• Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Encrypting Volumes in OS X Mountain Lion

    Encrypting a volume in OS X Mountain Lion couldn’t be easier. In this article, we will look at three ways to encrypt OS X Lion volumes. The reason there are three ways is that booted volumes and non-booted volumes have different methods for enabling encryption. The third way to enable encryption on a volume is to do so through Encrypting Attached Storage For non-boot volumes, just control-click or right-click on them and then click on Encrypt “VOLUMENAME” where the name of the volume is in quotes. When prompted, provide an encryption password for the volume, verify that password and if you so choose, provide a hint. Once the encryption process…

  • Mac OS X,  Microsoft Exchange Server

    Using Microsoft Document Connection on a Mac

    Microsoft released Service Pack 2 to Microsoft Office 2008 for Mac earlier this week.  Once you have installed Service Pack 2 you may notice the new Open from Document Connection File menu item for office applications, or you may notice the new application called Microsoft Document Connection located in your /Applications/Microsoft Office 2008 folder.  These are all part of Microsoft’s overall Software+Services strategy: provide a cloud type of environment that is able to sustain the software that you purchase from them.  In this case it could be a private document storage “cloud” running on a SharePoint server or it could be a more public environment running in the Office Live…

  • Mac OS X,  Mac Security

    Sandboxed Out of My Own Boxen

    Playing with Sandbox can be tricky. The other day my own box (luckily one not FDE’d) started to kernel panic and I’d just activated about 12 sandbox profiles. To fix, I booted to single user mode (Command-S), mounted the drive (using the command mount -uw /). Then I did a find for all *.sb files (assuming you use the sb extension for your sandbox files) touched that day, deactivated them and rebooted. Oddly, still no dice. Did I miss one? Next, just to verify it was a sandbox issue, I went back into single user mode, remounted the volume and used this command to move the Seatbelt kernel extension to…

  • Articles and Books,  Mac Security,  public speaking

    318 and MacWorld

    Beau and I will be giving a talk at MacWorld on Friday. It will be all about Sandbox, the Mandatory Access Control facility from Apple. So if you’re going to be around then you should definitely check it out. Also, Zack will be giving one on Thursday at 1. His will be on recovering from laptop theft. Both talks will be in the security track of the MacIT portion of MacWorld.

  • Articles and Books,  public speaking

    MacWorld Talk Posted

    Leopard represents a massive leap forward in security features included with Mac OS X. As the needs of users of OS X have matured so has the ability for systems administrators, developers and end users to secure their systems. One of new security features is Sandbox. Since it’s inception, Mac OS X has had permissions that can be applied to files allowing the ability to block access to specific applications. But Sandbox gives you the awesome new ability to apply permissions to what specific applications can have access to. In this session we will review what an application can access and how to harness Sandbox to restrict access to networking,…

  • public speaking

    MacWorld 2009

    MacWorld tickets are on sale.  While I do not know who all the speakers will be I do know that 318 will be there and Beau and I will be giving a presentation on sandbox.  🙂

  • Articles and Books,  Mac Security

    A Great Article on Sandbox by Beau

    In all versions of OS X previous to Leopard, access control restrictions were limited to a security model referred to as Discretionary Access Controls (DAC). The most visible form of DAC in OS X is in it’s implementation of the POSIX file-system security model, which establishes identity-based restrictions on an object in the form of a subject’s user or group membership. Similarly Access Control Lists are a form of discretionary control, though they are far more extensible and discrete then the POSIX model. In such models,  newly created objects or processes inherit their access rights based upon those of the creating subject, so that any spawned objects are not granted…