For Mac OS X Version 10.6 Snow Leopard
K Apple Inc.
© 2010 Apple Inc. All rights reserved.
The owner or authorized user of a valid copy of Mac OS X software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to ensure that the information in this manual is accurate. Apple is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino, CA 95014 408-996-1010 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AirPort, AppleScript, AppleShare, AppleTalk, Back to My Mac, Bonjour, Boot Camp, ColorSync, Exposé, FileVault, FireWire, iCal, iChat, iMac, iPhoto, iSight, iTunes, Keychain, Mac, MacBook, MacBook Air, Macintosh, Mac OS, QuickTime, Safari, Snow Leopard, Spaces, Spotlight, Tiger, Time Machine, Xgrid, Xsan, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. Apple Remote Desktop, Finder, and QuickTime Broadcaster are trademarks of Apple Inc. MobileMe is a service mark of Apple Inc.
Adobe and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. The Bluetooth word mark and logos are registered trademarks owned by Bluetooth SIG, Inc. and any use of such marks by Apple is under license. Intel, Intel Core, and Xeon are trademarks of Intel Corp. in the U.S. and other countries. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. UNIX® is a registered trademark of The Open Group. X Window System is a trademark of the Massachusetts Institute of Technology. This product includes software developed by the University of California, Berkeley, FreeBSD, Inc., The NetBSD Foundation, Inc., and their respective contributors. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products. 019-1828/2010-05
11 11 11 12 13 13 13 13 14 14 14 15 16 17 18 18 18 19 20 20 21 21 22 22 23 23 24 24 25 26 26 27
About This Guide Audience What’s in This Guide Using This Guide Using the Command-Line Instructions from This Guide Using Onscreen Help Mac Help Related Snow Leopard Server Security Guide Viewing PDF Guides on Screen Printing PDF Guides Getting Documentation Updates Getting Additional Information Acknowledgments Introduction to Mac OS X Security Architecture Security Architectural Overview UNIX Infrastructure Access Permissions Security Framework Layered Security Defense Network Security Credential Management Public Key Infrastructure (PKI) What’s New in Snow Leopard v10.6 Existing Security Features in Snow Leopard Signed Applications Mandatory Access Controls Sandboxing Managed User Accounts Enhanced Quarantining Application-Based and IP Firewalls Memory and Runtime Protection Securing Sharing and Collaborative Services
27 27 27 28 28 28 28 29 29 30 Chapter 2 31 31 31 32 33 33 33 34 35 35 35 36 37 38 40 40 41 41 41 43 43 44 45 45 45 46 47 48 48 49 51
Service Access Control Lists VPN Compatibility and Integration Improved Cryptography Extended Validation Certificates Wildcard in Identity Preferences Enhanced Command-Line Tools FileVault and Encrypted Storage Enhanced Encrypted Disk...