Top Security Tips

General Security

Built-in - Using the operating system's native toolset available for the user to configure and raise the security posture from its default 'convenient' settings. For example System Preferences, Keychain Access, Software Updates. Third-Party - Using third-party vendors to further enhance the native system usually with additional front-ends. For example 1Password, Little Snitch.

Encryption Security

Built-in - Using native available encryption. Apple comes with FileVault 2; a whole disk encryption feature allowing users to have their data made irrecoverable in an event of theft, loss, physical compromise. Third-Party - Using both open source and/or commercial encryption suites such as TrueCrypt, Mac GPG, Symantec's PGP Desktop.

Malware Security

Built-in - Using native available malware protection. XProtectUpdater which updates the 'safe downloads list'. Third-Party - Using both commercial and/or free anti-virus/anti-malware suites such as MacScan, Sophos, ClamXAV. For the most part by configuring and enabling the built-in security features that Apple Mac OS X Lion has to offer third-party utilities turn into a 'want' more than a 'need'.

Post-Installation

Security begins at... well the beginning. For most users this is known as post-installation. Just around where they would turn on their Macs for the very first time. The following 21 recommended security tips are not only recommended but also encouraged:

1. Create Your Computer Account

During this screen enter a password make sure the checkbox labeled 'Require password when logging in' is checked. If a password hint is entered make sure it doesn't reveal to a potential attacker the password. I like to put in an appropriate message directly to the attacker such as 'Sorry buddy, it isn't that easy - try something else'. Note that Apple states "Enter a hint to help you remember your password. Anyone can see the hint, so choose a hint that won't make it easy to guess your password."
 Create your comptuer account

2. System Preferences : Change Lock Security Feature

Locking system preferences configurations is ideal in a secure world as to make changes requires authentication with administrative credentials. Of the 29 default System Preferences 11 locking options are offered by default in Security & Privacy, Energy Saver, Print & Scan, Network, Sharing, Users & Groups, Parental Controls, Date & Time, Software Update, Time Machine, Startup Disk. The padlock icon is on the lower left and does not take a password to enable; but takes a password to disable.
 System Prederences

3. System Preferences: General

The following recommendations are obvious, but only a few are enabled by default verify the following are enabled. Require password immediately after sleep or screen saver begins. For all accounts on this computer:
  • Disable automatic login
  • Require an administrator password to access system preferences with lock icons
  • Automatically update safe downloads list'
  • Disable remote control infrared receiver. "This computer will not work with any remote" otherwise if a remote is used make sure it is paired ahead of time. (If it is left unchecked or unpaired any Apple remote will be able to control the Mac by default)
SecyritySecurity and Privacy

4. System Preferences: FileVault

Turn On Filevault
  • Save the recovery key (text or screenshot)
  • Enable Do not store the recovery key with Apple
  • Restart the Mac to begin the encryption process
  • Upon restart the background will now be gray and feel slightly different (reminding the user FileVault 2 is being used)
  • Returning to System Preferences on FileVault it will display the time remaining for encryption process to complete (depending on the hard disk size and contents the time to completion may vary - it is recommended to let this run overnight without disturbance)
FileVault

5. System Preferences: Firewall

Start the firewall (by default it is disabled) It is recommended to configuring the firewall in the following order:
  1. Enable Stealth Mode
  2. Disable Automatically allow signed software to receive incoming connections
  3. Block all incoming connections
Note this will allow the Mac to use the network 'normally' however will not allow potential attackers to detect or attack the Mac easily when compared if these features were left disabled.
  Firewall

6. System Preferences: Privacy

Naturally these settings are for the truly paranoid and in trade will not automatically allow applications or Apple have an understanding on the issues or whereabouts of the Mac.
  • Disable Location Services
  • Disable Send diagnostics & usage data to Apple

7. System Preferences: Desktop & Screen Saver

When not at the keyboard the screen should be lock. This is good practice for the security conscious. A simple method to lock the screen is to enable a hot corner where the mouse can be positioned to activate the screensaver in essence locking the screen. Choose a Screen Saver and Choose Hot Corners and select an Active Screen Corner Note: Another way to lock the screen using the mouse would be to open the Keychain Access app Preferences and enable Show keychain status in menu bar. This adds the Lock Screen feature and a padlock icon in the menu bar for easy access to lock the screen with the click of the mouse. Lock1Lock

8. Software Update

Now that the system is secured on the network Software Update is the next logical feature to run so that the Mac acquires the necessary security updates to the machine. Note: Prior to doing this it is recommend waiting for FileVault to complete the encryption process before downloading the updates (off the network). FileVault is known to be sensitive to disk activity during the encryption phase.  For the updates themselves It is always recommended to Show Details and review the items prompting to be installed; for the most part the user is safe but it can never be assumed. Install the new software available for the Mac. If it is necessary to choose priority due to bandwidth limitations select the Mac OS X Update Combined first as that has most of what is needed first. Note: If Software Updates downloads are giving issues they can be downloaded as dmg files from Apple's support site: http://support.apple.com/downloads/ Remember to run Software Update a few times to make sure that everything is updated. Sometimes after updates are downloaded and installed after restarting there are a few more. It is best practice to check and make sure to get the message "Your software is up to date". Software Update

9. System Preferences: Bluetooth

If Bluetooth isn't being used disable it by clearing the checkbox labeled On. If it needs to be used for the magic mouse or other bluetooth device and and doesn't require it to be set as Discoverable then also clear the checkbox labeled Discoverable; thus lessing potential attack vectors.

10. System Preferences: Sharing

Change the Mac's name - for best results give it a name that doesn't stand out to potential attackers by revealing a tasty target. Apple by default will give the computer name as the first user's first name and then the type of computer - i.e. 'Israel's Mac Mini'. For example to seem really uninteresting a name such as 'Tiger Powerbook' may discounted by an attacker as a crusty box be passed on for newer technologies.
 Sharing

11. System Preferences: Users & Groups

Make sure to only allow user to administer the computer if it makes sense; don't just do it by default - add parental controls if need be; however Apple's Parental Controls are simple and rather limited; most savvy individuals can bypass these tools. While here verify that all services are disabled by default, and be careful to enable anything - be sure to understand what type of risks it puts the Mac and ultimately the end-user in.

12. System Preferences: Date & Time

It may not seem like a big deal but the Mac is a precision machine that relies on date and time to make sure things are happening that are supposed to be happening. If there are new issues the first thing that should be checked is the date and time. Especially if it is password related; some systems won't tolerate an environment if it is more than 5 minutes off. By default Macs are synched to the apple time server time.apple.com. (as long as DNS hasn't be compromised along the way this should suffice)

13. System Preferences: Software Update

Verify that Check for updates weekly and download updates automatically are enabled. For the most part updates (especially security related) should be gotten and applied sooner than later.

14. System Preferences: Spotlight:Privacy

Some things don't need to be indexed and therefore should remain private. Not only does not indexing them speed the performance of spotlight. It also adds security by not storing the location of certain data. To do so indicate and add which locations shouldn't be searched.

15. Safari: Preferences:General

In Safari's General Preferences disable 'Open "safe" files after downloading. What Safari may think as safe; may not be. They will be downloaded to the Downloads folder where the user can open then and extract them as needed. General

16. Safari:Preferences: Autofill

Verify User names and passwords is set to disabled. Don't use this if the ramifications aren't clear.

17. Safari:Preferences: Security

By default all items are enabled; be sure to gloss over time and verify that's what is needed. Disabling one or more of these may alter the user's browsing experience. Security

18. Safari:Preferences: Privacy

Privacy is another pre-populated configuration that doesn't require manipulation unless it is necessary.

19. Safari:Preferences: Extensions

Extensions should be off unless extensions are being explicitly used. (available from extensions.apple.com)

20. Menubar: Wi-Fi

If Wireless connectivity is not being used it should be turned off to eliminate accidental connections and exposure to untrusted networks. Turn off WI-Fi

21. Post-boot

Unbeknownst to most Mac users Apple computers have a fantastic built-in feature that allows the physical machine to be locked down (with a password) from further tampering and/or unauthorized examination. For example booting up to optical media or alternate disk thus bypassing the built-in authentication mechanisms to gain access to the unencrypted contents of the hard disk ala the 'Evil Maid Attack'. To enable this feature boot to the Lion recovery partition (during startup hold the Command+R keys on Lion 10.7.3) and in the Mac OS X Utilities menu navigate to Utilities-> Firmware Password Utility to Turn On Firmware Password. [Note: do not forget this password as it will be quite difficult to gain access back into the machine through normal means, and may require consultation with the Apple Genius at added expenditure]

Securification

For additional configurations and actions about Apple Mac Security peruse through Apple's security guides http://www.apple.com/support/security/guides/ Users unaware of all the fantastic tool Mac OS X Lion comes with to further protect their data and privacy should be encouraged to consider setting a few if not all the aforementioned built-in security features. Doing so only takes a few moments of time. Hopefully in the future Apple will attempt to suggest enabling these security features automatically (and conveniently) during post-installation especially for new users via a simple security wizard. One key facet to security is preparation and to quote Benjamin Franklin: "By failing to prepare you are preparing to fail."

Online Resources Mentioned Herein:

Labels: , , , , ,
Tip of the Day News Mac Tips and Tricks Games ★★★★★ Tips+Tricks MacTips WebApps Tips + Tricks Widgets Downloads iPhoto Safari Tips Apple Free Apps Personal GarageBand iMovie Internet Utilities Multimedia Apple Downloads Pro Tip iWeb Dashboard iTunes Mac Dashcode iDVD DashboardClocks Support 10.8 Applications iLife News OSX Tutorials 10.7 Desktop Mac Tip of the Day AppleTV Dashboard Widgets Finder Firefox MacWidgets OS X Mountain Lion Tips and Tricks TopApps Videos 10.6 Keyboard Shortcuts iPad iPhone Mac 10.9 AirPlay Apps on Mac Dock Just Added Mac App Store MacApps MacNN OS X OS X Lion Softpedia Tricks Updates iCal iLife iLife Widgets iPhone Tips and Tricks FAQ Mail AppShopper.com AppleNews Application Tips Customizing Customizing Your Mac Dashboard Guidelines Developer Widgets Exposé Games Widgets Mac App Store - News Mac OS X 10.6 Mac OS X 10.8 Mountain Lion Mac101 MacNews MacUpdate Mac|Life OS X Daily Preview Snow Leopard Tips Terminal TextEdit Top10 Mac Tips VersionTracker Video Tutorials Windows iCloud iLife 11 iWork  Navigation Key Combos Mac 101 MacSupport OS X 10.8 Mountain Lion OS X Mavericks Search Widgets Security iDVD Widgets iPod 10 Keyboard Shortcuts for Text 9 to 5 Mac A A-Z Glossery - iPhone App ATMac Address Book App App Store - News AppShopper Apple Gazette Apple Keynotes Apple Matters Apple Pro Apple Support Tips Apple Updates AppleInsider Applelinks Apps A-Z Apps Apps Apps Apps on Mac - Dashboard Widget Asteroid Audio Automator B BindApple Blogs + Forums Widgets Business Widgets C Calculate + Convert Changing the background Check external devices Check spelling and grammar Clear Versions History + Auto-Save Cache Data Cult of Mac Cydia D Daily Tips and Tricks Dashboard - Tips+Tricks Dashboard Tips and Tricks Dashboard Widget DashboardCandy DashboardSearch DashboardWidgets.com Desktop Computers Developer Forum Developer News Developer Tips Development Tools Disable restored windows when re-opening specific apps Discussions Display a login banner Display a short message Display system stats Dual Boot OS X 10.7 Lion + OS X 10.8 Mountain Lion E Easy Mac Tips Email + Messaging Widgets Essential Expose Extract and Save Mac Application Icons F Find a MAC Address in Mac OS X Find iMessage Users + Contacts Folders Food Widgets Freeware G Get iTunes track notifications in your Dock Get quick information with widgets Google News H Hackint0sh Hacks Hongkiat How To How to disable the Java web plug-in I IT Industry Today Icons Icons + Screensavers Image Capture Information Widgets InsanelyMac Installation International Widgets J Just Added - iPhone Apps Just Added Downloads Just For Fun Widgets K Keynote Address L Launchpad for Mac OS X Snow Leopard Links Lion M Mac App Store - Business Mac App Store - Developer Tools Mac App Store - Education Mac App Store - Entertainment Mac App Store - Finance Mac App Store - Games Mac App Store - Graphics + Design Mac App Store - Health + Fitness Mac App Store - Lifestyle Mac App Store - Medical Mac App Store - Music Mac App Store - Photography Mac App Store - Productivity Mac App Store - Reference Mac App Store - Social Networking Mac App Store - Sports Mac App Store - Top 50 Mac Apps Mac App Store - Travel Mac App Store - Utilities Mac App Store - Video Mac App Store - Weather Mac Developer Tips Mac OS X Mac OS X 10.7 Lion Mac OS X Applications Mac OS X Things Mac OS X Tips Mac OS X Tips - News Mac OSX Hints Mac OSX Hints - News Mac Quick Tips Mac Tips Mac Tips Daily Mac Tips and Tricks - Desktop App Mac Tips and Tricks - Mac OS X Dashboard Widget Mac360 MacApp MacApper MacFixIt MacLion MacMusic MacOSXAudio.com MacRumors MacTech MacUpdate.com MacintoshOS.com Maciverse Macworld.com - iPhone App Reviews ManiacDev MobileMe News ModMyi.com Most Recent Movies + TV Widgets Music Widgets N Navigating + Selecting Text in Mac OS X Networking + Security Widgets New Application Tips New iPhone Apps News Widgets News on Mac Notification Center O OS X - FAQ OS X 10.7 OS X Basics OS X Mac Tips + Tricks OS X Mountain Lion - News OS X Snow Leopard OSX Basics Open source OpenDashboard P Pages Podcast Widgets Portable Computers Ports and Connectors Preferences Press Release Q R Radio + Podcasts Widgets Rampant Mac - iPhone Wallpapers Rename Files and Folders Restart an external device S SD and SDXC card slot FAQ Safari 5.1 Safari 6 Safari Videos Scheduled Startup and Shutdown Set Up Storage Devices Set up iCloud Shopping Widgets Simple Desks Snow Leopard Softonic - Mac Softonic.com Softpedia - Tips + Tricks Softpedia.com Stacks Staff picks Status Widgets Storage StorePreview Switch 101 Syncing with iTunes System Preferences T TUAW The Apple Blog The Apple Core The Mac Observer The Mac Screencast Guy The MacTips Podcast TheDashboard Time Machine Tools Top 10 Grossing Apps Top 25 Grossing Apps Top 50 Grossing Apps Top iTunes Tips Top10 Paid Apps Top10 Widgets Top50 Dashboard Widgets Translates Transportation Travel Widgets U Updating Useful iPhone Shortcuts Using iChat V W Wallpaper Want More Mac Tips ? Web Apps Webcam Widgets Widget Work X YouTube Videos Z ZDNet apple.stackexchange.com digg gSearch - iPhone App iChat iClarified iCloud + MobileMe iCloud News iCloud system requirements iDesign - iPhone Wallpaper iHackintosh iLife - iPhoto - iMovie - iWeb - GarageBand - iDVD iLife Discussions iLife Discussions - GarageBand iLife Discussions - iDVD iLife Discussions - iMovie iLife Discussions - iPhoto iLife Discussions - iTunes iLife Discussions - iWeb iLife Support iLife System Requirements iLife ’09 iMovie Widgets iOS 4 iOS Developer News iPad - News iPhone - News iPhone 4 iPhone App iPhone SDK iPhoto Widgets iPod - News iPod News iPod Tips and Tricks - iPhone App iPod touch iTunes - Latest Movie Trailers iTunes - News iTunes - Top News iTunes App Store iTunes App Store - All New Applications iTunes Keyboard Shortcuts iTunes News iTunes Plus FAQ macosxtips.co.uk switchtoamac.com thinkmac.net www.freemacware.com ...organise your mac 10 Quick Mac Tips 10.10 101 ASC Animation Slow-Mo Aperture Aperture Glossary Apple Support Communities Boot Camp Bored of your Mac? Collect RSS feed URLS from Mail Create Ringtones in iTunes Customise your desktop + screen saver Does your Mac qualify for free 10.8 upgrade? Download Download YouTube and Other Videos FTP FTP with Finder Finder Tips Gatekeeper Get Mac News Get More Mac and iOS Tips Get More Mac and iOS Tips... Get OS X Tips Get RSS Menu Extension for Safari 6 Get Windows Live Hotmail with Mail Get Yahoo Mail with Mail Get a Homepage - Mac OS X Style Glossary Google Hidden Features Hidden Features in OS X 10.8 Mountain Lion Hotmail Install Windows 8 on a Mac Mac 101 - Get One on One with your Mac... Mac OS X Dashboard Widget Mac Support Mac Tips and Tricks - Learn how to set up MacBasics MacHelp MacVideos News and Help Notification Center Tips OCD Friendly Volume Controls OS X 10.5 to 10.8 Upgrade OS X Features OS X Mavericks Tips OS X Mountain Lion Hompage OS X Mountain Lion Installation Guides OS X Tips Organize Your Dock Quick Define Quick Googling Quick Math RSS Remote Folder and Synchronization Remove Dock Icons in OS X Mountain Lion Reset specific parts of Safari ScreenCast Online Screenshots Search Search Google Search Mac Tips and Tricks Second Clipboard Security Tips Siri Siri Tips Snippets Speed Up Your Mac Stop Automatically Updates Summarize Text System Configuration Take advantage of Quick Look Taking Screenshots Text Tip Tips and Support Top Mac Tips Top Security Tips USB 3 devices on Mac - FAQ Use Smart Folders effectively Which Mac is Worth Your Investment? Widgets On Your Desktop Windows 8 Xcode Xcode Tips Yahoo YouTube iOS Support iPad Support iPhone Support iPod Support onemac.net onemac.org use and troubleshoot your Mac