September 18, 2008

Macs for security (now, with new improved NSA hardening tips!)

Frequent browsers will recall that the top tip number 1 for every user out there is to buy a Mac. That's for several reasons:

  • the security engineering is solid, based on a long history of around 15 years of security programming tradition in Unix
  • Apple have also maintained a security tradition, from well before OSX
  • it remains a "smaller market share" so benefits from the monoculture bounty

Now there is another reason: hardening tips from the NSA (or here with disclaimers).

Well, this isn't exactly a reason but more a bonus (likely there is a hardening tips for other popular operating systems as well). However, it is a useful resource for those people who really want more than a standard user install, without the compromises!

(Note, many of the hardening tips are beyond normal users, so seek experienced advice before following them slavishly.)

Posted by iang at September 18, 2008 12:11 PM | TrackBack
Comments

F**king government idiots.

Even the most basic sophisticated Mac user knows that the absolute essential, number one, "every idiot knows this" tip for OSX is:

Buy and use "Little Snitch"

My GRANDMOTHER would know "Oh, when you buy a Mac you have to buy and use Little Snitch."

The fact that the NSA doesn't appear to know this is beyond belief.

Idiots.

Posted by: Some Grandma's Grandson at September 18, 2008 01:08 PM

similar, but different ... nearly 40yrs ago
http://www.nsa.gov/selinux/list-archive/0409/8362.cfm

I wasn't aware of it at the time, didn't find out until much later. However, as undergraduate in the 60s, I was doing lots of kernel enhancements (many would be picked up and shipped in product) ... and would even periodically get requests from the vendor about doing specific enhancements.

In later years, I conjectured that some requests may have even originated from some of these other customers. More recently i've periodically commented that some of these (security oriented) things I was asked to do ... wasn't just things not being addressed in many current platforms ... they were things that current platforms don't even realize are security issues.

--
40+ yrs virtualization experience, online at home since Mar70

Posted by: Lynn Wheeler at September 19, 2008 09:21 AM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.