Securing Mac PC’s
Posted by cotojo on September 27, 2007
Macs are much more secure than Windows systems. In addition to having most unnecessary services disabled by default, Macs face very little threat from viruses, spyware, adware, and other malware, but this does not mean that Macs are immune from security threats though.
Apple computers need good security practice to remain secure just as Windows systems do. By configuring user accounts, assigning proper permissions, complex passwords, regularly updating Mac OS X and installed applications, ensuring the Mac’s built-in firewall is properly configured, and by following other steps reviewed here, users can help ensure they have taken steps to protect their systems from unwanted breaches.
Antivirus and antispyware options
Spyware on the Mac platform, however, is basically not an issue. Unlike the Windows OS, which is sometimes crippled by the never-ending onslaught, Macs are relatively immune from the threat. However, there are very few utilities exist to protect Macs from unwanted software and malware. Such offerings include SmithMicro Software’s Internet Cleanup and SecureMac.com Inc.’s MacScan.
Security efforts on the Mac, therefore, quickly turn to focusing on user account security. Once user accounts have been implemented and separate, complex passwords assigned to both user and local administrator accounts, users can take several steps to help ensure Mac OS X systems remain secure.
Keeping systems current with the latest security updates and patches is a necessity. The Mac’s Software Update feature is the equivalent of Windows Update. By configuring Software Update to automatically download and apply security updates, users can keep systems current and help protect Mac OS X from unwanted breaches.
To configure Software Update, users should follow these steps on Mac OS X version 10.4 systems:Open System Preferences. Double-click Software Update within the System section. Press the Update Software tab. Select the Check For Updates box.
Specify how often the Mac system should check for updates (options include Daily, Weekly, and Monthly). Weekly updates should be sufficient for most users.
If you want to review downloads before they install you should check the Download Important Updates In The Background box. When the box is checked, the Mac will notify you that important software updates have been downloaded and are awaiting installation.
If you want to review which software updates have been loaded you can check the Software Update’s Installed Updates tab. A window will appear listing installed updates, for which version number information also appears.
You can check for new updates at any time by pressing the Software Update’s Check Now button.
In addition to ensuring Mac OS X remains up-to-date with the latest security patches and fixes, you should ensure that all installed applications remain current. For example, a number of Mac programs connect the Internet and other resources. Those programs must remain secure with the latest security patches. By regularly updating Web browsers, office applications, utilities, antivirus programs, and other software, users can help prevent common causes of system breaches.
It is essential to familiarize yourself with the Mac OS X IP Firewall, known as IPFW. The built-in firewall offers a powerful tool for protecting against unwanted network access.
To enable Mac’s IP Firewall and reduce network threats, follow these steps:
Open System Preferences.
Double-click the Sharing option within the Internet & Network section.
Select the Firewall tab.
Press the padlock icon and enter an account username administrator password and press OK.
Ensure the firewall is enabled (press the Start button if the firewall is stopped).
Disable as many of the incoming network services as is practical within your operating environment.
To disable services (for which default options include Personal File Sharing, Windows Sharing, Personal Web Sharing, Remote Login — SSH, FTP Access, Apple Remote Desktop, Remote Apple Events, Printer Sharing, iChat Bonjour, iTunes Music Sharing, iPhoto Bonjour Sharing, Network Time and CVS), simply uncheck the respective checkbox. You can add new services using the supplied New button.
When enabling new incoming services, you must specify a port name – options include ICQ, IRC, Timbuktu, VNC, and Other – TCP port number, UDP port number, and a description.
Under Advanced Options you can choose to block all UDP traffic, enable firewall logging and trigger Stealth Mode. In Stealth Mode, uninvited traffic receives no response from the Mac system, which increases security by preventing the Mac from automatically responding to even simple attempts to learn whether it is online.
To ensure Mac data remains secure you can take advantage of Apple’s FileVault feature, which is particularly important on laptops used by mobile users. FileVault automatically encrypts all the data within each user’s Home folder. Without knowing a user’s password, the 128-bit encryption makes it much more difficult for another user or hacker to access another Mac user’s files.
To enable FileVault, follow these steps:
Open System Preferences.
Double-click the Security icon within the Personal section.
Select Turn On FileVault (you’ll be prompted to set a Master Password for the system if one hasn’t already been assigned).
The Mac will present a warning message stating that files will be encrypted. Users must enter the administrator password to proceed. Once the password has been entered the Mac begins to encrypt the user’s Home Folder. This process can take some time depending upon the number and size of files stored within the Home Folder.
When complete, the Mac will present the login Window. You can then log back in to the Mac system and will find the Home Folder contents are now encrypted, as shown by a FileVault icon on the user’s login window.
Secure virtual memory
Virtual memory is the data the Mac stores on the hard drive when operations exceed available RAM.
By enabling Secure Virtual Memory you can prevent hackers from accessing information including passwords etc. from a user’s live swap file. While it sounds unlikely, the increase of unencrypted Wi-Fi hotspots has increased the chances of such a breach.
To enable Secure Virtual Memory, follow these steps:
Open System Preferences.
Double-click the Security icon from within the Personal section.
Press on the padlock to enable changes.
Supply a username and administrator password.
Check the box for Use Secure Virtual Memory.
Mac users can also take further steps to help secure their system. In addition to disabling automatic login (the checkbox is accessed using the Security applet within System Preferences), you should disable fast user switching (accessed from the Accounts applet in System Preferences). When using new Macs, care should be taken to leave the UNIX-powered machine’s root account off.
To disable the root user account (if enabled), follow these steps:
Open the Mac’s Finder application.
Navigate to the Applications folder.
Open the Utilities folder.
Open NetInfo Manager.
Select Security from the top menu bar and select Authenticate.
Enter a username and administrator password and press OK.
Highlight Security from the menu bar.
Select Disable Root User.