NSA gives security guidance for Mac OS X
- By Susan M. Menke
- Nov 03, 2004
The National Security Agency has posted a 109-page document
on its Web site telling agencies how to securely install and use Apple Computer Inc.'s Mac OS X Version 10.3.x operating system, code-named Panther.
NSA notes that the document is a security guide and 'not meant to replace well-structured policy or sound judgment.' It warns administrators to test only in a non-production environment as similar as possible to the architecture where the OS will be deployed.
In addition to the guidance for secure installation and partitioning of locally administered, networked Mac OS X systems, NSA provides details on system settings, user accounts, Mac OS X Keychain Access and file encryption.
The default settings for the Panther server version are not as locked down for security as the client version, NSA says. It calls for 'very strong user passwords' for Apple's FileVault encryption routines.
NSA plans to issue later guidance for using Mac OS X systems with authentication through the military's Common Access Card and other government smart cards.
The agency's site also offers a number of software downloads as-is, with no warranty implied, such as security-enhanced Linux, patches to the Linux kernel, utility patches and some new open-source programs under the Gnu General Public License.