DEFCON 14: Discovering Mac OS X Weaknesses and Fixing Them with the New Bastille OS X Port





The interactive transcript could not be loaded.



Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 31, 2011

Speaker: Jay Beale, Lead Developer, Bastille Linux

The Mac OS X operating system is beautiful, but it's not as secure as you think. It's mostly Unix under that shiny GUI and while we've come to expect a very locked down system from recent Unix/Linux releases, that expectation isn't entirely realistic when it comes to OS X. For instance, the firewall GUI tool makes it seem like you can create a default-deny firewall that only lets packets from established sessions in. The firewall it produces, though, is full of holes! Whatever you do, don't take your OS X laptop onto the wireless network here! Write your own replacement or take the one we'll offer in this talk, where we'll introduce the new OS X port of the popular Bastille Linux system lockdown and audit tool, Bastille OS X.

Bastille increases the security of OS X systems. It starts by building a real firewall configuration that you can tune to your needs. It continues by deactivating services like the information-leaking Bonjour service, which a remote attacker can use to get your Security Update (patch bundle) level, hardware versions and machine name. Finally, it configures the remaining operating system components, doing things like isolating local users from the service that gives them the length of all users' passwords. There's a lot more than that, though. Come learn about OS X security, learn how to harden and see the newest part of the Bastille family: Bastille OS X!

For more information visit: http://bit.ly/defcon14_information
To download the video visit: http://bit.ly/defcon14_videos


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...