MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

(OSX1026WEB002:  CAT III) The SA will configure browsers to issue a warning when

entering or leaving an encrypted or secure site.

(OSX1026WEB0012:  CAT II) The SA will configure browsers to issue a warning if form

data is redirected.

(OSX1026WEB0013:  CAT III) The SA will disable JavaScript on browsers.

(OSX1026WEB0014:  CAT II) The SA will configure browsers to issue a warning when

viewing data on a remote site containing a security certificate that does not match its

Internet address.

(OSX1026WEB0015:  CAT II) The SA will configure browser home pages for the local site

home page or a blank page.

(OSX1026WEB0016:  CAT I) The root account will not use a browser for any reason other

than to control local applications.

4.2  Sendmail

The Simple Mail Transfer Protocol (smtp) is the standard for transferring e mail between hosts.

The sendmail program or equivalent (e.g., mmdf, rmail, smail) implements both the client and

server sides of the smtp protocol.  Sendmail can deliver e mail to local and remote users, mailing

lists, and programs.  E mail addresses are located in an alias file in which users, working through

their electronic mail administrator, may establish e mail addresses and mailing lists.

The Sendmail program will be removed from all Mac OS X Workstations.  To accomplish this

refer to APPENDIX C. PROCEDURES FOR BRINGING A MAC OS X SYSTEM INTO STIG

COMPLIANCE:  Removing Sendmail from Mac OS X.

(OSX1026SVR0059:  CAT II):  The SA will ensure that Sendmail is removed from all Mac OS

X workstations.

4.3  Ftp

Ftp allows the transfer of files between systems.  The client program is ftp, and the server

program is ftpd.  The system supplied ftp client will not be used on hosts inside the protected

perimeter.  The only data transfer client allowed will transmit and receive only encrypted

passwords and data once an ftp protocol session has been established.  The ftpd server supplied

with the system will not be used on hosts inside the protected perimeter.  The only data transfer

server allowed will transmit and receive only encrypted passwords and data once an ftp protocol

session has been established.  Hosts located outside the protected perimeter may use ftp and ftpd,

but the hosts should be considered  sacrificial lambs , in that case.  The following is a brief

explanation of the ftp utility to allow users to understand the use.

(OSX1026SVR0060:  CAT II):  The SA will ensure that Ftpd is set to permissions 000 on all

Mac OS X workstations.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved