S 2.479 Planning the Mac OS X security policies

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator, Head of IT

One of the most important organisational tasks to be performed when implementing Mac OS X is to define and plan an appropriate security policy for MAC OS X. This policy should be based on S 2.322 Defining a security policy for a client/server network and defines the security requirements for Mac OS X clients to be implemented at a later stage.

All users and persons participating in the purchasing and operation of the clients must be familiar with the security policy and follow it while working. Like all guidelines, its contents and its implementation should be examined regularly in the framework of a general audit.

The requirements defined in the Mac OS X security policy are implemented by means of corresponding security settings on the operating system level. In those cases in which the technical safeguards do not provide enough protection, they must be accompanied and supported by additional organisational safeguards. If possible, a technical solution should always be preferred over an organisational solution.

The security policy to be created must be based on the currently valid security policies of the particular organisation and must not contradict these policies. In general, the existing rules applying to MAC OS X are adapted or extended accordingly. In this context, specific Mac OS X technologies such as FileVault and Time Machine in particular must be taken into account. In general, planning for the Mac OS X infrastructure is based on the particular organisation-wide security policy. The infrastructure, however, has an influence on the organisation-wide security policy via a feedback process. In addition, it must be ensured when creating the security policy that the applicable legal regulations are taken into account. The security policy for Mac OS X must be documented and the users of the client/server network must be informed of the policies to the extent required. All administrators should know and implement the security policies.

The following topics provide a rough overview of the areas such a policy needs to cover. Depending on the organisation and the operational scenarios to be implemented, it may be necessary to consider other aspects.

Configuration and administration strategy

First of all, the general configuration and administration strategy ("liberal" or "restrictive") should be specified, as the other decisions will mainly depend on this specification.

For clients with normal protection requirements, a relatively liberal strategy can be selected making the configuration and administration much easier in many cases. But in these cases, too, it is recommended to design the strategy only as liberally as necessary.

For clients with high protection requirements, a restrictive strategy is generally recommended. For clients with special protection requirements regarding one of the three basic values of confidentiality, availability and integrity, a restrictive configuration and administration strategy should be implemented.

Physical security

The physical security must be taken into account when planning the Mac OS X security policy since these operating systems can also be used on mobile computers. The general recommendations for physical security provided in module M 3.1 General client must be implemented.

Responsibilities

The responsibilities for the operation of the Mac OS X systems must be specified by the Mac OS X security policy.

The policy must specify which administrator must assume which responsibilities. The responsibilities to be assumed can include the following, for example:

• Modifying the security parameters
• Evaluating the log files
• Granting access rights and system authorisations
• Changing and storing passwords
• Performing data backups and data restorations.

It is also necessary for the end users performing administrative tasks in a client/server network to assume certain responsibilities. In general, these responsibilities are limited to granting other users (application/data) access authorisations to their own files provided that these authorisations need to be specified explicitly and the default authorisation settings of the parent directory are not applied. The end users must receive training on the application of the administrative activities within the limits of their responsibility.

System administration should be performed by trained network administrators. Suitable rules for substitutes must be made in this case in the framework of contingency planning.

Communication security

Requirements for the security of data transmissions must also be included in the security policy. It is recommended to formulate basic requirements (target state) for transmission security in the security policy and then formulate any exceptions necessary due to the local conditions. In this context, questions relating to the required level of authenticity, confidentiality, integrity, and availability must be taken into account.

It must be decided which network services of the Mac OS X system are to be provided for other IT systems. Each activated network service can be a potential target for attack; thus, the selection should be restricted to necessary network services. In S 5.165 Deactivation of unnecessary Mac OS X network services, recommendations on how to deactivate unnecessary network services can be found

When implementing the requirements, it is also necessary to consider the possibility of using the Mac OS X Desktop Firewall (see S 5.166 Configuration of the Mac OS X Personal Firewall).

Encryption

It must be decided if and which information is to be encrypted. Especially on mobile IT systems, it is recommended to encrypt the information. The FileVault software with which the user directories can be protected by means of encryption is an integral part of Mac OS X. More detailed information on the BitLocker can be found in S 4.372 Use of FileVault under Mac OS X. As an alternative, the hard disk could be encrypted using software by third-party providers.

When using encrypted file systems, a separate concept should be developed and special care should be taken when documenting the details of the configuration. In the event of problems such as the loss of the key or the passphrase for the key, incorrect configuration or similar problems, the data on the encrypted file systems could be lost completely.

Data backups

To counteract data losses, all relevant information of the Mac OS X clients must be backed up at regular intervals. For this purpose, the storage location and frequency of the backup must be specified. These decisions must be integrated into the organisation-wide data backup concept and must not contradict this concept. The generated data backups must be checked at regular intervals for errors. More detailed information on the backup of data under Mac OS X can be found in S 6.146 Data backup and restoration of Mac OS X clients.

Logs

Like many Unix systems, Mac OS X offers extensive capabilities for logging security-related events (successful and/or failed attempts). In advance, the following questions must be answered:

• Which events are logged?
• Where are the log files stored?
• How and at which intervals are the logs evaluated?

When defining the log settings, the overall system monitoring concept must be considered. More detailed information on logging under Unix systems can be found in S 4.106 Activation of system logging and S 4.25 Use of logging in Unix systems.

Review questions:

• Is there a security policy for Mac OS X?
• Is the security policy for Mac OS X based on the currently valid security policies of the particular company or of the particular government agency?
• Were the Mac OS X users informed of the security policy to the required extent?
• Are all relevant areas covered by the Mac OS X security policy?