Appendix B. Security Resources


Throughout the book we've discussed software, documents, and Web sites that will be useful for securing and maintaining your Macintosh system. This appendix provides quick access to some of the most useful resources available for Mac OS X administrators.

Table B.1. URLs for Software or Software Services


Product ,

AirSnort (WEP decryption package)

AMaViS ” A mail virus scanner (a program that interfaces sendmail, Qmail, Postfix, and Exim with virus scanners , for Linux, Solaris, *BSD, AIX, and HP-UX)

Apache (Web server)

Apple Remote Desktop (desktop sharing application for Mac OS X and traditional Mac OS)

Arpwatch (Record ARP activity on your network)

BrickHouse (graphical interface for the built-in Mac OS X firewall)

BTV Pro X (motion detection capture software)

CGvirusscan 1.0 (virus scanner interface between CommuniGate Pro and Virex)

http://cotvnc. sourceforge .net/

Chicken of the VNC (a VNC viewer for Mac OS X)

Clam AntiVirus (virus scanner for Unix)

CommuniGate Pro (email server for Mac OS)

conflictd (Spoofs "here I am" responses to Windows machine network initialization queries requesting the availability status for an IP address)

Corundum (software to steganographically hide textual information in images ”for Mac OS 8.5 or higher, including Mac OS X)

Couic (connection cutting software)

CPAN (Comprehensive Perl Archive Network ”a source for everything relating to Perl)

EtherPeek (network traffic and protocol analyzer for Macintosh)

Ettercap (multipurpose sniffer/interceptor/logger for switched LAN)

Fink (system that ports Unix software to Mac OS X)

The GNU Project and the Free Software Foundation (home of such projects as gcc)

Firewalk X (firewall software for Mac OS X)

http:// freshmeat .net/ (an opensource repository)

F-Secure SSH (SSH clients for Windows and Macintosh; SSH client and server for Unix)

Fugu (SFTP/SCP/SSH tunneling client for Mac OS X)

Gideon (FTP/SFTP client for Mac OS X)

HenWen (Graphical interface to Snort)

http://www. metaobject .com/Community.html#hfstar

hfstar (a GNUtar derivative that supports HFS+)

Inflex (email scanner that can be used to scan for viruses, for Linux, FreeBSD, Solaris)

IPNetMonitorX (network monitoring tools) IPNetTunerX (TCP/IP network performance optimizer) IPNetShareX (provides graphical access to Mac OS X's Network Address Translation (NAT))

JellyfiSSH (GUI interface to the ssh command for Mac OS X)

John the Ripper (password cracking utility for Unix, DOS, Win32, BeOS, and OpenVMS)

LDAP Browser/Editor (Java client for exploring LDAP servers)

University of Notre Dame's Public LDAP Directory Advanced Search

LaBrea ( watches for incoming ARP requests that go unanswered and spoofs a response)

libnet (network packet assembly/injection library ”slightly out-of-date version for use with conflictd)

Little Snitch ( monitors for outgoing connection attempts and enables the user to allow or deny the connection)

MacAnalysis (Comprehensive set of tools including intrusion detection (via SNORT) and vulnerability scanning)

Mac GNU Privacy Guard (GPG implementation for Mac OS X)

MacScan ("Spyware" detector; locates stealth applications running on your system)

MacSSH (SSH2 terminal for traditional MacOS ) MacSFTP (SFTP client for traditional Mac OS and Mac OS X)

Malevolence (software for dumping an unshadowed version of the NetInfo password database forMac OS X)

MessageWall (SMTP proxy that keeps out viruses, spam, and mail relaying, for Unix with an ANSI C compiler)

MIMEDefang (email filter for Linux that can be used to filter viruses)

CVS access to mod_auth_apple (Apache authentication module)

CVS access to mod_hfs (Apache HFS+ case-sensitivity fix)

_mod_ssl (SSL security for Apache)

NiftyTelnet 1.1 SSH r3 (SSH1 client with SCP capability for traditional Mac OS)

http://www. insecure .org/nmap/index.html

NMAP (THE network scanning tool)

http://www. symantec .com/nav/nav_mac/

Norton Anti-Virus

Open AntiVirus Project (Java-based virus scanner)

OpenSSH (SSH client and server for Unix)

OSXvnc (an Aqua VNC server)

PGP (commercial and free PGP software for multiple platforms)

PGP (free versions of PGP software for mulitple platforms)

International PGP's keyservers listing

pam_passwdqc (PAM password strength checking module for Linux, FreeBSD, Solaris, and HP-UX)

PuppySuite (hardware/software fingerprint biometric authentication solution for Mac OS X)

Linux-PAM modules listing

Postfix (drop-in replacement for the sendmail MTA)

PuTTY (SSH client for Windows)

PuzzlePalace (encryption software for Mac OS X)

RAV Anti-Virus for Mac OS X (virus scanner for CommuniGate Pro, SurgeMail, Courier, Postfix)

Radmind (integrity checking software for Solaris, Mac OS X, FreeBSD, OpenBSD, Linux, includes a GUI for Mac OS X)

http://www-stat. stanford .edu/~susan/surprise/Birthday.html

Random Birthday Applet

RBrowser (FTP/SFTP/SCP/SSH tunneling client for Mac OS X)

rsync_hfs (HFS+ aware version of rsync)

Samba Server (Windows-compatible CIFS/SMB server)

SSH Secure Shell (SSH client for Windows; SSH client and server for Unix) 1.0b1 (mail filtering program for CommuniGate; no longer supported)

ScriptGUI (software for running shell scripts in the Finder for Mac OS X)

SSH Helper (GUI interface for configuring OpenSSH on Mac OS X) securecrt /

SecureCRT (SSH/SFTP/tunneling client for Windows)

SecuritySpy (multicamera video surveillance software)

sendmail (mail transport agent)

Sendmail::Milter (Perl module for writing filters for milter, the mail filter API for sendmail)

Share My Desktop (an Aqua VNC server)

SSH Agent (GUI for ssh-agent )

Snort (Packet Sniffer/Logger)

http://www. sophos .com/

Sophos Anti-Virus

SourceForge (an open source repository)

Extra TCP Wrappers files for Mac OS X 10.1 and earlier

Tera Term Pro (Terminal emulator for Windows)

The Coroner's Toolkit (TCT) (collection of forensics analysis tools)

TightVNC (an enhanced version of VNC; includes support for automatic SSH tunneling on Unix)

Timbuktu (Remote desktop application for Macintosh and Windows)

Tripwire (integrity checking software)

TTSSH (an extension DLL for Tera Term Pro that allows Terra Term Pro to be used as an SSH1 client for Windows)

http://www. versiontracker .com/

Versiontracker (site that tracks the latest software updates for Mac OS X, traditional Mac OS, Windows, and Palm OS)

Virex (antivirus software for Macintosh)

Virus barrier (antivirus software for Macintosh)

VNC (Virtual Network Computing ”server and client software for multiple platforms)

VNCDimension (a VNC viewer for Mac OS X)

VNCThing (a VNC viewer for Mac OS 8.1 or later, including Mac OS X)

VNCViewer (a VNC viewer for Mac OS X)

VNCViewer (a VNC viewer in a carbon, noncarbon, and 68k version)

http://www.wu- ftpd .org/

WU-FTPD (FTP server)

WU-FTPD Resource Center

Xamime (email filter that can establish an interface between a mail transport agent and virus scanners; for Linux, Solaris, or FreeBSD)

xinetd (a more secure replacement for inetd)

Xvnc (VNC server for serving X11 applications from Mac OS X)

zlib compression library

Table B.2. URLs Relating to Physical Security Devices



Products Manufactured or Sold

123 Security Products

Security cameras , time lapse VCRs

ADT Security Services

Security services

Advanced Security Concepts

Media safes; electronic door locks

Air Magnet

Handhelds and laptops that can be used to manage wireless networks and identify security and interference issues

AnchorPad International

Cable locks, plates, entrapments

Apple Computer, Inc.

Xserve (rack-optimized server)


BTV Pro X (motion detection capture software); SecuritySpy (multicamera video surveillance software)

CCTV HQ Network

Fake security cameras, security camera systems

Champion Lockers


Computer Security Systems, Inc.

Cable locks, entrapments, plates, alarm systems, tracking systems, enclosures

Cutting Edge Products, Inc.

Fake security cameras

Federal Security Camera, Inc.

Fake security cameras

Cable locks

Kensington Technology Group

Cable locks; alarm unit

Kensington Technology Group

Laptop security devices


Biometric building access system

Marathon Computer


Minatronics Corporation

Fiber optic alarm system

Penco Products


Pentagon Defense Products

Fake security cameras

Polaris Industries

Security cameras, multiplexors, time-lapse VCRs

PUPPY Suite for Mac OS X

(Hardware/Software fingerprint biometric authentication solution for Mac OS X)

Republic Storage



Cable locks, entrapments, enclosures, tracking system, alarm system

Alarm systems for home/business

Security cameras

Cable locks

Security Tracking of Office Property (STOP)

Tracking system

Secure Systems Services

Cable locks, entrapments


Alarm units


Alarm units

Table B.3. URLs for Reference Material and Additional Reading



3Com Technical Papers Layer 3 Switching: An Introduction

802.11b Homebrew Antenna Shootout ”2/14/2

The Ambitious Amateur vs. crypt(3) or Pondering the Lifespan of Visible Passwords Against Brute-Force Attack

Antenna on the Cheap (er, Chip)

Appeal Heard in 2600/DECSS Case

http://www. counterpane .com/bfdobsoyl.html

The Blowfish Algorithm ”One Year Later

BugBear ”Nasty Email Virus

Can "Deep Linking" Lead to Deep Trouble?

Carnivore Diagnostic Tool (FBI communications-content scanning system) proceedings /papers/601.pdf

The Case for Beneficial Computer Viruses and Worms ”A Student's Perspective

http://www. mcafee .com/aboutus/bus_dev/retail_users/newsletters/feb2002/classof2001.htm

The Class of 2001 ”Year in Review

Clues, Vandalism, Litter Sendmail Trojan Trail

The Computer Revolution, Encryption and True Threats to National Security

Computer Worm Grounds Flights, Blocks ATMs

Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)

"Desert Storm " Viral Myths

Distributed Reflection Denial of Service Project DES

Don't Link or I'll Sue!

Don't Link to Us!

EFF DES Cracker Project

Edwin Durning Lawrence & His Bacon Library

FAQ: Document Web Bugs

Factorization of RSA-155

Famous Quotes: Benjamin Franklin (on security) publications /fips/index.html

FIPS (Federal Information Processing Standards) Computer Security Resource Center

FIPS Publication 46-3 (Data Encryption Standard (DES))

FIPS Publication 186-2 (Digital Signature Standard (DSS))

FIPS Publication 197 (Announcing the Advanced Encryption Standard (AES))

Gates Pledges Better Software Security info /2002/mar/hepcvets512.pdf

Gene Repair in the New Age of Gene Therapy

Gene Replacement Therapy in the Central Nervous System: Viral Vector Mediated Therapy of Global Neurodegenerative Disease

Hypnerotomachia Poliphili

IANA (Internet Assigned Numbers Authority)

IETF (Internet Engineering Task Force)

Internet ScamBusters ¢ #55

The Internet Worm

InterNIC Domain Name Registry Rerouting

An Introduction to Watermark Recovery from Images

The Jargon Dictionary, "hacker ethic "

The Jargon File

The Jargon File (mirror)'s-Law.html

The Jargon File: Brooks's Law

The Jargon File: Cracker

The Jargon File: Hacker

The Jargon File: Hacker Ethic

The Jargon File: Leech

The Jargon File: Patch

The Jargon File: Sneakernet

The Jargon File: The Story of Mel

The Jargon File: Tiger Team

The Jargon File: Wizard,,t281-s2109785,00.html

MS .doc Bug Hibernates on Net,1294,43389,00.html

MS May Have File-Trading Answer

The Memorability and Security of Passwords ”Some Empirical Results

Microsoft Word Documents That "Phone Home"

NSA Printer Virus (1991)

Nardware Honeypot Breach

A New Hacker Taxonomy

Nigeria ”The 419 Coalition Website

The Ohio State University's RFC Database

OpenSSH Trojaned! texts /1855.html

Oxford Text Archive, "The Gold Bug"

http://people. qualcomm .com/ggr/about_pgp.html

PGP, Phil Zimmerman, Life, the Universe and so on

PKCS#1 ”RSA Cryptography Standard

Program Hides Secret Messages in Executables

RFC 854 (Telnet Protocol Specification)

RFC 1282 (BSD Rlogin)

RFC 1321 (MD5 Message-Digest Algorithm)

RFC 2144 (CAST-128 Encryption Algorithm)

RFC 2612 (CAST-256 Encryption Algorithm)

RFC 2828 (Internet Security Glossary)

RFC Editor RFC Database

RIAA/SDMI Letter, April 9, 2001

RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Version 4.1

Real Programmers Don't Use Pascal

Reflections on Trusting Trust

The Rise of Steganography

SDMI Statement Read by Edward W. Felten at the Fourth International Information Hiding Workshop, in Pittsburgh, on April 26, 2001

SSH Communications Security's Cryptographic Algorithms site

The Scary Secret Behind Bloated Word Documents

Serious Privacy Problems in Windows Media Player for Windows XP,,NAV2-76_SEP949,00.shtml

Studyworks! Online: The Birthday Problem (Hash collision statistics)

Chapter 10: The Second Cryptographic Shakespeare

The Secret Language

Secure Shell (secsh) Working Group of the IETF

Security Survey of Key Internet Hosts & Various Semi-Relevant Reflections

Shakspere's Signatures

The Simpsons Archive

Spam Mimic ( steganographic service that hides short text messages in email that looks like spam)

Spoofing: An Overview of Some the Current Spoofing Threats

SSH Communications Security's Cryptography A-Z

Statement Regarding the SDMI Challenge


Steganography & Digital Watermarking ”Information Hiding

The Strange Tale of the Denial of Service Attacks Against GRC.COM

A Stream Cipher Encryption Algorithm "Arcfour"

Summary of Baconian Evidence for Shakespeare Authorship

System Administration as a Criminal Activity or, the Strange Case of Randal Schwartz

Telephony: Spelling Trouble

US Code Collection: Title 17 ”Copyrights

US Code Collection: Title 17, Chapter 1, Section 106

US Code Collection: Title 17, Chapter 1, Section 107

US Code Collection: Title 17, Chapter 5

US Code Collection: Title 17, Chapter 12, Section 1201

http://www. snopes .com/business/consumer/cookie.htm

Urban Legends Reference Pages: Business ((Costs a) Fortune Cookie)

Urban Legends Reference Pages: Inboxer Rebellion (Craig Shergold)


W32/SirCam@MM melissa .a.html


Watermarking : Weaknesses of Existing Schemes

Worm Spread Worldwide in 10 minutes

Why Utilize the Kensington Security Slot in Your Designs?

Table B.4. URLs for Security Practices, Security Announcements, Vulnerabilities, and Ethics



Apple Product Security

AppleCare Support

AusCERT (Australian Computer Emergency Response Team)


CERIAS (Center for Education and Research in Information Assurance and Security)

CERT ¢ Coordination Center

CERT ¢ Coordination Center's Anonymous FTP Configuration Guidelines

CIAC (U.S. Department of Energy Computer Incident Advisory Capability)

Common Vulnerabilities and Exposures

Electronic Frontier Foundation

Ethics Resource Center

FIRST (Forum of Incident Response and Security Teams)


http:// freaky

Freak's Macintosh Security Archive ”MacintoshSecurity Issues, Exploits, and Insecurities (covers traditional Mac OS)

McAfee Virus Information Library

National Infrastructure Protection Center

OpenSSH's security announcements page

Packet Storm Security

Privacy Foundation

The Progress & Freedom Foundation

SANS (SysAdmin, Audit, Network, Security) Institute

SecurityFocus Online

Symantec Virus Information Database

Table B.5. Supplemental URLs for Some Vulnerabilties




SUID Advisory for wu-ftpd

File Transfer Protocol allows data connection hijacking via PASV mode race condition infowar /iw_sec_01.txt

FTP PASV "Pizza Thief" Exploit


OpenSSH Remote Challenge Vulnerability

OpenSSH Security Advisory (adv.channelalloc)

http:// razor

Remote vulnerability in SSH daemon crc32 compensation attack detector


telnetd contains remote buffer overflow


Mac OS X Maximum Security
Maximum Mac OS X Security
ISBN: 0672323818
EAN: 2147483647
Year: 2003
Pages: 158 © 2008-2017.
If you may any questions please contact us: