Security Basics mailing list archives
Re: automatic update on Mac OS X
From: Sebastian Schneider <ses () straightliners de>
Date: Sat, 30 Aug 2003 02:48:44 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The most fitting and easiest way is to deploy Apple Remote Desktop. Though sort of expensive (at least in some way;-), 10 users $299, unlimited $499). You might have already found the key features at http://www.apple.com/remotedesktop/ . The installation of packages remotely is described at http://www.apple.com/remotedesktop/theater/install.html Regards, Sebastian On Saturday 30 August 2003 01:19, you wrote:
Hi Sebastian, I am not that concerned about the recent security updates. I just want to figure out a management solution that will operate without human intervention in situations where it is not feasible to manually update each system. I have heard you can assign packages through Apple Remote Desktop. I may explore that. Or check out the automation of patch install via cron job. Yes, I realize that the Mac has physical security issues. Linux and Windows are the same way re: booting from alternate media. There is a partial countermeasure--you can disable booting from CD in open firmware now, and password protect it. Not perfect, but it is a step. I'm not concerned about physical security, however, as much as vulnerability to intrusion over the network or worms that may appear in the future. Thanks again for your thoughts on this subject--definitely helpful. Zac-----Original Message----- From: Schneider Sebastian [mailto:ses () straightliners de] Sent: Friday, August 29, 2003 3:54 PM To: Zachary Mutrux Subject: Re: automatic update on Mac OS X -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Zac, if you're just concerned about the security updates...the very two published are not that important for workstations. just if sendmail is used or you really want that screensaver exploit fixed. The best thing is to apply patches by downloading them from a server on your network. I dont know, if the server provides remote update capabilities, but I guess not. If you're so much concerned about the overall mac os x security...it's in no way secure. you just have to boot up from a mac os x installation cd or boot in single user mode and thus obtained root access or even resetting passwords. SES
- -- Sebastian Schneider straightLiners IT Consulting & Services Metzer Str. 12 13595 Berlin Germany Fon: +49-30-3510-6168 Fax: +49-30-3510-6169 www.straightliners.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/T/RsQ7mOWZBxbPcRAud2AKC0PBvBXCWMcH0s8/hR95wIMBK8egCg2fRy BarzjoQmyNZUIN5TqsOUuW0= =ySfI -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: automatic update on Mac OS X Sebastian Schneider (Sep 02)
- <Possible follow-ups>
- Re: automatic update on Mac OS X Sebastian Schneider (Sep 02)
- RE: automatic update on Mac OS X matt willson (Sep 02)
- Re: automatic update on Mac OS X Dave Botsch (Sep 02)
- Re: automatic update on Mac OS X Damon McMahon (Sep 02)
- RE: automatic update on Mac OS X Zachary Mutrux (Sep 02)
- RE: automatic update on Mac OS X Dean Saxe (Sep 02)
- Re: automatic update on Mac OS X Schneider Sebastian (Sep 02)
- Re: automatic update on Mac OS X SMiller (Sep 02)
- RE: automatic update on Mac OS X Zachary Mutrux (Sep 02)
- Re: automatic update on Mac OS X Martin Brecher (Sep 03)
- RE: automatic update on Mac OS X Zachary Mutrux (Sep 02)