The following document was found in the NSA site as an unclassified document. It serves as a good background to securing OSX an the various things to look out for.
Other interesting links includes
- http://csrc.nist.gov/pcig/cig.html
- http://www.nsa.gov/snac/downloads_macX.cfm
- http://www.sans.org/resources/idfaq/switched_network.php
Interesting tools includes
- weplab – cracking wep passwords
- nmap – port scanning
- tcpflow
- MacStumber – scan wireless
- EtherPeg – scan wireless for pictures
- AirTraffic control – widget for wireless scanning
- tcpdump – dump tcp traffic
- john the ripper – password cracker
- SNORT
- HENWEN
- Little snitch
The National Security Agency has good guidelines for Mac OSX. The security documents are available in PDF format on their OS Guides page for Mac OS X.