|Jan 4, 2011, 01:14 PM||#1|
OS X Server hardening security
I recently connected my OSX Server (10.6) box directly to the Internet, and want to harden it against unauthorized use.
I was wondering if anyone could give me some suggestions for what to do. I'm happy to buy some software if necessary.
What I use the server for is, SSH, SFTP, and P2P traffic. It has a dynamic address that is mapped to a specific DNS host entry. The machine also has 2 IP addresses. One for the internal network, and a public IP address. I would also like to ensure that the two aren't bridged (I'm guessing they aren't by default).
Any suggestions, or checklists would be greatly appreciated. I am a total new comer to security so please be gentle.
I do have the Firewall service running as a start.
|Jan 4, 2011, 02:59 PM||#2|
depending on the device, you can also get firewalls with intrusion prevention, and rulesets that will automatically block traffic to ports that would be indicative of a "hacking attack". all of this can be done in software, but as a newbie, you might find it simpler to configure a device specifically designed to do this. I would certainly suggest that connecting first and learning second is foolhardy at best.
|Jan 6, 2011, 12:47 AM||#5|
A few rules that I work off of:
- Only use the services that you need. The fewer the better. Set in Server Admin -> Settings
- Use the built in firewall. It works fine. Remember that a hardware firewall is just another computer running similar or the same software. So not much advantage in my opinion.
- Strong passwords.
- Update regularly. Although it's best to check the apple "communities" forums to make sure the updates don't break anything.
- Check the server logs on a regular basis. You'll see people trying to break in.
- Block out countries at the firewall level if you can. I've blocked out entire continents in the past when I was able to. It really depends on what's being hosted on the server.
- Backup the server on a schedule so if you screw up something, the disk is corrupted, or the server gets compromised you'll have a disk image to restore from.
That's about it. I'm pretty sure that you don't need to lock down things due to manufacturer incompetence like you would on a Plesk or C Panel install.
Bottom line: If you restrict the access to your server (firewall) to only what's absolutely necessary and if you have good passwords then you should be good. SL server is pretty solid right off the install.
|hardening, os x server, security|
|Thread Tools||Search this Thread|
|thread||Thread Starter||Forum||Replies||Last Post|
|Chinese Security Team Exploits Safari Security Flaw at PWN2OWN||MacRumors||Mac Blog Discussion||30||Mar 17, 2014 01:12 PM|
|Security Researchers Detail New Combination of Touch ID and iOS 7 Security Feature Bypasses||MacRumors||iOS Blog Discussion||66||Oct 7, 2013 07:49 PM|
|Using MBA as a server (10.8 Server - not a music server)||percival504||MacBook Air||1||Aug 16, 2012 01:44 AM|
|MAMP Server Security Basic Question||Reg88||OS X||0||Jun 23, 2012 09:10 PM|
|Mac os x Lion Server Web+Dns server setup Help Needed Newbie||David Hurd||Mac OS X Server, Xserve, and Networking||3||Jun 4, 2012 03:54 AM|
All times are GMT -5. The time now is 05:46 AM.