Slides from 2018 MacAD.UK confernce
Synopsis: https://www.macad.uk/speaker/henry-stamerjohann/
When tasked with (re)building a security baseline for macOS clients, where do you start?
There’s obviously decisions to be made about what’s feasible in your organization (beyond if admin privileges should be the default). You need to weigh system stability and security with end-user productivity. Luckily for the macOS platform a rich ecosystem of tools exist to fill in the gaps and general guidance is available. The crucial part of making mindful and informed decisions is to first aggregate data from your IT environment. You can then decide what configurations to deploy and run recurring compliance checks based on an appropriate strategy. This session will cover fundamentals, highlight advanced considerations, and outline practical examples to apply when you’re conducting a (new) baseline for macOS clients.
3. • Wide variety of endpoints in a mobile world
• Mission to secure Hardware / Software configurations
• Continuous Vulnerability Assessment
• We are responsible for data (GDPR / EU-DSGVO)
Today
4. • You’re asked to apply a Windows Security guideline to Macs
• You’re questioned how Group Policy Objects (GPOs) can apply to Macs
• You’re glued into looping-discussion how MDM / APNs works
• InfoSec challenges you with: "Why should we trust 17.0.0.0/8"
Imagine
7. Network
segmentation
Access control
management
System auditing
Compartmen-
talization
Physical access
Verify
digital signatures
Vulnerability
assessment
Aggregate,
alert upon logs
Managed
Updates
Intrusion
detection
Inventory
Control
Secondary
factors
Remediation
plan
Components
Platform
firmware security
Full disc
encryption Forensics
8. Intrusion
detection
Network
segmentation
Access control
management
System auditing
Compartmen-
talization
Physical access
Verify
digital signatures
Vulnerability
assessment
Aggregate,
alert upon logs
Managed
Updates
Inventory
Control
Secondary
factors
Remediation
plan
Components
Platform
firmware security
Full disc
encryption Forensics
9. Intrusion
detection
Network
segmentation
Access control
management
System auditing
Compartmen-
talization
Physical access
Verify
digital signatures
Vulnerability
assessment
Aggregate,
alert upon logs
Managed
Updates
Inventory
Control
Secondary
factors
Remediation
plan
Components
Platform
firmware security
Full disc
encryption Forensics
Training
10. • Basic (security) plan for IT systems
• Identify and implement security measures
• Complete for operational environment
• Specific implementation documents
Essentials
11. • Enforce compliance standards
• Appropriate strategy to address security and end-user productivity
• Include (simple) post-incident templates
• Your security posture
Objectives
12. • Patch your systems and software frequently
• Disable services and limit access where possible
• Ensure configuration settings stay compliant
• Close the gaps when detected & keep improving
Procedures
29. Devs …what can go wrong ?
• Flaws in development toolchains
• Risk of code execution
• Package managers (npm, hombrew)
• Code or build scripts compromised
• Hiding code from git diff (UTF-8 Character spoofing)
• ASCII control characters copy/paste compromised
45. • Configuration management to control server state
• Build Multiple layers of defense
• Limit access / API access
• Use logging and intrusion detection
Management services
69. Event streams
Action
action (clause)
execute once the
probe fires
Event
point of
instrumentation
in the system
Ship
aggregate
results &
sync config
Probe
filter when certain
event (described)
happens
>>> Event stream data is stored for historic inspection