MacSecure.com
A Mac Security Blog

Part two (part one is here) of an expanding series where I’m providing an overview of some of the InfoSec tools that I use on a daily basis on my Mac. Down the line I’ll expand this series and write up each tool in more detail.

Nessus

Despite the controversy about Nessus going proprietary in 2005, it remains one of the gold standards for network vulnerability scanning. Installed as a server (nessusd) and a client (typically just called nessus), the client has options to control what hosts are scanned and what specific services and vulnerabilities it scans for. Some of the things Nessus can detect are services that have vulnerabilities, common misconfigurations, and default passwords — among about a thousand other things. As a note, Nessus has been known to break a services / tip over a server now and then. It’s not something you want to point at your production server during business hours! Tenable Network Security now owns Nessus and sells a commercial version and support.

SSH / SFTP

There’s not much to say — where there once was Telnet, now there’s SSH. I have SSH (previously via iTerm — no using the Leopard Terminal) sessions up just about 24×7 on my Mac, as well as my work Dell. From remote shell access, to tunneling through firewalls, to SFTP, and on and on. Wherever possible, it’s almost always advisable to run SSH instead of Telnet. I know some things have been written about it, but the Leopard Terminal seems good so far.

VNC

Originally developed at AT&T labs, the name “vnc” is really a number of things, including a server, a client, and even a protocol. VNC (Virtual Network Computing) was designed to allow a remote graphical desktop session without much overhead. VNC (the protocol) isn’t natively encrypted, but is commonly tunnelled over SSH. On the Mac you can run a VNC server for remotely controlling your Mac (from another Mac, a Windows PC, or even a Linux box). Some of the more common Mac VNC clients are: JollysFastVNC and Chicken of the VNC. I’d previously used CotVNC, but I’m now using JollysFastVNC most of the time.

Syslog Server and KiwiLog Viewer

One of the things that has a more limited use until you need is is a syslog server. All Unix servers, all Cisco network devices, your home Wi-Fi router, and even your Mac can send system logs to a syslog server — but wait, there’s more! Mac OS X Leopard has a syslog server included, that can receive logs from all of those other devices. My Wi-Fi router (as well as other devices) all send Syslog to one of my Macs. The Kiwi Log Viewer for Mac is a free utility that makes looking through syslog files much, much more convenient by color coding them, as well as allowing for easy searching.

Mac OS Disk Utility

While the Windows and Linux platforms have TrueCrypt for creating encrypted disks and volumes, the Mac port of TrueCrypt still seems to be a way off. For most uses however, it’s possible to use the Mac OS Disk Utility to create an encrypted, mountable volume without too much trouble. In Leopard, the Disk Utility has been upgraded to allow for 256-bit AES encryption, which is a little slower, but much more secure. For securing personal data, this method works well. What TrueCrypt does that doesn’t exist on the Mac yet is that when data is encrypted, it doesn’t create an ‘encrypted file’ that can be identified, therefore a casual user looking for your ’sensitive’ files wouldn’t ever know that your ’secret’ data existed.