WWDC2003 Session 622

Transcript

Kind: captions
Language: en
good morning welcome to our session
today we're going to be talking about
well network security best practices for
OS 10 before we get going I just want to
do a little housekeeping and introduce
my co-presenters so rather than you
having to hear me for an hour drone on
about OS 10 I have some cast members
over here and I'll introduce them in
order of appearance because I don't
think we do that on the slides first
comment will be David O'Rourke Davis one
of our engineering managers and David's
responsible for directory services and
authentication with an OS 10 after Dave
will have John Hurley John is our
security off excuse me security policy
architect for OS 10 and John just
recently became a famous apple employee
he does know I'm going to do this John
is actually the only Apple employee I
think ever to get his picture in the OS
I don't think Steve has even been able
to do this if you poke around you might
be able to find it later maybe we'll
have a prize whoever can find John by
the end of this session and then finally
Sean Geddes will be joining us at the
end for batting cleanup and sean is a
system engineer for our federal group
and sean is also the chairman of stas
the secure trusted operating system
consortium ok flip laws out there
okay so I think the best way to frame
this discussion today is is to just
admit that you're all intelligent people
and you know your networks better than
anybody else and they're all very
different some are standalone networks
don't require any passwords at all some
have light security requirements others
are very heavy globally dispersed VPN
access Kerberos requirements for
authentication so rather than to tell
you this is the way to plug it into this
particular network we're going to let
you make that decision yourself unless
you are me with the information rather
to give you the tools let you know
what's in OS 10 so you go back and make
the right decisions for your own network
so when we talk about network security
at Apple this is the definition we work
from here there's many very definitions
out there also if you look at you do a
little web research and network secured
you'll find all kinds of varied things
different policies waste of your
policies all the way down to how the
secure your firewall so this is what
we're going to work with today so the
focus at Apple first is really
communication in data security for us
it's about not just storage of your
information keeping that secure but
rather how it traverses the network too
so the data is what we're really trying
to secure and how do we do that first we
control access to it to system and
services through authentication and
authorization and then finally the
management of that access okay which is
very important so our design philosophy
it's really put it in at the core let's
not put it on later on let's build it
right in OS 10 was a brand new operating
system and allowed us to really take a
look at it and our security policy
architect John was very instrumental in
that we took the conservative approach
this surprisingly is fairly new most
folks didn't lock down the fort so we'll
get into more of this later but a lot of
new installs of some very famous
operating system that I won't mention
them here are quite open to exploits
right out of the box the US open source
so everybody here can look at the code
make sure it's secure there's no back
doors that can be verified open
standards why are they good we'll get
into that later as well and of course
the Apple trademark easy to use and
manage if security is not easy
it just won't be used people just turn
it off and that's no good so you got to
make it easy to use so like I said
security at the core of the OS r at the
core is Unix so we leverage the UNIX
core that's already in there with the
file permissions the services are built
right in your home directories and file
permissions are all set to segregate
your information from other users
multiple accounts is built right in and
protected memory so if a rogue app gets
ahold of the system it's not going to
crash it by taking over the memory like
I said security excuse me conservative
default services are off by default no
ftp servers web server is off all ports
are closed it's locked down the root
account is disabled like I said we close
the port and also we turn off telnet
telnet is insecure basically and we have
opted for ssh you can turn on telnet but
it's not that easy to do we don't want
you doing it by by accident so what is
true security is a famous quote here
from Bruce what I believe is what Bruce
is trying to tell us is that physical
security is paramount the basis for all
security is is physical security if once
that's compromised once we get to hold
of your machine it's all over you may
have the best encryption on there in the
world but if I hit it with a
sledgehammer there goes your data so
let's talk about the physical security
within OS 10 and also there's some
enhancements those 10 has for physical
security and apples security built into
its products of course you can lock the
cases so they don't get removed with
apple has a lot of experience in the
education market and things tend to
disappear from universities maybe the
kids are just borrowing them I don't
know once you lock it you can protect
the memory protect all the critical
components of that computer and it
protects the firmware settings which
we'll talk about in just a second and
then server service got a lot of neat
security features if the front of the
case is locked you can't mount firewire
hard drive
you can't mount USB also there's a
monitoring system in it so if the case
becomes open you can alert you to that
so open firmware security just by a show
of hands I can kind of see you out there
does anybody know about open open for
more security oh great a bunch of you so
I can't say enough about this this
really enhances physical security so if
for those of you don't know it's it's
analogous to the windows bios password
lock analogous but it it disables the
snag keys from startup so if i turn on
open former security which is a free
download from apple com you can't boot
off of a CD you can't boot up off of a
network drive i won't even mount it
won't turn it into target mode which can
be kind of a security problem it's a
thing just turns into a firewire hard
drive it's laughter up front yeah by the
way sit down there it's a superset of I
Tripoli 1275 and little trivia I Tripoli
1275 is the only standard have its own
song I don't know if you knew that you
go to the website you can listen to it
so the security services within OS 10
like I said before authorization
authentication we have the crypto
built-in and the certificate handling
John will jump into that and a lot of
death and give you a good understanding
of that but that's really the core
around the wrapper if you will around
the UNIX core so authorization controls
once I figure out who that user is what
can I let them do within the system
we've got a couple nifty little apps
built into server and the desktop itself
some may or may not be familiar with but
you can limit what the users can do as
you know our OS has you have an admin
and you have a user if you will but you
can tweak the control to limit really
what's going on within that OS and we'll
go into that as well so as you can see
here just for user this is just local
and Dave will get into more of the
global more scalable authentication or
choosing authorization and
authentication but you can see you can
limit what the user does so in a very
small shop this is a great way to keep
people from hacking their machines
or the network themselves so you don't
have to go back and redo what they've
done repair the damage so now bring up
Dave thank you sure for those of you who
haven't seen me too much this conference
my name is David O'Rourke I'm going to
be here to briefly go over
authentication and directory services we
went into a lot more detail on these
topics in session 607 and 610 if you
didn't have an opportunity to catch me
I'd recommend you get the developer DVDs
we go into a lot of excellent detail and
we're going to be going over things that
are pretty high level at this point so
authentication services most if you type
a password into Mac os10 99 times out of
100 it will flow all the way down and
hit directory services so all password
authentication is done using the open
directory architecture the reason we do
that is we want not only is Apple want
to provide a variety of ways for users
of passwords to be authenticated but we
also want you to be able to plug into
the open directory architecture and
authenticate users however you see fit
for your site so it's both the solution
for apple and an opportunity for
developers and customers what apple
provides in terms of network based
authentication is we provide a password
server which provides support for legacy
authentication protocols this is secure
on the network you cannot download
hashes the only authentication methods
that supports our secure
challenge-response authentication and as
you may have heard at the conference
once or twice we're offering and really
going forward with kerberos so moving
forward we take authentication services
on the network very seriously we're
integrating them into open directory we
already offer some very credible network
security around the password server
immigrants and removing aggressively
into the Kerberos space for enterprise
architecture again open directory
enables integration with existing
directory services we support ldap we
support and I asked your yellow pages
for those of you have been around quite
a while net info active directory and
local bsd configuration file the open
directory server is a ldap server that
offers us a self support is based on
openldap 2.18 currently is what you have
on your Panther build will be
investigating updating to the latest
builds I've heard there's some later
builds of openldap
we have a very easy to use open set up
assistance like three clicks to deploy
an LDAP server and it's entirely based
on openldap you can download the source
you can look at it we have some changes
all of the changes we've posted back to
the Darwin website for those of you not
who didn't get a chance to go to session
16 this is the open directory
architecture the blue box is at the
bottom would represent applications such
as login window or maybe the
authentication dialog that comes up when
you click on the lock icon in system
preferences most of the time those end
up calling the open directory API is the
open directory API figure out which
plugin is hosting that user record and
then we engage with whatever directory
system has been configured to conduct an
authentication our authentication is no
better or no worse than the directory
system that you deploy your site if
you're comfortable with the directory
system that you've deployed at your site
the authentication method is using open
directories exactly as secure as that as
as that deployment if your directory
system is not secure open directory
cannot add security to that environment
so you can have a mix of clients you can
have Macintoshes on the network sharing
directory data you can distribute the
directories and force the Macintosh is
to use a particular directory system
through your DHCP infrastructure ldap
can be there we have the authentication
authority record which lets you actually
mix user records in the directory so you
could have some users for the crypt base
you go some users with a password server
based and you could have some users sort
of Kerberos base the authentication
authority lets you pick the appropriate
security for your user records at your
site and home directories can be mounted
over authenticated protocols we already
support AFP authenticated home
directories we support SMB and Panther
SMB home directories so you're not
mounting home directories over NFS which
I've heard historically may have some
security concerns the open on the open
directory authentication is entirely
standards-based the password server is
not something we built from scratch it
is something we built from scratch
around an open source protocol in that
protocol with saffle baffle is very
secure it doesn't support clear text
authentication well it can but we've
removed it and you can add my it's
modular and you can add new
authentication methods such as
server without a lot of effort the
password server also provides policy
enforcement how many of you have policy
enforcement at your site you want the
users to change every 30 days minimum
minimum password length character set
enforcement must contain a symbol Wow
for security conference I want to see
more hands so you need to deploy the
open directory password server we can do
all of those security enforcement's and
make sure that the passwords your users
are choosing or not guessable have high
quality and are change frequently enough
to matter the password server will also
disable inactive accounts say you have a
contractor on site and he hasn't logged
on in the past three weeks and you don't
want them coming back and logging on
without checking with you first you can
set up the password server to disable
inactive accounts that haven't logged on
recently the pastor server also provides
one very unique feature which is you
have the same password for multiple
services if you deploy multiple Mac os10
servers or other servers and point them
at our ldap server with password server
you get one password for all of your
services you get the same password for
imap as you get for AFP as you get for
SMB they don't even have to be deployed
on the same physical server so that
means the password quality that you're
enforcing in one protocol carries over
to the other protocols that means when
the account is disabled it's disabled
for all of these protocols Kerberos how
many people have Kerberos deployed at
their site yes we are going with
kerberos in a very big way Kerberos I
believe stands for the three-headed dog
that guards the gates of hell I thought
that was a very interesting choice by
the original Kerberos team as their
product we are basing all of our
Kerberos work on MIT kerberos work we
simply take the MIT source code enhance
it and integrate it with our with our
with our work this is going to be Apple
single sign-on strategy moving forward
next year you're going to hear even more
about Kerberos we're Kurt we're
aggressively carburizing a lot of
applications we already provides mail
there's the third party products for
fetch for kerberos ftp telnet is
carburized although we turn it off AFP
is carburized and in Panther SMB is
Kerber eyes and what's not on this list
is Panther is going to have curb erised
ssh so look for more curb erised
protocols
from apple look for a Kerberos server
and Panther server you will be able to
deploy a Kerberos server with the same
amount of clicks as it takes to deploy
an ldap server because you won't have a
choice if you turn on the ldap server
you have also deployed a Kerberos server
workgroup manager how many of you use
managed desktop okay for those of you
are already used it you you recognize
that you can put all of your policy
management information in the directory
so you can have your LDAP directory host
your dock preferences your security
preferences well the tool that you use
to modify those preferences and force
your users into those into those
architectures is workgroup manager
worker manager allows you to manage
groups users and computers you can
enforce privileges per computer you can
enforce privileges / workgroup and you
can enforce privileges per user it
controls access to software hardware and
network resources so I can control which
applications a user can and can't run
mini k12 sites disable the students
launching terminal if they can't run
terminal they can't run command line
tools it kind of limits their ability to
hack around in the system you can manage
system preferences you can manage which
system preferences the user can do you
can force energy saver settings hold
kind of things there's a whole session
on the details of managed desktop I
recommend you look at it but worker
manager is our directory based tool that
lets you do that and because worker
managers based on open directory you can
put those preferences into any directory
system that you've deployed we stored in
RL that v3 server but if you configure
openldap to or two configured your open
directory to point at a different
directory server you can use worker
manager to get the macula 10 policy
information into the directory server of
your choice we have one customer we're
working with who's writing a plug-in for
open directory to oracle he's going to
make the plug-in read/write he seemed
going to use worker manager just shove
policy information into his Oracle
database to manage his desktop so what
I'd like to do at this time is bring up
John early to talk about security
services and I thank you for your time
[Applause]
great thanks Dave is eric mentioned I'm
John Hurley the security policy
architect and I'll go over actually at a
pretty high level some of the different
security pieces that we have sort of the
lower level of the OS we have had a
couple of sessions already one on Monday
on security overview and another session
I think yesterday on certificate api's
we have a feedback form this afternoon
so just a few other pointers so kind of
the core of I guess it's really our
middle layer of security is the common
data security architecture and this is
an open group standard that was
originally developed by Intel that we
actually used on OS 9 and have continued
to use in OS 10 we've implemented the
2.1 version of the spec and this is
responsible for doing all the
cryptography the certificates things
like that so that's a very important
building block for the security on our
system we have rather than just taking
this one set of api's and just sort of
pushing that out as a very extensive set
of AP is we've added another layer on
top of that we call layered services to
try and make it easy for developers to
to use these services without having to
know all the gory details down below so
for example keychain is all built kind
of on top top of this higher level a lot
of things that you may not think about
say for example safari that is you
calling through to secure transport
which calls through to CDFA and so if
you're changing things in the
certificate route search database down
below that's going to be used by Safari
it's going to be used by anybody else
that's using those api's so we're really
encouraging developers to to use those
ap is so that they can get the
consistent experience for their users it
is very very customizable API you can
write different modules to do different
things for example different security
trust policies for certificates Perry
went into pretty good detail of that you
can check that out on the on the DVDs we
have done almost everything everything
that's in there that's not you I is open
source so if you want to see how we did
something some of the say the
authorization framework or you know how
we did secure transport that stuff is
available in the Darwin repository so
here's kind of a simplified overview of
how CDFA is put together and you can see
the different layers that we have there
the bottom layer are the plug-in modules
cryptographic service providers are
excuse me they implement the all the
different cryptography algorithms aef
Triple DES things like that you know
hashes like sha-1 and md5 certificate
library and trust policy module deal
with managing and dealing with
certificates so the certificates that we
support on OS 10 are the x.509
certificates but it would be possible to
write the certificate library to support
other kinds of certificates the trust
policy module has a bunch of different
policies in there and we have really
good support in Panther now including
you I panels for letting the user manage
the trust on a particular certificate
and picking the policies that a
certificate or an identity is is going
to be used for
the data store library is a place where
you can store cryptographic information
or actually other information it's
pretty much just the database portion of
CDFA the key chains that you're probably
familiar with are actually a combination
CSP and dl module combined together so
that it knows how to retrieve encrypted
information and store encrypted
information the layer above that the
cssm layer that is roughly analogous to
crypto API on the windows side but one
of the big differences as I mentioned is
we have this layered services layer that
makes it a lot easier for people to get
into it you can you know pretty easily
do things like for example the keychain
AP is at the low level I don't know
maybe there are probably 20 or 25
keychain APRs but what most developers
end up using if you're not a you know
security intensive application you're
going to end up you know using find
generic password add generic password
expensive you don't have to worry about
any of the details down below where this
stuff's getting stored how its encrypted
presenting you I to the users all that
stuff is is built in up at the top layer
you can see some of the different
applications on the system that are
using these services you know either
directly or through some of the system
frameworks that we have built in so for
example disk copy when you create an
encrypted disk copy image that is
calling through these api's mail uses it
to store your passwords keychain access
of course Safari uses it for not only
passwords but also a certificate support
so here's just a you know one example of
the certificate you I kind of a portion
of a screenshot there but we we have put
in really good support on Panther for
dealing with certificates and something
that I'm really happy with we we did the
best we could for Jaguar we tried to get
like a you know a useful subset but it's
just very very difficult to implement
this full standard and really get it
working the way that Mac users expect
you know just very very easy to use we
also wanted to make it very very easy
for developers because we knew what a
pain in the neck it was to have to deal
you know to write this screen and
looking up you know a zillion different
fields and trying to figure out what the
standard said about how they should be
presented or what the values were we
just didn't want people to have to go
through that same pain so we tried to
make it available and I think we did a
really nice job in Panther with that we
have support for a lot of different
certificate formats so for example pem
format certificates if you take a you
know a dot CER from another platform you
can double click on it and it'll be
imported into your keychain we can
handle simple pkcs12 formats so that you
know for example if you have an identity
that you got from verisign or someplace
like that you can import that into the
keychain it doesn't support things like
nested you know multiple e nested pkcs12
files but you probably won't run into
those we also have added support for
crls and we have a really nice UI for
dealing with user management of trust
settings so you can say okay for this
particular certificate that i have i
only want to trust it for ssl
transactions you know use on a web page
where you can say no i want to be able
to send signed and encrypted email with
the certificate so the user can choose
those kind of things or they can say
things like don't ever trust this
certificate i just know that it's bad
it might say that it's good whatever
just don't trust it this is kind of a
brief list of things that i mentioned
that are supported in the CSP so you
know we really try and use aes because
that is the you know officially
supported standard by nist its kind of
actually amazing to me to see just very
large companies somehow saying well yeah
definitely by next year we'll have that
aes thing nailed you know and i'm
thinking gosh we did this whole thing
like the week it wasn't even finalized
yet we already had a es in there but
anyway we do support things like trick
des and Triple DES because those are
still around you know different types of
keys we support DFA and RF a public keys
okay so I I mentioned briefly before
that disc copy uses the CD s a framework
and the algorithms in there this
encrypted disk copy images are a really
really cool feature if you don't
actually only have how many people know
about encrypted disk copy images okay
good I for anybody that didn't raise
their hand you got to learn about it
it's it's a very very cool thing we've
made it easier int answer for users to
use it and in some cases kind of made it
transparent like for example file vault
is underneath that it's using an
encrypted image even if you're not using
that you can create them from the
command line or using Disk Utility it's
moved from the disk copy application
into disk utility on on Panther but
these images can be they can be grown
you can make them pretty small I have
one on I think I have you know one of
these little devices here this this one
actually has a fingerprint reader on it
so I have I have true three factor
authentication on this something I have
something I know which is the password
to the encrypted image that's stored on
here and some
thing I am which is my fingerprint so
this is cool you can put in your you
know PGP keys you can put in you a copy
of your key chain I don't know it's just
very useful the other thing to note
about it is that they're very high
performance so it's I mean it you can
imagine all the things that it depends
on but just a particular test system we
had set up it took like about ten
percent over the cpu or sorry ten
percent over the disk speed overhead so
it's just a little bit it was almost
free but not quite so hopefully we'll
get there at some point make it totally
free just a screenshot it's pretty much
the same as making any other encrypted
in or any other disk image except that
there's one pop-up menu that allows you
to choose the encryption method current
we we just support one encryption method
which is a es but it is built on top of
cdsa so we could support different
algorithms at some point okay it's going
to go quickly through teaching access
I'm keychain has been in the US since
actually 8.6 so at this point I would
imagine people are kind of familiar with
it we every user on 10 since 10 point O
has had a keychain by default and it's
unlocked when you login one change that
we've made going to answer is that now a
new years user that is created will have
a login keychain as opposed to just the
default keychain like before we had you
know if my account was John my default
key chain would also be named John now
it is named login keychain and that was
that allowed us to help determine which
keychain people were really really using
for their login keychain it also made it
easier for people to make a second key
chain in case they didn't want to have
one unlocked by default
it's it is a networks a format so you
are it's okay to put you know your
passwords and whatever into that file it
can sit out on a network server we're
really pretty confident about the
integrity of that file so even if it is
left out you know somewhere it's
unlikely to be be able to be attacked
internally we use it for all kinds of
things as I said we have passwords in
Safari that are stored there and you
know we've encouraged anybody inside
Apple that's storing a password to store
it inside the keychain and not put it
somewhere else and that gives kind of a
consistent user experience and it also
means that they don't have to try and
write their own you know special set up
a couple of things that you might not
know about your keychain settings with
these are good things to do if you go
into keychain access you can set a time
out on on lock because by default your
login keychain just stays unlocked for
the entire time that you're logged in so
you can set that to be five minutes
whatever you can also set it so that it
locks when it sleeps if people have been
using that feature on jaguar it didn't
work quite the way we wanted to with
closing the powerbook and going to sleep
so that has been fixed in a nice way and
it does the right thing when you close
it like for example it will forget the
credentials for your encrypted disk copy
images so when you open the thing back
up again it's going to prompt you again
and if it doesn't get the either the
keychain password or the disk image
password it's going to unmount the disk
so that's just the behavior you want on
a portable device okay if you're in the
Federal Space you make might be aware
that we had released a product called
the federal smart card package i think
in january or februari and it was
available just as a
I think $49 product on the federal web
store the interesting thing is that
we've rolled that functionality into
Panther it's not going to be of interest
to you unless you're actually you know
in a branch of the federal government
that has uses common access cards but
the thing that's sort of generally worth
noting is that we we have put this in
we've done changes to for example screen
saver login window things like that so
that they can be used with alternate
authentication methods so there are
other companies that have come out with
this type of functionality and it's
worth looking at that too I know crypto
card has announced things active card
sony has come out with a fingerprint
reader so all these things are leveraged
on top of the authorization API okay so
at this point I want to bring back up
Eric I want to introduce it to because
he forgot to say who the heck he is but
he he is the what are you prepared ready
product marketing manager security
product marketing manager I for OS 10
there you go thank you doesn't like I'm
gonna go thanks
so I saved the cool stuff for myself
when putting this together so we didn't
talk a lot about what's in Panther right
now and I'm going to go through some of
those things some of those nifty
features right now as you can see here
under your internet connect dialogue we
now have a VPN support for l2tp over
ipsec yay and that's in a client and
server yeah pretty excited about that
also we'll go in a little deeper about
what we've done for a 2 to 1 X so we
also support that as well for wired and
wireless networks which is great so a
very simple to use screen for the user
to put in their settings not a lot of
difficulty there also multiple
configurations support so this is great
kind of excited about this so if you're
moving around from network to network or
you're you're traveling you can just set
up at home i'm on the i'm at the office
and however you need to connect from
that point so we support that as well
and that's also in VPN and 80 to 1 x now
you're probably familiar with the
built-in firewall but for those of you
who are not i wanted to mention it we
have a built-in firewall based on ipfw
quite simple to use and your users as
they enable services the port's
automatically open within the firewall
themselves or you can customize it
further for other well-known services
that you'll see their apple remote
desktop and what have you or things that
aren't listed so we give you full
customization of the firewall and also
within the OS Transport Security a lot
of this drops down to the CD s layer and
makes calls from that point but of
course we support openssl TLS and all
the variants of that and then of course
openssh is built into this system so
that kind of ends a lot of the features
that are in the OS around security we
also are very concerned about holes that
pop up because let's face as they do
they do arise so we try to keep you as
users informed about this we also work
with cert and first to receive and
distribute information we
have a mailing list that you can get
hooked up to so if any alerts come out
you can get those sent to you so you
don't have to actively check yourself in
addition we have an email address that's
what the thing is that you can report
security oh that you may find and we
actually do take them quite seriously
when we research everyone we get and
then also updates to the systems there's
any security holes or vulnerabilities
that pop up we can update those quite
easily with security updates right
within the system so just to summarize
some of the recommendations we have here
today controlling physical access is
huge that's paramount I completely
recommend using open password security
and looks like a lot of you guys do here
you know use the home directories and as
you know now that filevault is there and
you can just click a setting and your
users will be secured they'll use the
built-in firewall why not it's there
it's free what the heck only turn on the
services that you need there's a
no-brainer and don't make everybody in
administrator lets you have to so I'm
going to bring up Sean Geddes Sean's
going to talk about the current and
future initiatives OS 10 and some of the
neat work we're doing around
[Applause]
so I brought all my authentication
devices because I was afraid I wouldn't
be able to get in here the area of
security within government many folks
may initially think that that's just
government doesn't affect me but I think
all of you don't you all pay taxes I'll
pay somehow you're all impacted by what
our government does what we want to do
is share a little bit with related to
the OS related to efforts that Apple's
doing and external entities are doing
related to our product so within not
only our government but within
governments literally around the world
there's the need to evaluate to provide
assurance that the product truly is
providing those secure services right
where we're leveraging a lot of open
source how does Apple or how to others
ensure to you the customer to
integrators to others that that product
is providing that true security out of
the box and with some of the
recommendations that Eric and Jon and
Dave had mentioned a lil bit earlier so
common criteria widely known also as ISO
15 408 for those of you kind of in the
other part of the world this is to
address just that how do you evaluate
how do you put a level playing field so
to speak on evaluating the security of
the products just to hit on some of
these it's really to address issues in
the market international computer market
trends evaluation or evolution of
adaptation of earlier criteria if you
saw that the chain of events of TSX and
other products other documents other
government agencies that have involved
themselves in making this a ubiquitous
or I globally recognized approach all of
this feeds into providing a much larger
world view of how to look at products
with respect to security so with common
criteria with Apple
first of all I want to give a couple
points to let you know really what this
is doing first of all it's a it's an
independent certified lab that's looking
at OS 10 OS 10 server to validate vendor
claims validate what Apple is claiming
about the product itself so that the
feature set in the capabilities again I
had mentioned about being globally
accepted is 0 15 408 but what is Apple's
target what are we doing with respect to
mac OS Tanima clifton server we are
shooting for pretty much kind of the
standard for all operating systems and
that's the controlled access protection
profile the profile is really what the
functional requirements of the OS now
what are those features what's really in
the product itself the reference at the
end there is really for the assurance
level how sure are you or how sure can
the independent lab provide to you that
indeed that claim that functional
feature is again tested or it truly is
there and again a level 3 goes through a
methodically tested and checked process
there there are multiple levels in this
that get into a more granular kind of
providing evidence and all that again
those features are indeed there there
there but I think for you all you want
to know what what value is it going to
be to you right what is Apple's
evaluation of OS 10 OS x server for
common criteria what value add is that
going to be for you one of the key thing
is that you know we've talked a lot
about that here at wdc the open source
colonel when you're dealing with a
security of OS 10 OS and server you're
truly looking at all of the open source
code you're looking at the colonel
you're looking at all the security
frameworks that have been mentioned so
you from the developer standpoint are
now getting for you a independently
certified open source
under under the framework for the
operating system oops going backwards
you always have to hit the right button
come on
okay for developers not only that but
you now have a secure foundation to
build your solutions on as well much
like I mentioned about securing a
foundation for OS 10 since Darwin is the
open source that could now be an
embedded system for other solutions that
you yourself are building as well so
some of the things that we want to move
into and share with you from a
perspective of what we're doing within
the government space or at least with
the collaborative within that space kind
of the second line their security
built-in not bolted on I guess that's
kind of our mantra within our space
there's so many products so many vendors
that have solutions where security is an
afterthought you know hopefully you have
seen that Apple is doing this right from
the start but not only building things
from the start you have to have that
evolution and carry that through with
products one of those approaches is and
I'll get into a little bit more of this
later is a secure trust OS consortium
Eric had mentioned this is really an
open collaborative community based
environment for enhancing the security
of Darwin right again you're going to
have this independently certified kernel
and search theory frameworks you need
some additional enhancements to keep up
with the times keep up with security
innovation and again that's the focus of
stas and we'll games a little bit more
about that in a bit some other efforts
that we do is we've done some work as
well relating with DARPA DARPA the
Defense Advanced Research Project agency
and an individual there is Doug mom who
has been heading up one of his projects
it's called chat it's composable high
assurance trusted systems the reason
that's important is as I just mentioned
Stassi is focused on enhancing the
security of Darwin the focus of chat is
to enhance the security of all open
source operating systems so we are kind
of a spoke in that whole process
one other thing is related to creatives
creatives for those of you don't know as
a cooperative research and development
agreement and what that does is allow
two or more parties to work together in
a very collaborative very interactive
way to share the technologies to really
get a little bit deeper into solutions
without looking specifically at
producing a product at the end of the
month or at the you know the next
quarter it's real research related with
experts involved John had mentioned the
Federal smartcard integration that we
talked about a little bit earlier we did
that specifically to address department
of defense needs for the CAC card which
I've got a few of those here this is yet
another way that the government and
Apple being involved in this as well is
trying to provide another alternative
for authentication by providing some
mechanism for you the user within the OS
and finally those of you who are
familiar with nist a national into and
standard of Technology there are many
initiatives going on there that we're
part of that is key to impacting again
not only government but guidelines and
standards for rolling out enterprising
and the businesses after that as well
many groups will look to the guidelines
there for providing those the direction
so let's look at just some of these in a
little bit more detail I mention a
little bit about secure trust OS
consortium this is a that collaboration
between the public private and academic
sectors so there are university folks
involved there are industry folks
involved and there are government folks
involved again an open collaboration all
looking at the open source addressing
specific needs working together on
issues may be highlighting some areas
that need work and then going forth kind
of both with the passion and with the
need within the organization's to make
that happen
it truly becomes a collaborative sandbox
because you're working through those
issues and this then becomes a staging
area for ten right essentially what
we're doing is we're enhancing the
colonel it rolls right into Darwin CBS
that becomes the foundation for OS 10 so
it truly becomes a staging area for Mac
OS 10 I want to give you at least some
idea both from the high end and from a
low end of the type of thing that we
address one thing is kind of maybe from
a more intense area is actually
evaluating the original snapshot of
Darwin at the time against other efforts
you know maybe even like selinux or some
of the other initiatives that have been
funded and implemented in the past where
does Darwin stand within that mix you
know what what's the level of effort to
bring it up to speed or up to kind of on
par with those same solutions so that
was one of the efforts that had already
anon there were some other ones that may
seem pretty small but they have a much
bigger impact that was even leveraging
the cdsa architecture within even just
one of the modules within apache well
what are we doing going forward some of
those projects are security guidance
documents I know I've been talking to
several folks here at the conference and
we don't yet provide any real
documentation for what do i do to really
configure kind of after i get out of the
box and ever after everything shut down
what do I really get where do I go where
do I see kind of a document to tell me
what to do to lock this down to some
agreed level of security so that's one
of the the efforts moving forward that's
kind of at the low end and at the high
end is kind of Nirvana right the
ultimate goal is this true SE darwin so
to speak kind of on parallel with
selinux approach that's the that's the
stops effort i mentioned crater great
again is the cooperative research and
development agreement it's focused on
security
specifically write a creatives can be
anything they create it can be just
looking into any type of technology
solving a real world problem in here
let's first take a look at what it does
immediately for apple and a partner if
that's a in the situation and then we'll
look at how it impacts and affects you
all as well so first of all when we're
focusing on this there's a big
technology transfer right Apple does
some awesome stuff internally with
security team and and within managing
new projects bringing in the open source
community but when you're really trying
to address security at the whole and
holistically from all angles you really
need to reach out and exchange that
technology both intelligence the
expertise and literally down to the code
level and that's where the technology
transfer comes in sharing of expertise
ideas it really is now enabling the
partners to get further along than they
would on their own that's kind of a
given right if you if two people are
working on the problem you're going to
solve it much quicker if you're both
working pretty good and sharing your
resources you're going to get it a
problem solved sooner than if you're
both working kind of in parallel on your
own solution so the real important thing
to you is how is this how has apples
involved in the Creator going to help
you okay first thing is that much like
I'd mentioned with stuff is now you're
getting you're getting the benefit of a
enhanced foundation to build your
solutions on whether you build it
directly on OS 10 OS x server or on
directly on darwin with scary frameworks
you're getting that as part of your
development process literally for free
right you're eating as part of the
solution from Apple the same thing
technology transfer you may not have
that area of expertise maybe in
encrypted storage containers like the
encrypted disk copy image or public key
that may not be your expertise but now
you're getting that essentially for free
from this effort
and the real key thing is that now you
can focus more on your killer
application that makes you more money
rather than focusing on trying to get
and build in all that security from the
start within your within your
application and the key thing is that
we're all benefiting from this effort
right it's not just an apple it's not
just a partner we're all benefiting from
all this effort John had mentioned about
the smartcard DoD is pretty much led the
way on this and what I wanted to show is
a couple highlights one thing is this is
a multi-purpose ID I think they're
specifically about five very directed
types of solutions that are being solved
or needs being solved by a by the smart
cards the physical identification the
secure logging into systems the signing
encrypting of mail secure web access and
I think many of you seen this in other
sessions but it's a multi-purpose card
right multiple multiple functions and I
get tons of cards so you can see that it
goes beyond the need for just one but
again the key thing that reason I want
to bring this out for you all is that
they already have issued 2.4 million of
these just within DoD and they're
issuing 10,000 a day that's a business
opportunity okay this is where the money
comes in for you all not only that is
that as things move forward the estimate
is about another 1.3 million a year this
is only I'm only referring at the moment
to DoD then you have all of the other
agencies within the federal government
many of you probably should have seen
areas even within state local
governments are looking at types of
solutions like this again big
opportunities for you those who also are
in the area of biometrics within the DoD
space they're looking to incorporate
that as well in with smart cards so
again this is where you can start
leveraging the technologies that are on
the platform on the right side you're
seeing a little bit of the anticipated
deployment numbers some of those are a
little bit debated by various folks but
being upwards into 2005 possible
deployment of up into the 16 million
card range again just within our space
maybe at this point i guess i need to
bring back Mr Hudson or get the whole
team so thank you very much for allowing
me to share
[Applause]
so this this is going to be part of your
pack when you get your DVD so I just
thought I'd put those on there for you
as reference later on