X Server 10.3.x and may not be applicable to other versions.

Download Apple Mac OS X Server v10.3.x “Panther” Security Configuration Guide.Pdf