The classic Mac OS did a really good job of security through obscurity. Hold on -- before you label me a heretic, hear me out. I don't advocate basing security on obscurity, but it makes for a nice additional level. I never had a need to run server processes on my personal machine, and I dialled up with a dynamic IP. I also never had to deal with infection from email Trojans since Mac mail clients don't default to executing content of emails (and even if they did, they wouldn't have much luck with Windows binaries -- more obscurity at work!)

I'm familiar with and use a wide range of OSs (I started on Ygdrasil Linux in grad school in '93, then various Windows NT and Unix flavors in the corporate world, plus PDAs, and others for fun). I recognize that each have their strengths and weaknesses, and that I'm personally quite atypical in what I look for in a personal machine.

I'm still learning my way about OS X, but so far I really like it. I bought the machine after the book was complete or I may have been more involved with that chapter. I like the continued lack of hardware integration problems characteristic of Apple, but I also really like the power and 'hackability' of the Darwin/BSD underpinnings. I've always liked customizing the computer to my usage patterns, and this is fertile ground. I've been quite pleased with the security out of the box and Apple's responsiveness to security updates.

How long did it take you to complete your chapters for "Maximum Security 4/e" and what was it like?


One week each for the two chapters I did (Internal Security and Intrusion Detection Systems). Plus a couple of days each to review editors comments a few weeks later. But I wouldn't say this was typical.

I got involved in the book through a friend and former co-worker who's been involved with Sams Publishing for several years. They were needing some extra help after the project was underway. I had been wanting to get involved in book writing, had the background, and had the time to take on two chapters. Since this is a 4th edition, I was given the chapters of the 3rd edition as a starting point. From there I checked all the references to outside material and updated them as necessary, added new material, removed obsolete parts, and generally interspersed my own knowledge and experience where it made sense.

The people at Sams were great to work with, and I quite enjoyed the experience. I'm looking forward to my next book project, but there's nothing definite right now.

What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?