Security changes in Mac OS X Leopard
Having used Mac OS X Leopard (Singapore, Australia) for the last few days on my MacBook Pro I've discovered many changes in security from OS X Tiger and earlier releases including some genuine surprises that threw me off guard! I'm posting what I've discovered here in the hopes it may be useful to other people.
- NetInfo Manager is gone
- A cursory glance at the Utilities folder will show NetInfo Manager has ceased to exist, like a certain Monty Python parrot. Some of the user specific features have been relegated to a very sneakily hidden menu in the Users panel of System Preferences.
If you want to change the UID or default shell assigned to a user for example, right click or CTRL click on the name of the user and click “Advanced Options” in the popup menu.
- Firewall has moved
- The Firewall has been moved in System Preferences from the “Sharing” panel to the “Security” panel. Reading comments on forums a lot of people are angry about this, but to me it makes perfect sense!
- Firewall has been dumbed down
- Aside from a crude menu that lets you add generic “.app” programs, there is no way now to create your own custom rules, port number assignments, UDP/TCP or anything whatsoever. I guess it’s back to the command line to configure these things.
- Higher SSH encryption by default
- If you open the
/private/etc/sshd_configconfiguration file, Leopard ships with level 2 SSH security and without the option of falling back to level 1 like previous versions. This is a welcome change.
- Graphically impossible to change your SSH port
- But therein lies a problem! If you change your SSH listening port in your aforementioned
sshd_configfor obfuscation reasons, in the Leopard Firewall System Preferences pane there is no way whatsoever to open that SSH port because you’re limited to only creating generic rules based on .app’s and the Services you start in the “Sharing” panel; which will turn on port 22.
So some welcome security changes in Leopard, and you've got to hand it to Apple for trying to make configuring security more streamlined, but I'm disappointed that in doing so so much functionality has been lost. Hopefully Apple (or perhaps even a third party) will address the legitimate need to create custom Firewall permissions soon.
If I've made any mistakes or you have anything to add, please post a comment. Cheers ^^.