Security, like freedom, is a goal and an ideal, not an absolute condition.
As shipped, Mac OS X is fairly secure. If you use your machine only as a personal computer and do not install any new server software on it, then your only security assignment is to regularly use the Apple Software Update tool (see "Keeping Up-to-Date," later in this chapter).
On the other hand, if you have multiple users or you install new Internet server software on your machine, then you are well advised to pay more attention to security.
Because Unix systems are inherently multiuser, they tend to have many people using them. This means there are likely to be a number of people who have various levels of access to a machine running Unix, and each of these users' accounts is a potential entry point for an attacker. Also, Unix's origin as a system created to foster collaborative work means that security settings default to letting all users on a system have at least read-only access. (In Mac OS X, users' home directories are set up with a higher level of security, but most system files are still readable by all users.)
You achieve security only by preventing unauthorized access to your system. It is also important to monitor your system to see if its security has been breached.
In this chapter we cover the basics of Unix system security, including physical security, choosing and protecting passwords, protecting against attacks over the Internet, and keeping up-to-date with the latest software and security- related announcements.
A note about terminology: Throughout this chapter we use the terms server and service , and you need to keep in mind their different meanings. Server can refer to either a physical machine, as in "That G5 in the corner is our Web-server box," or a piece of software that provides a servicefor example, "That G5 in the corner is running the Apache Web server" or "Postfix is the server software that provides e-mail service on this box."