Mac OS X Security

OVERVIEW
--
I was heading out soon to my first 'DefCon Experience' this summer, so when I saw this Security book with a really ugly green-trippy cover on the LESMUUG bookshelf, I was immediately interested.

I'd read loads of security materials before, some good, some completely stupid. Good security is never an absolute, any experienced locksmith or network security admin knows this, so I'm wary of any resource which states 'Do this, and your safe' (except from the author of the resource).

This book met, and exceeded my base expectations, starting out expressing this very sentiment- and constantly refers to the idea that every feature (even just booting), carries with it consequences- some having greater chances of being compromised in some way.
That stated, every nuts-and-bolts section deals with the risks involved with a given system component, and gives best-practice real world examples. Noteworthy, is that the book rarely says 'do this', as this violates basic principles security, but instead explains how your system works in the context of securing your data, gives general conceptual workarounds, and assesses their general consequences.

Clear distinctions between Mac OSX, Darwin, and Mac OSX Server are clearly defined and referenced- and the information covered definitely applies to the future with 'Panther', (though some of the locations of various resources will likely change).

BOOK SUMMARY
--
The book is divided up into sections for easy reference, but I'll summarize it all by grouping things into 3 main sections:

1) Finder: User (finder level) Application security
2) Darwin: Server and general UNIX security
3) Enterprise Security/Authentication systems built into MOSX and how-to use them

All the sections cross reference each-other nicely, (for example, secure Mail.app usage [and protecting local mail data], is totally shot if your mail server is insecure). The materials on User-level security really go deep into the way the system relies on various system frameworks, and how these frameworks are secured.
It also goes into depth on how Keychain.app works, and how to effectively use it- (as well as touching on how developers can implement it).

To me, a web application developer, the Darwin and general UNIX security section was most useful to me, as it gave the MOSX equivalents for a lot of what I do daily on freeBSD servers (and gave a deeper understanding of how thoughtfully designed Darwin is!)
Additionally, clear how-to's of almost every basic secure system is covered, (SSL, SSH, Tunneling, authentication best practice, etc...), excellent practical info for both newbies and professionals alike. (All of it made me want to do more system development and hosting on Darwin after going through this!)

The Enterprise security sections (network/security) give a great overview of both practical use, and the internals of things like NetInfo, LDAP, Kerberos, etc... giving both a general overview of these systems, and their relevance to MOSX, from both a client and server perspective. There additionally is a section on security auditing and forensics, but it's mostly a brief overview, as these topics are way too large to be covered in-depth here. Regardless, it does cover the basics and gives some valuable MOSX-specific notes for log locations. I thought this is great stuff, especially since I (and most folks) don't use this stuff every day, and things like NetInfo are so poorly documented elsewhere.

IKE SUMMARY
--
If you want absolute security for a given system, don't turn on the computer (and additionally, encase it in concrete, and hide that somewhere). However, if you want to gain a better understanding of how to reduce the likelihood of having your data compromised, this book is a terrific launchpad for the practical and/or paranoid Mac OS X user, developer, or other... heck, it's just a good book to quickly a practical view of the core of how OSX fundamentally works.

All in all, THIS BOOK ROCKS, as do the authors. Good information doesn't usually come from good writers, and this text is extremely readable.