1 Better Safe Than Sorry Security and OS X
2 SECURITY An Unexpectedly long Journey
3 Agenda Threats Protection Configurations Best Practices?
4 Let s talk security
5 Distrust and causion are the parents of security Benjamin Franklin
6 Then No viruses No malware Secure by design and of course very cool
7 Once the market share starts growing, then There are definitively viruses for Mac out there Well, don t be stupid Windows users are more aware of security, i.e. more secure I have friends who knows how it s done You absolutely need anti-virus protection on Mac
8 Now Gatekeeper Application Sandboxing Malware Detection Full Disk Encryption
9 Apple Security Device Security Platform Security Data Security Network Security
10 Apple Security Philosophy Ease of use Guide the users Secure defaults Freedom to choose
11 In the Hacker Toolbox the quieter you become, the more you are able to hear
12 A hacker to me is someone creative who does wonderful things Sir Tim Berners-Lee
13 Who s the Hacker? Hacking for fun Hacking for profit Governments
14 Tools of the trade nmap Wireshark Cain & Able John the Ripper Metasploit metasploit
15 Demo Playing with fire
16 Device Security Securing the box
17 Amateurs hack systems, professionals hack people Bruce Schneier
18 Device Security EFI firmware password icloud locking Configuration profiles Policy management
19 Firmware Password UI tool on the Recovery HD
20 Firmware Password UI tool on the Recovery HD Prevents modifier keys setregproptool -m full What if you forget it?!
21 icloud Locking icloud / Find My iphone Can only use 4 digit code Survives reboot / reset pram
22 icloud Locking icloud / Find My iphone Can only use 4 digit code Survives reboot / reset pram but is it secure?
23 Demo Setting a Firmware Password
24 Platform Security Securing the processes
25 People who are serious bout software should make their own hardware Alan Kay
27 Platform Security Application Sandboxing Code Signing Gatekeeper XProtect & Quarantine
28 Mandatory Access Control Application Sandboxing Entitlements sandbox-exec -n
29 openbsm Audit Logging above and beyond system events and user events praudit for reading audit trails
30 Demo Roll your own IDS
31 Data Security Securing the information
32 There is no castle so strong that it cannot be overthrown by money Cicero
33 Data Security Full Disk Encryption Keychain Access / icloud Keychain Encrypted Containers Secure Erase
34 FileVault 2 Rich Trouton has the full story derflounder.com
35 FileVault 2 Rich Trouton has the full story derflounder.com What about performance?! before
36 FileVault 2 Rich Trouton has the full story derflounder.com What about performance?! after
37 Encrypted Container Disk Utility or hdiutil 128 or 256-bit encryption Password in a keychain Password in an external keychain
38 Demo A poor mans 2-factor authentication
39 Network Security Securing the traffic
40 Users will take dancing pigs over security everytime Bruce Schneier
42 Network Security Encrypted traffic Encrypted authentication Firewalls
43 Firewalls Application Layer Simple UI setup Packet based IPv4 & IPv6 CLI or IceFloor 2
44 Demo Computer Lockdown, extraordinaire
45 Encryption Primer Talk is cheap, if unencrypted
46 Meet our friends Eve Alice Bob
47 Yes, it s apple123 Do you have the password? Clear text is not a secure way of transmitting secrets on a network
48 Yes, it s apple123 pwnd! Thank you! Clear text is not a secure way of transmitting secrets on a network
49 Yes, it s ******** Do you have the password? We really need to encrypt any secret information before it is sent
50 Yes, it s ********?? We really need to encrypt any secret information before it is sent
51 Yes, it s ********?? but, how do we share encryption keys without everyone on the network getting them?
52 Let s do DHX Do you have the password? Diffie Hellman Exchange
53 Here s (x1) Diffie Hellman Exchange Secret * p1 = x1!!
54 Here s (x1) OK, here s (x2) Diffie Hellman Exchange! Secret * p1 = x1 x1 * p2 =! x2!!
55 OK, here s x3 OK, here s (x2) Diffie Hellman Exchange! Secret * p1 = x1 x1! * p2 =! x2! x2 / p1 =! x3
56 OK, here s x3 $#*! Thanx! Diffie Hellman Exchange! Secret * p1 = x1 x1! * p2 =! x2 x2! / p1 =! x3 x3 / p2 = Secret
57 Crack the Code What is the password on the encrypted USB-stick?
58 Diffie Hellman Exchange lite Alice first send x1 = to Bob Bob send x2 = back to Alice Alice then send x3 = back to Bob x1 = secret * p1 x2 = x1 * p2 x3 = x2 / p1 x3 / p2 = secret
59 It can only be attributable to human error HAL 9000
60 Practice what you learn
62 Can you hack it? Setup with security in focus
63 Can you read the content in the PDF in the Shared folder?
64 Security Setup Firmware Password - setregproptool -m full FileVault2 Encrypted Secure Container bit encrypted Password stored in external keychain Encrypted PDF All passwords 22 characters
65 Dave, this conversation can serve no purpose anymore