Chapter 11. Introduction to Mac OS X Network Services

IN THIS CHAPTER

• What Is a Network Service?

• Network Service Vulnerabilities

• Controlling Mac OS X Network Service Processes

• Protecting inetd with TCP Wrappers

• Increasing Security with xinetd

A Mac OS X machine, or for that matter, any Unix machine, derives much of its powerful functionality from abstracting how the many small programs that cooperate as the "operating system" communicate with each other. It is frequently useful for these programs to be able to communicate with programs on remote machines, and so they require the ability to communicate over the network. In a typical display of Unix "do it the simple way" design principles, the result is predictable: If the software is already required to have network capabilities, don't bother writing separate code to handle single-machine connections; just use the network for local connections as well. This produces a powerful and flexible operating system, but one that is by its very nature more vulnerable to network attacks than a monolithic operating system such as Mac OS 9. Apple has done a surprisingly good job of providing protection for services that might be problematic , and of leaving those that are less easily protected turned off. Still, if you want to use your machine to its fullest capabilities, you need to dig into the configuration and make those changes that suit your particular network and usage requirements.