Mac OS X Security for Administrators: Lockdown

Once it's finished you can get a clearer picture as to the results:

It's not an accurate scan in this case because I performed it from the localhost to the localhost, but when scanning another OS X machine, this makes it easier. Using the basic scan (nmap localhost), I did find tcp port 631 (internet printing protocol) open.

Ah-ha!

That'd be my networked Samsung CLP-610 printer. I go to System Preferences and ensure that I don't have printer sharing on. This port is open so I can see how much ink is left on the printer, what its status is, IP address if changed, etc. It allows me to manage the printer remotely, although I've yet to find the virtual paper loader.

A more intensive scan (nmap -sV -v -v -v -v -v -v -v -v -v -v -PS -O -packet-trace -sS -PP -PM localhost) attempts all ports and provides 100% OS detection (as seen in the screen above). And yet, it still has just the one port open: tcp 631.

Not bad!

In future articles, I'll take a look at software firewall options for OS X since a lot of users are being given nifty MacBooks and MacBook Pros to lug about airports. I'll also look at some of the wireless sniffing options.

Even though the history of Mac has been solid from a security standpoint — and it remains relatively solid today &mdash it doesn't mean that we should sit on our laurels.