Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Inside OS X Security: Page 10 of 11

Lock down such systems as tight as you can while still being able to get work done. When you have a server exposed to the Internet, paranoia and knowledge are your very best friends.

Don't assume that just because the base operating system is essentially secure that everything else that ships with the operating system is as secure. There are quite a few Mac OS X and Mac OS X Server boxes that get cracked because of poorly configured PHP/Perl/Web/Database applications. As with Trojans, if the operating system is happy, but your shiny new Intel Xserve is now a V1agr@ spam bot, you're still in a world of hurt.

I don't want to sound like a broken record, but this is a case where ignorance will hurt you. If you're running a MAMP, (Mac OS X, Apache, MySQL, and PHP), then you better know enough about all four to properly secure them. Even if all you are vulnerable to is a denial of service attack, well, that's still your server not able to do work.

If your server operating system is fine, but your applications have been subverted and it's now a spambot, that's going to cause you a lot of problems if that leads to your domain being on various e-mail blacklists. Not being able to send people e-mail can put a crimp in your business plan. As well, collocation providers get flustered and stern when a customer's server suddenly starts sending out spam or attacks as fast as possible.

In addition to knowing what your applications are doing, there are tools like Nessus, Snort, Tripwire, and others that can help you monitor your systems for vulnerabilities and malware so that you can do something about them sooner than later.

Of course, apply security patches as soon as they come out. If you have a good backup, (and of course, as the smart computer user you are, you have good backups), then even if a security update hoses your operating system, you can quickly recover. But with security patches, better safe than sorry applies.