Apple’s Mac OS X operating system has been rapidly gaining in popularity among security professionals. This can most likely be attributed to its excellent GUI, BSD underpinnings, and increased focus on security features. Apple has taken a proactive stance in developing a more secure OS, and is working hand-in-hand with the BSD community to explore secure standards for the BSD family of operating systems.
The underlying structure of Mac OS X uses many BSD-derived components. Because of this, the configuration, scripts, and firewall are very similar to FreeBSD. File paths are often different, but the concepts remain the same. The examples and walkthroughs in this chapter work on both Mac OS X Versions 10.1 and 10.2.
Mac OS X installs with a pre-compiled kernel that contains support for everything needed to use the OS as a wireless client. There is no need to compile a custom kernel, but if you do want to experiment with different options for the kernel, visit http://www.opendarwin.org to get started. The Mac OS X kernel builds are derived from the OpenDarwin kernel but changed somewhat before release by Apple. Building a custom kernel is a path for the more daring, and technical, user.
Support for the Apple AirPort wireless card is completely integrated into Mac OS X. Configuration is accomplished through the System Preferences dialog boxes. The settings and options are primarily contained in two tabs of the Network section of System Preferences.
Figure 7-1 shows the AirPort configuration tab. The AirPort ID is the MAC address of the wireless card in the computer. The series of options below determine the way the OS will select which wireless network to join at startup or when to come out of a standby mode. The first option joins the network with the strongest signal. The second option will rejoin a recently used network. This option has a checkbox to remember network passwords, which is how Mac OS X refers to WEP keys. The final option restricts the computer to only connecting to a specified network SSID. (The SSID is Wireless in this example.)
There are two checkboxes at the bottom of the tab. The first enables the creation of IBSS networks, operating in peer-to-peer mode between workstations. The second adds an icon (Figure 7-2) to the menu bar to display the status of the network connection and provide a small drop-down menu of common actions.
Also in the Network section of System Preferences is a tab for the wireless card TCP/IP settings. An example of this tab is shown in Figure 7-3. Make sure you select your wireless card in the Show drop-down list before changing settings. The Configure setting will determine whether DHCP or static address information is to be used. If static settings are used, the rest of the fields in the tab can be used to set the network configuration.
Besides showing whether the AirPort is connected to a wireless network, the status icon in Figure 7-2 also provides a menu of common actions. All the detected SSIDs of nearby wireless networks are displayed on the menu; clicking on one will cause the computer to attempt to connect. If the network is closed (requires WEP), a dialog box prompting for the password (WEP key) will appear. The WEP key should be entered in hexadecimal notation, not as regular characters.
There is also a choice titled Create Network. After selecting this, a dialog box will request a network name (SSID), password (WEP key), and channel. The wireless card will create an IBSS network with these settings.
Mac OS X includes two programs to help in configuring the Apple AirPort AP. If you are using an AirPort AP, the AirPort Admin Utility and AirPort Setup Assistant, which are both located in the Utilities folder, can be used to remotely configure the AP. Since these tools are SNMP based, you may also have (limited) success using them to configure other APs.