Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
12345678910
UNCLASSIFIED
UNCLASSIFIED
2
Scope of Guidance
Apple’s Mac OS X operating system is very versatile and can be used not only as a
client workstation, but also to manage and serve entire networks of machines and
users. Apple offers two versions of the operating system: Mac OS X and Mac OS
X Server. The two products offer many of the same administration and
configuration features. The server version provides additional tools designed to
assist the administrator in managing networks of computers and users, to include
other environments such as Windows and other UNIX-based systems. The default
configuration for Mac OS X Server is not as “locked-down” from a security
standpoint as Mac OS X. This is by design, since a server being used to administer
an entire network will typically need more services available.
The goal of this guidance is to provide instruction on securing Mac OS X Server
systems, including secure configuration of a system running Mac OS X Server 10.3.x;
the management of network vice local user accounts; managing Mac OS X 10.3.x
clients using Mac OS X Server 10.3.x; the configuration of specific server functions,
such as mail or web services; and using the built-in IP filtering features.
This guidance is designed to give instruction on securing a Mac OS X Server 10.3.x
system, and on securely managing Mac OS X servers and clients in a networked
environment. It does not provide instruction on securing a Mac OS X client
machine. For assistance in securing Mac OS X 10.3.x clients, please see the “Apple
Mac OS X v10.3.x Panther Security Configuration Guide.” It also does not provide
complete guidance on installation of a Server and the various services that may be
run on that machine. For information on correctly installing and configuring server
and server functions, consult the Apple system administration guidance, listed in the
References chapter.
This guidance cannot cover all possible network architectures where Mac OS X
Server might be used. The instructions here are designed to assist the administrator
in designing a secure network architecture using Mac OS X Server, in making sure
systems used in the designed network are configured securely, and in determining
the best ways to securely manage OS X systems in a networked environment. Good
network security and design must be used for this guidance to be effective, and it is
expected that anyone using this guidance will be familiar with general computer and
network security principles.
Finally, it is assumed that anyone using this guidance is familiar with UNIX security
basics, such as setting file permissions, setting file paths, and use of the setuid bit.
These security basics are well documented; therefore, this guide will not address
them.
Guidance in this document is intended for a system running Mac OS X Server 10.3.x
and may not be applicable to other versions.