Protecting Mac OS X from Privilege Elevation Attacks and Related Endpoint Security Risks

Webinar Registration

Study after study is showing the growth of Macs in the enterprise. At its core Mac is just another flavor of UNIX and the bad guys don’t care what your users are running. More over I would propose that your Mac users tend to be among the most desirable targets at your organization – not because they use a Mac- but because critical knowledge workers and decisions makers – the folks with access to your most critical information and resources – often prefer Macs and have the organizational clout to justify a more expensive endpoint or to simply buy their own.

So it's time to pay attention to Mac OS X security – in particular least privilege. By default users run with root authority. You might as well forget everything else you do in terms of endpoint security if your end-users are running with full, uncontrolled root access.

Apple agrees. Note this excerpt from the Mac Developer Library which recommends you to “log in as an administrator only when performing the rare tasks that require admin privileges. Because the default setting for OS X is to make the computer's owner an administrator, you should encourage your users to create a separate non-admin login and to use that for their everyday work. In addition, if possible, you should not require admin privileges to install your software.”

If that sounds like déjà vu then you have probably had to deal with very similar challenge in Windows. Obviously it’s impractical to expect users to follow time consuming and intrusive least privilege procedures on their own. It just won’t happen.

The traditional way to implement least privilege on UNIX is with sudo but sudo is targeted at the command line based UNIX sysadmin not an end user of a GUI based system like a Mac. So even though OS X supports sudo its applicability to this problem is very limited at best.

In this webinar I'll explore the issues and features in OS X related to least privilege. I'll show you the steps Apple has taken so far to help you prevent end-users from running with root authority without breaking the “it just works” Apple experience they are expect or their productivity. We will explore what operations in OS X really require admin authority such as:

  • manipulating file permissions, ownership
  • creating, reading, updating, or deleting system and user files
  • opening privileged ports (those with port numbers less than 1024) for TCP and UDP connections
  • opening raw sockets
  • managing processes
  • reading the contents of virtual memory
  • changing system settings
  • loading kernel extensions

And we will identify what breaks when you try to run an end-user as a non-root account and what your options are to fix their experience.

Beyond just controlling root access there is the need to control what applications users can open and what areas of the system they can modify. Not to mention the need to visibility and auditing on how Mac endpoints are being used.

Then Jason Silva from BeyondTrust, our sponsor, will briefly show you how PowerBroker for Mac reduces the risk of privilege misuse by enabling standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials.

Join me for this real training for free session. Please register now.

First Name:   
Last Name:   
Work Email:  
Phone:  
Organization:  
Country:    
State:  
How many employees in your organization?:
What is your job function?:
What is your role within your department?:
I'd like to schedule a personalized demo with a BeyondTrust rep for:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources