30 Simple Steps to Secure Your Mac OS X Leopard

Share
Tuesday, March 3, 2009 at 4:50am | Edit Note | Delete
30 Simple Steps to Secure Your Mac

1. File Sharing - Make sure you're not unwittingly ''sharing'' your files

- System Preferences > Sharing

A. Click on "DVD or CD Sharing," so that it is highlighted

i. Briefly select "On" and then select "Ask me before allowing others to use my
DVD drive"
ii. Now, Deselect "On" for DVD or CD Sharing
B. Click on "Screen Sharing"
i. Move your mouse pointer to the right to "Allow access for:" and select "Only
these users:"
ii. Click on each users name in the dialog box and then click the "-" sign,
immediately beneath
C. Click on "File Sharing"
i. Move your mouse pointer to the second dialog box to the right: "Users"
ii. Click on each users name and then click the "-" sign; do this until there are
no users left. There shouldn't be too many to begin with.
iii. Move your mouse to the left one dialog box to the dialog box entitled "Shared
Folders"
iv. Click on each shared folder and then click the "-" sign, removing access to
the folder in question; do this for each shared folder. Again, there shouldn't be
too many listed.
D. Click on "Remote Login"
i. Move your mouse to the right again to the adjacent dialog box entitled "Allow
access for:"
ii. Click on each listed user and click the "-" sign; do this for each listed user
until the box is empty.
E. Click on "Remote Management"
i. Perform steps identical to "E", the step immediately above this step.
F. Click on "Remote Apple Events"
i. Perform steps identical to "E", again.
G. Click on "Bluetooth Sharing"
i. Move your mouse to the right and deselect the drop-down dialog box options for
"When receiving items:" and choose "Never Allow"
ii. Immediately below, select "Require pairing"
iii. Move your mouse down to the option "When other devices browse:" depress the
drop-down dialog box of options and again choose "Never Allow"
H. Now, move your mouse to the left, and deselect "On" for each offered service -
both those you adjusted and those you didn't adjust. Make sure they are all turned
off.

2. Bluetooth - Make sure your Bluetooth isn't on and that it's not broadcasting.

- System Preferences > Bluetooth

A. Deselect ''Discoverable''
B. Deselect ''On"
C. Deselect ''Show status in menu bar''
- System Preferences > Bluetooth > Advanced
A. Deselect "Bluetooth-PDA-Sync"
3. Security - Make sure your basic settings don't allow for unexpected local or
remote login and also that your firewall is turned on securely.

- System Preferences > Security

A. Depress the "General" button in the row of choices.

i. Move your mouse down about 2 inches (this distance is dependent on the size of
your monitor: mine is 15". If your monitor is larger, the distance will be
greater) and select "Disable remote control infrared receiver"
ii. Select "Use secure virtual memory" - each of the following choices is located
immediately above the former choice.
iii. Select "Require password to unlock each System Preferences pane"
iv. Select "Disable automatic login"
v. Select "Require password to wake this computer from sleep or screen saver"
B. Depress "FileVault" - top row - where you started
i. Move your mouse to the lower of the two options and depress "Turn on FileVault"
ii. You will be prompted to create a master password by a drop-down dialog box.
iii. You will see a small icon with a key in it. This icon will be located to the
immediate right of the password entry dialog.
iv. Depress the key and a second dialog box entitled "Password Assistant" will
appear.
v. Depress "Type", the uppermost dialog of choices, and select "Random"
vi. Write this password down on a piece of paper and place it somewhere that is
both memorable and safe.
vi. Type this password into the lower of the two entry dialogs - there are only
two and your point-of-entry is located under the first - hit enter.
vii. A new and larger dialog box will appear and prompt you to make sure you want
to proceed. Select use "secure sleep memory", and then hit "OK". You will be
logged out. Log back in.
C. Return to System Preferences > Security > Firewall
i. There are three primary selections available on this dialog. Chose the second
or middle: "Allow only essential services"
ii. Move your mouse to the lower, bottom right corner and depress "Advanced"
iii. A new dialog box will appear. Select both of the two options: 1) "Enable
Firewall Logging ; & 2) "Enable Stealth Mode". Click "OK".
4. Energy Saver - Make sure your computer's on/off state can't be remotely
triggered

- System Preferences > Energy Saver > Power Adapter

A. There are two selectable choices across the open dialog box. Select the option
on the right: "Power Adapter"
B. The uppermost selection is Graphics. Select "Higher performance".
C. Move your mouse downward about 2 inches and deselect both: 1) "Wake for
Ethernet network administrator access"; & 2) "Restart automatically after a power
failure".
D. Move your mouse downward again. This time about an inch to select "Show battery
status in the menu bar".

5. Accounts - Make sure you deactivate the "Guest Account", create a more secure
Standard user account for yourself (you'll then have 2), and secure the login
process

- System Preferences > Accounts >

A. Click on "Guest Account" in the leftmost pane. This panes heading reads "My
Account".
B. There are 3 choices. Make sure they are each deselected: 1) "Allow guests to
log into this computer"; 2) "Enable Parental Controls"; & 3) "Allow guests to
connect to shared folders"
C. Located at the bottom of your Accounts dialog box, in the lower leftmost
corner, you will see a selectable rectangular dialog button with a little house
icon on it. Depress this "Login Options" button.
D. The primary pane will change and you will be presented with more choices i.
Starting from the top, option: "Automatic login:" set this to "Disabled"
ii. Move your mouse to the option immediately below. It is labelled "Display login
window as:"
iii. Depress "Name and password"
iv. Deselect each of the 5 remaining options so that not one is enabled:
a. "Show the Restart, Sleep, and Shut Down buttons
b. "Show Input menu in login window
c. "Show passwords hints"
d. "Use VoiceOver at login window"
e. "Enable fast user switching"
E. Move your mouse to the lower left corner again and click the "+" button to
create an additional account - a "Standard" user account
i. A drop-down dialog box will again appear. You will see 6 labeled parameters.
The uppermost will read "New Account"
ii. Depress the selection dialog to the immediate right of the New Account label
and chose "Standard"
iii. Enter names in the spaces reserved for "Name" and "Short Name"
iv. For "Password:", depress the key icon and bring up the "Password Assistant".
Follow the steps you took above at 3.B.v.
v. Leave "Password Hint:" blank
vi. Lastly, select "Turn on FileVault" for this account

6. Keyboard & Mouse - Prevent Bluetooth devices from Waking the computer

- System Preferences > Keyboard & Mouse

A. There is a row of selectable icons across the top of "Keyboard & Mouse" dialog
box. Select the middle button: "Bluetooth"
B. Move your mouse downward about 4 inches and deselect "Allow Bluetooth devices
to wake this computer"

7. CDs & DVDs - Prevent users from loading unauthorized media on your computer via
your optical drive

- System Preferences > CDs & DVDs

A. Set each of the following to "Ignore". You will still see an icon on your
desktop for DVDs and CDs inserted into your drive, as always. However, a Finder
window will not appear and code won't be auto-run.

8. Eposé - Prevent users from deactivating your screen saver without entering your
password

- System Preferences > Eposé & Spaces

A. This dialog box has two stacked sections. The uppermost allows you to set an
option that will produce a result when you move your mouse pointer to the
specified corner.
B. Make sure not one of the four selections is set to "Disable Screen Saver"

9. Sound - Ensure your microphone doesn't capture unintended sound

- System Preferences > Sound > Input

A. Depress "Input" and in the top of the resultant dialog box you will see the
heading "Choose a device for sound input"
B. Depress "Internal microphone" and reduce the "Input volume" to as low as
possible; move the slider all the way to the left.
C. Depress "Line In", located immediately below, follow the steps you just took in
step B; move the slider all the way to the left.

10. QuickTime - Take control of QuickTime so that it does not auto-run potentially
bad code or store it in your system's cache memory

- System Preferences > QuickTime

A. On the top of this system pane, you'll see a row of buttons. Depress "Browser"
and deselect "Play movies automatically" and "Save movies in disk cache"
B. Now depress streaming, located two cells to the right of "Browser", and
deselect "Enable Instant-On"

11. Network - Turn unused network protocols to "Inactive"

- System Preferences > Network

A. There are two panes in the Network dialog box. In the left pane you will see
"Bluetooth", "Ethernet", "AirPort", and "FireWire".
B. Click on FireWire and then move the mouse downward about 2 inches to the small
wheel icon above the padlock and to the right of the "+" and "-" signs.
C. A drop-down dialog box will appear. Select "Make Service Inactive"
D. Do the same for Bluetooth.
E. Usually, you will use either Ethernet or AirPort to access the Internet. To be
safe, only enable the services you will use and disable them when not in use.

12. Speech - Ensure no one can give your computer commands via its voice
recognition capabilities

- System Preferences > Speech

A. In this dialog box there are two panes, one within the other.
B. In the top row of the inner pane, there are two buttons: 1) "Settings"; & 2)
"Commands". Depress Settings and set "Microphone:" to "Line In".
C. Set "Listening Method:" to "Listen only while key is pressed.
D. Now, once again return to the top row of the inner pane and depress "Commands"
E. You will see a small dialog box appear within the smaller of the two dialog
boxes before you. Deselect each "command set." so that not one is left on.

13. Universal Access - Ensure access is not enabled for foreign and unauthorized
devices

- System Preferences > Universal Access

A. Select the bottom option "Show Universal Access status in the menu bar". This
icon will visibly darken to bring any unauthorized connectivity to your attention.
B. Deselect "Enable access for assistive devices"
C. The top row of this pane shows 4 buttons. The first button, on the leftmost
side, is "Seeing". Click this and ensure "VoiceOver:" and "Zoom:" are set to
"Off."
D. Click the "Keyboard" button, located second from the right and ensure that
"Sticky Keys:" and "Slow Keys:" are set to "Off"
E. Select "Mouse & Trackpad" and ensure the uppermost option, "Mouse Keys:", is
set to "Off."

14. Finder - Ensure that you are are deleting files securely, not just removing
file names from the directory tree, and that you are aware of any connected
servers

- Dock > Finder

A. Ensure that you see "Finder" in the uppermost left corner, to the immediate
right of the small apple icon.
B. Click "Finder" so that the appropriate drop-down menu appears. Move down to
increments to select "Preferences..."
C. A dialog box will appear. Click "General". Select "Connected servers" under
"Show these items on the Desktop:"
D. Click "Sidebar" and ensure that every icon/option is selected. The objective is
to bring to light any and all networked devices.
E. Click "Advanced" and make sure that the top four options are selected,
specifically "Empty Trash securely" and "Show all file extensions"