I'd like to clarify that the majority of MacOS X vulns to date has been client-initiated one way or another. Typically due to parsing bugs or being tricked into hitting malware via client-initiated network delivery. Cross-platform vulns becoming an attractive area for attackers. (Think: PDF, Flash, Word documents, etc.)
The issues I have with Apple's choie of firewall policy defaults (as well as the slow turnaround on patching known vulns sometimes) isn't an end unto itself, just merely one of many possible areas to improve. Apple's Security Guidelines manual covers this with decent breadth as a starting point. User education, appropriate machine and application-level configuration (and defaults), frequent patching, amongst other things still remains very much a vital part of having a well-rounded secured setup. Nothing out of ordinary for any systems manager, regardless of platform. Having no recent experience or knowledge of MacOS X Server-specific security design or issues, I cannot myself verify the validity of others' comments regarding design as being bad, so I must defer. My contributions in the previous post is mostly in bringing awareness to default configs, available options (and additional resources), a few gotchas not well known, as well as an useful guide that not many people may be aware of. My two cents for helping making the world safer. :-) -Dan _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
