Security: OS Hardening
After you started up your new computer with OS X, or after installing OS X, the computer led you through a processing of setting up your computer. You set up an Admin User, and selected a password. However, for everyday use you don’t need to run as an Admin User. A Standard account will do fine, and it is more secure.
a. Create a new Admin Account
Most likely you have already set up your account, and just as likely it's an admin account. What do you do? In Mac OS X, changing this is relatively easy. Let’s assume you have one account on your computer and it's an admin account. Here’s how you change it:
•Go to the Apple Menu > System Preferences> Accounts. Click on Accounts.
•Click the (+) under Login Options to add an account.
•Check the box to let that user "Allow User to administer this computer." You are temporarily creating a second admin account. Be sure you give it a good password and that you remember it! (More about passwords later, but just choose one now, you can change it later.)
•Log out by going to the Apple Menu and select Logout whoever at the very bottom of the list.
•Go back to System Preferences > Accounts, and find your original user.
•Uncheck the box for that account that allows it to administer the computer. You've now changed your regular account into a Standard user account and you've created a new admin account that you'll hardly ever use. That's the point: only use the admin account when you absolutely need to.
•Disable Automatic Login.
Make sure Automatic Login box is unchecked.
Instead choose to have the Name and Password box checked.
List of Users provides too much information and is not as secure.
b. Turn ON your Firewall!
•Go to System Preferences > Sharing.
•Open Sharing and Click on Firewall.
•Turn on Firewall
•Click on Advanced then click on Stealth mode.
c. Turn ON Automatic updates!
•Apple Menu > System Preferences > Software Update.
•Check the box so this runs, preferably DAILY, if your internet connection can handle it.
d. Turn OFF "Open 'Safe' Files After Downloading
The most recent security hole exploits the fact that many people leave this checked.
Go to Safari > Preferences, and on the General tab, uncheck "Open 'Safe' Files After Downloading box.
e. Block Pop-ups in Safari!
•Safari Menu > Block Pop-up Windows
f. Use Firefox
*Download Firefox
•Go to the Tools Menu and open Extensions.
•Download AdBlock. This feature gives you control over what sites will load and how often and how much you want to load.
g. Avoid using Internet Explorer. You have very little control over it, and it is less secure that either Safari or Firefox.
If you are UNIX savvy there are various other options available. If you are interested, check out the Corsaire White Papers linked below. However, this article is intended for the average user, for whom the above measures should provide a reasonably secure computing environment.
See also
White Papers on Securing Mac OS
Security: Maintenance
Security: Safe Practices
a. Create a new Admin Account
Most likely you have already set up your account, and just as likely it's an admin account. What do you do? In Mac OS X, changing this is relatively easy. Let’s assume you have one account on your computer and it's an admin account. Here’s how you change it:
•Go to the Apple Menu > System Preferences> Accounts. Click on Accounts.
•Click the (+) under Login Options to add an account.
•Check the box to let that user "Allow User to administer this computer." You are temporarily creating a second admin account. Be sure you give it a good password and that you remember it! (More about passwords later, but just choose one now, you can change it later.)
•Log out by going to the Apple Menu and select Logout whoever at the very bottom of the list.
•Go back to System Preferences > Accounts, and find your original user.
•Uncheck the box for that account that allows it to administer the computer. You've now changed your regular account into a Standard user account and you've created a new admin account that you'll hardly ever use. That's the point: only use the admin account when you absolutely need to.
•Disable Automatic Login.
Make sure Automatic Login box is unchecked.
Instead choose to have the Name and Password box checked.
List of Users provides too much information and is not as secure.
b. Turn ON your Firewall!
•Go to System Preferences > Sharing.
•Open Sharing and Click on Firewall.
•Turn on Firewall
•Click on Advanced then click on Stealth mode.
c. Turn ON Automatic updates!
•Apple Menu > System Preferences > Software Update.
•Check the box so this runs, preferably DAILY, if your internet connection can handle it.
d. Turn OFF "Open 'Safe' Files After Downloading
The most recent security hole exploits the fact that many people leave this checked.
Go to Safari > Preferences, and on the General tab, uncheck "Open 'Safe' Files After Downloading box.
e. Block Pop-ups in Safari!
•Safari Menu > Block Pop-up Windows
f. Use Firefox
*Download Firefox
•Go to the Tools Menu and open Extensions.
•Download AdBlock. This feature gives you control over what sites will load and how often and how much you want to load.
g. Avoid using Internet Explorer. You have very little control over it, and it is less secure that either Safari or Firefox.
If you are UNIX savvy there are various other options available. If you are interested, check out the Corsaire White Papers linked below. However, this article is intended for the average user, for whom the above measures should provide a reasonably secure computing environment.
See also
White Papers on Securing Mac OS
Security: Maintenance
Security: Safe Practices
0 Comments:
Post a Comment
<< Home