1 / 18

Macintosh Configuration Management

Macintosh Configuration Management. Will Jorgensen. Overview. In the beginning…. Imaging is our Foundation. CIS Benchmark http://www.cisecurity.org/bench_osx.html Apple Security Configuration Guide http://images.apple.com/server/macosx/docs/Leopard_Security_Config_2nd_Ed.pdf.

fawzia
Download Presentation

Macintosh Configuration Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Macintosh Configuration Management Will Jorgensen

  2. Overview

  3. In the beginning…

  4. Imaging is our Foundation • CIS Benchmark • http://www.cisecurity.org/bench_osx.html • Apple Security Configuration Guide • http://images.apple.com/server/macosx/docs/Leopard_Security_Config_2nd_Ed.pdf Apple Software Restore Mac OS X Baseline Configuration Network Registration & MHP Setup

  5. MHP Setup

  6. User takes over Configure FileVault Install non-core applications Setup a backup strategy

  7. FileVault • Laptops and offsite computers • Single encryption key • /Library/Keychains/FileVaultMaster.keychain • Tightly controlled decryption key

  8. Installing Applications • PNNL Installer • Users still administrators • Minimum required software • Symantec AntiVirus • PNNL Configuration Tool

  9. Backup Policy “Make backup copies of software, application, and data files. The frequency of the backup is based on the matter’s value, the frequency and volume of changes, and ease of restoration from loss or corruption.  For example, data files that continually change should be backed up more frequently than static files or less dynamic data. For sensitive systems, backup requirements are established in computer security plans. For information on workstation backup services, see Data Backup Options on InfoSource.”

  10. Workstation Backup and Restore • File Share & Tri-Backup • Flexible • Browse in Finder • Time Machine • Efficient • Flexible

  11. Configuration Management Apple Remote Desktop Workgroup Manager Active Directory MCM or the PNNL Configuration Tool

  12. Golden Triangle • Active Directory 2003 • User Accounts • Kerberos • Mac OS X Server • Preference Management • Web Services

  13. Apple Remote Desktop ARD 3 Help Desk Tool Back door

  14. Macintosh Configuration Management (MCM) • Server Side • Web server • Client Side • Shell scripts and applications • Checks in every 60 minutes

  15. MCM Process Flow

  16. Challenges Intermittent network connections Sometimes things just don’t work Audit and Enforcement Resource constraints

  17. Enhancements Manage Firewall Settings Staff log in with user accounts Full disk encryption InstaDMG Connected Backup

  18. Summary Questions/Comments Will@pnl.gov

More Related