SANS InfoSec Reading Room - Mac/Apple Issues

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

Click Here

Featuring 13 papers as of May 25, 2013
PDF iPhone Backup Files. A Penetration Tester's Treasure
By: Darren Manners (posted on February 7, 2012)
One of the noticeable changes in recent technology history is the emergence of the smart phone. Technological advances in these fields have created devices that have almost the equivalent power and functionality of desktop computers.
PDF iPad Security Settings And Risk Review For iOS 4.X
By: Jim Horwath (posted on November 11, 2011)
The introduction of mobile computing introduces new risks and concerns to the firm. There are many questions concerning the operation, compliance, cost and risk with mobile computing devices.
PDF Covering the Tracks on Mac OS X Leopard
By: Charlie Scott (posted on January 9, 2009)
In this paper, I apply the “Covering the Tracks” techniques described in the SANS SEC 504 course to Mac OS X
PDF Auditing Mac OS X Compliance with the Center for Internet Security Benchmark Using Nessus
By: Ricky Smith (posted on November 10, 2008)
This paper describes the auditing of a Mac OS X v10.5 system using the compliance checks in Nessus 3.2.x from Tenable Network Security.
PDF Secure Configuration of Apache in the Mac OS X Environment
By: Neil Fryer (posted on December 7, 2006)
Within this paper I will attempt to show how to secure both OS X and Apache, so that it can be used as an Internet facing web server.
PDF Single-signon with Open Directory from GNU/Linux
By: Chad Walstrom (posted on May 5, 2005)
This paper examines methods for sharing account and configuration information between networked computers, focusing on the emerging secure standards of Kerberos, LDAP, SSL/TLS, and SASL.
PDF MacOS X: User Friendlier Security for Unix
By: Raleigh Romine (posted on December 13, 2003)
In this paper, we explore the additions and modifications Apple has made to the FreeBSD core to enhance the security of the users of MacOS.
PDF Macintosh Forensic Analysis Using OS X
By: Peter Hawkins (posted on October 31, 2003)
The purpose of this paper is to describe sound forensic techniques as they pertain to the Macintosh operating system.
PDF Mac OS X 10.0 Security Essentials
By: Roland E. Miller (posted on October 31, 2003)
This report constitutes an evaluation of the out-of-the-box security of the shipping version of Mac OS X (version 10.0.4 Build 4Q12).
PDF Securing FreeBSD under Macintosh OSX
By: Bertram McGrath (posted on October 31, 2003)
This instructional paper introduces a broad range of applicable security measures that can be taken to provide a basic level of resistance to intruders, malicious code and damage or compromise to ones PC and/or its electronic contents when using Macintosh OSX.
PDF Improving the Security of a Default Install of Mac OS X (v10.1)
By: Preston Norvell (posted on October 31, 2003)
This paper will take administrators through the processes, both common and unique, of providing a more secure installation of Mac OS X.
PDF Mac OS X 10.1.4: Security Analysis and Recommendations
By: Daniel Deal (posted on October 31, 2003)
This paper is an introduction to the security implications of Apple's latest offering (Mac OS X 10.1.4 at the time of this writing), providing particular focus on NetInfo, Mac OS X's directory system, and is intended to be a starting point for your own research
PDF Securely Integrating iOS Devices into the Business Environment
By: Joshua Brower (posted on )
iOS is the name of Apple’s mobile operating system. Previous to June 2010, it was known as the iPhone OS. Released in the summer of 2007, the first generation iPhone OS was a spectacular hit in the blackberry-dominated smartphone market.
SANS Reading Room

SANS is the ultimate security training program, bar none. It is the most intensive and informative security conference available. It's a must have for infosec professionals.
-Aaron Despain, TriWest Healthcare Alliance

Save 15% on Mentor classes

Latest Whitepapers

Securing BYOD With Network Access Control, a Case Study
By Lawrence Orans

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Latest Tweets

SANS San Francisco 2013 offers 7 courses to boost your Cyber [...]
May 23, 2013 - 3:06 PM

Excellent blog post by @MarkBaggett on pen testing MS SQL vi [...]
May 22, 2013 - 7:39 PM

#appsec "WhatWorks in AppSec: Log Forging" http://t.co/Gsq91O7UAH
May 22, 2013 - 10:00 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU