Building your macOS Baseline Requirements MacadUK 2018
2 likes789 views
The document outlines the essential components for establishing a security baseline for macOS, focusing on data protection, compliance with GDPR, and best practices for vulnerability assessment. It emphasizes the need for comprehensive systems management, including monitoring, access control, and automation for ongoing security improvements. Additionally, the document references resources and tools for implementing security measures and ensures that policies are adaptable to avoid risks of failure.
Building your macOS Baseline Requirements MacadUK 2018
- 1. Henry Stamerjohann Apfelwerk GmbH & Co. KG Twitter: @head_min Slack: @henry hello (again)
- 2. Building your macOS Baseline Requirements
- 3. • Wide variety of endpoints in a mobile world • Mission to secure Hardware / Software configurations • Continuous Vulnerability Assessment • We are responsible for data (GDPR / EU-DSGVO) Today
- 4. • You’re asked to apply a Windows Security guideline to Macs • You’re questioned how Group Policy Objects (GPOs) can apply to Macs • You’re glued into looping-discussion how MDM / APNs works • InfoSec challenges you with: "Why should we trust 17.0.0.0/8" Imagine
- 7. Network segmentation Access control management System auditing Compartmen- talization Physical access Verify digital signatures Vulnerability assessment Aggregate, alert upon logs Managed Updates Intrusion detection Inventory Control Secondary factors Remediation plan Components Platform firmware security Full disc encryption Forensics
- 8. Intrusion detection Network segmentation Access control management System auditing Compartmen- talization Physical access Verify digital signatures Vulnerability assessment Aggregate, alert upon logs Managed Updates Inventory Control Secondary factors Remediation plan Components Platform firmware security Full disc encryption Forensics
- 9. Intrusion detection Network segmentation Access control management System auditing Compartmen- talization Physical access Verify digital signatures Vulnerability assessment Aggregate, alert upon logs Managed Updates Inventory Control Secondary factors Remediation plan Components Platform firmware security Full disc encryption Forensics Training
- 10. • Basic (security) plan for IT systems • Identify and implement security measures • Complete for operational environment • Specific implementation documents Essentials
- 11. • Enforce compliance standards • Appropriate strategy to address security and end-user productivity • Include (simple) post-incident templates • Your security posture Objectives
- 12. • Patch your systems and software frequently • Disable services and limit access where possible • Ensure configuration settings stay compliant • Close the gaps when detected & keep improving Procedures
- 13. Creating policies too rigid, you’ll be taking the risk to fail !
- 14. Structure
- 15. Example: Security Baseline from CERN
- 17. Microsoft Security Compliance Toolkit
- 21. • Config Profiles (MDM, manually deployed) • Scripts / CLI tools / Software • Conditionals / Extension Attributes • MDM commands (wipe/lock) Configuration elements
- 22. • Inventory information, management system • Scheduled intervals • Reporting / Dashboards / Logging • Change Detection, Alerting • Automation / programmed remediation Control Facilities
- 25. How many binaries and scripts inside? App Binaries Scripts Firefox.app Google Chrome.app Atom.app Xcode.app 8 12 30 1224 270 (bash, python, perl, node,..) 144 (bash, python, node,..) 6 (bash) - 122 Executable Bingo!
- 27. Repercussions Acknowledge risk of executing malicious binaries Developers could blindly insert "bad code" or "backdoor mechanism", etc.
- 29. Devs …what can go wrong ? • Flaws in development toolchains • Risk of code execution • Package managers (npm, hombrew) • Code or build scripts compromised • Hiding code from git diff (UTF-8 Character spoofing) • ASCII control characters copy/paste compromised
- 36. brew.sh
- 37. Application Lifecycle & Change management
- 38. Inspect content
- 41. Inspect for difference in detail
- 45. • Configuration management to control server state • Build Multiple layers of defense • Limit access / API access • Use logging and intrusion detection Management services
- 46. Local logs
- 48. Log aggregation
- 49. Log aggregation
- 50. Log aggregation
- 57. Recurring check
- 58. Recurring check
- 69. Event streams Action action (clause) execute once the probe fires Event point of instrumentation in the system Ship aggregate results & sync config Probe filter when certain event (described) happens >>> Event stream data is stored for historic inspection
- 72. Open BSM audit
- 73. Open BSM audit
- 74. Open BSM audit
- 75. http://services.google.com/fh/files/misc/fleet_management_at_scale_white_paper.pdf
- 77. Data Protection & Regulation
- 78. TY!
- 79. Q & A