::*::Secure your Mac Guidelines.::*::

Junes issue of MacWorld featured how to secure your mac, this is probably more directed towards the paranoid but it did feature some excellent suggestions that everyone should at the very least consider!

Most of these are from Macworld themselves, anyone feel free to add to this guideline, maybe it'll be made a sticky.

Here they are!

1. Anti-Virus software. Yes, Macworld suggests that its a wise idea to at the very least think about it, granted Macs aren't exactly targeted for numerous reasons. If you are one of those people who like to do 'dangerous' things online, at least consider it. There are a few to take a look at such as VirusBarrier X4 or Nortons.

2. Never open e-mail attachments unless its from a trusted source! Even if its from a trusted source, make sure you know in advance they are sending it! Granted most of your e-mails will probably come from a windows user and depending on which program your using, it might be possible that it gets forwarded to people in your address book, but this is highly unlikely and the fact is that this will only happen if your using some windows software by some special software that can run them.

3. If something seems kinda 'funky' it's better to be safe than sorry, so avoid it!

4. Always install Apples Security UPDATES! This is important, yes Apple does release security updates when it has too! So make sure you make it a habit to check for updates or set it up automatically to do it for you!

5. Some of you might use microsoft office, I know I do but only for school. If someone sends you something that is an office only feature such as macros make sure you know what it does, and that it was supposed to be sent to you by the sender. Macros generally are something like the automator, it does tasks that repeat a lot for you.

6. This one I see in just about every publication for how to use mac, and its even included in Macworlds protecting your mac article. Setup a standard account, do not use the administrating account for daily use. So if something bad does happen to your computer, only your account will be affected, meaning only your files in your home directory. This effectively renders anything from attack the super important system files which standard users do not have permission to alter without an administrator password.

7. This one might be common for people who use windows, when you walk away from your computer lock it up! Make sure that anyone who gets on it cannot access your files, a simple screensaver password should do the trick! Now they could restart your computer and get access if you have automatic login enabled, if you do turn this off for safety. If your mac stays home and only you use it, you can probably ignore this one.

8. This one is from my Missing OS X Tiger manual. Set a password for your keychain, yes you can do this. This is probably best for families because sometimes you might forget to logout of your account and a family member gets on and is to lazy to switch to their own account. Your keychain will automatically fill in any website you commoningly visit, you can also set your keychain to lock itself after a set time of inactivity.
( You can change your keychain stuff under accounts in system preferences)

9. Turn on your default mac firewall, it's great built-in firewall, you can disable this if your router already has a firewall built into it, even if someone gets pass that your mac is set on default to ignore any connection attempts. Its popular amoung windows people that macs have SSH enabled by default, in fact it does not only the OS X server does. Remember even if you turn on SSH, people can get in!

10. You can use filevault to secure your home directory, it will encrypt all of its information, your filevault will unencrypt this information once you log into your account, make sure you remember this password! You can also set a master filevault password that can access any accounts filevault.

11. Many of us here have Apples new notebooks, turn on your wireless security such as WEP or WPA, preferably WPA if your router supports it. WEP can be cracked in a matter of minutes.

Even better security? This is my own personal recommendation. Just about every wireless router comes with a MAC address feature (MAC being different from Mac computers) it should be located under your wireless settings and simply put in your wireless cards MAC address, this address can be found in a number of places, one it should be found under Network in System preferences when you select your airport card, its a weird looking address but write it down and put it into your settings on your wireless. Second place is on your box that your notebook came in. Some wireless routers have it setup where it requires the MAC address of everything connected to it, even the ethernets, some like my Netgear its only for your wireless cards.

So what does this do? Well only wireless cards/network cards that have this MAC address can connect! Anything else will be refused. Oh yes, PLEASE change your admin password on your router if you have not yet!

12. Do regular backups of your files, this again follows the idea of it's better being safe than sorry, make it either a weekly backup or monthly whatever you want, you can choose what to backup and what media you want to use to backup.

13. Surf the net? Safari features private surfing which does not collect any cookies, history information...in matter of fact it collects nothing of your internet visit anywhere! this is perfect way to prevent other prying eyes from looking at what you look at!

Anyone else want to add something feel free to post something! The more the better!

Update::

I realized I probably should of added this guideline to cashs thread, but I didn't think about it.

Go here http://forum.notebookreview.com/showthread.php?p=1471283&posted=1#post1471283 for more tips as well!

 

Nice guide, but I'd like to add the following:
-AntiVirus Software are only good to protect you against known vectors. It won't protect you against a new, unknown, or handcrafted virus/trojan. Given that OS X malware is quite rare, I would say that antivirus software for Mac would be less than ideally efficient (note that I am not saying they are unneeded, YMMV).
-MAC Adresses can be spoofed easily by a determined attacker. It does provides an additional layer of protection, though.
-One very important thing that is not mentioned: choose a difficult password and change it occasionaly. Security is as good as the weakest link, and if you have a weak password that is either vulnerable to brute force or dictionary attacks, all caring in the world won't help you. What exactly is a secure password may be debatable, but I would enlist:
1) mix of numbers, special chars, lower and upper case letters;
2) not something that can be guessed (i.e., personal data);
3) big in lenght;
4) easily remembered (by you).

OS X has some helpers that will help you choose a somewhat good password. As rule of thumb I would pick a phrase that you can easily remember and then change it somehow:
Original phrase: I like apple computers.
Passphrase: I_ DOn LLyk# AP_plE c*mpOOtehRs
Or something like that, you got the idea. A passphrase like that is not either vulnerable to brute force atacks in any reasonable time, and is not also vulnerable to dictionary attacks (unless you happen to write like that).

 

Thanks.

I just wanted to give this a bump here, as we have a few new members who have gotten their macbooks/mbp or are waiting for them.

All these suggestions above are meant to further improve on OS X's already wonderful security.

 

This really helps me because I was going to make a topic on how to secure my MacBook from the FEW viruses out there, and ask what firewall I should get but I didnt know there was a good built in firewall, this really helped thanks!

 

great post thanks

 

Two things, Bumb, because this is a good thread to keep bumbed.

And 2. To access the Firewall inside of the OS click the Apple in the upper left corner and there is an option there under Network. Its nice to keep this firewall on because its not a bad firewall at all and it doesnt ever hurt to keep more protection on.

 

Ah, I know this is a bit late... but for wireless, tell it to not broadcast the SSID and please change the SSID to someting other than "linksys" or whatever it's default is. And change any default passwords the router has setup.

Oh yeah, if you have a good router (like the Linksys WRT54GL) then you can in some cases (have to put different software on the WRT54GL) change the broadcast distance of the wireless. If you can change it, make it as low as possible.

 

I do agree, change the default SSID, and router password, but I disagree with not broadcasting the SSID. It can hinder performance and offers no real security advantage. It is trivial to see an SSID even if it is not broadcast, and it can cause your computer to lose the connection more often.

 

Hrm, i've never had that issue w/ the 6 or so different laptops we've used on our router. I'm not sure how easy it is to see a non broadcasted SSID. I'd still recommend it, and hey, if you have problems you can always set it back to broadcasting.