MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

(OSX1026SVR0057:  CAT I) The SA will ensure that the traceroute command of the Mac OS

X server has a group owner of sys, bin, or root.

(OSX1026SVR0058: CAT I) The SA will ensure that the permissions for the Mac OS X server

traceroute command are 700, or more restrictive.

(OSX1026SEC0110: CAT I) The SA will ensure that the to Mac OS X workstation traceroute

has its user permissions set to 000, by doing a chmod 000 traceroute.

Note:  The SA will ensure that the Mac OS X workstation traceroute is used by the SA to

troubleshoot problems if needed; in this case it can be reactivated by using a chmod u=sr,go=rs

tracerout and this will be documented and justified with the IAO, the IAM, and the NSO

(Network Security Officer), it will then be set to a 000 status.

4.1.7  Client Browser Requirements

Mac OS X ships with Internet Explorer 5.2 by Microsoft.  The  latest security patches will be

applied to the software.

(OSX1026WEB0018:  CAT II) The SA will ensure that any web browser that is being used on

Mac OS X is PKI enabled.

(OSX1026WEB0005:  CAT II) The SA will ensure any web browser, is the latest approved

version and at the latest patch level.

(OSX1026WEB0007:  CAT III) The SA will ensure the browser is capable of 128 bit

encryption.

(OSX1026WEB0008:  CAT II) The SA will ensure the SmartUpdate, or software update

feature, of a browser is not enabled.

(OSX1026WEB0006:  CAT II) The SA will configure browsers to accept cookies only from

the connected site.

(OSX1026WEB0009:  CAT II) The SA will configure browsers to disallow secure content

caching unless encrypted.

(OSX1026WEB0004:  CAT III) The SA will configure browsers to display a warning when

submitting non encrypted form data to an html page.

(OSX1026WEB0003:  CAT III) The SA will configure browsers to display a warning when

viewing documents with both secure and non secure content.

(OSX1026WEB0010:  CAT III) The SA will configure browsers to disallow automatic

downloading of active content.

(OSX1026WEB0011:  CAT III) The SA will configure browsers to disallow active scripting.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved