UsingMac.com

Mac Tricks and Tips, Wallpapers and Applications for Mac Users

10 Most Essential Things for Securing Your Mac

Advertisements

Now it's the time to secure your Mac from either data thieves or network hackers. These are the basic settings you can make to secure your Mac:

Securing Accounts

There are several things to be aware of when you're choosing options for your login items, such as disabling automatic login or hiding available usernames.

Here is the complete steps to secure your login:

  1. Go to Apple ▸ System Preferences inside Accounts
  2. Click on the Lock to make changes
  3. Choose Login Options
  4. Disable automatic login, so strangers will require password to access into your Mac
  5. Hide list of users by choosing Display login window as Name and password. So even though some data thieves can lure you away from your Mac, they won't get any hints to enter your account
  6. Don't show Restart, Sleep, and Shut Down buttons
  7. Don't give Password Hints. I believe you will remember your password

Mac Security

Securing Sleeping Mac

If you have used your Mac for quite a long time, you'd prefer let your Mac sleep rather than shut it down when you're away. This is when securing sleeping Mac becomes essential. So you will need to set your Mac to ask for password whenever someone wakes your Mac up.

Here is how to set it:

  1. Go to Apple ▸ System Preferences under Security pane
  2. Click on General section
  3. Enable password prompt to wake computer from sleep or screen saver, which is done by ticking the first checkbox
  4. You can also enable automatic log out after several minutes you away from your Mac by ticking the checkbox labelled Log out after x minutes of inactivity

Mac Security

Securing Keychain Access

Keychain login password is set by default the same as your account login password. So if somehow someone knows your password, that person will also know all passwords for your entire application, either it's IM or even your Mail.

Don't let this happen. The only way out is by differentiating your keychain and your Mac password. Here is how to do it:

  1. Go inside Finder: Applications ▸ Utilities
  2. Open Keychain Access
  3. Choose Keychain Access: Edit ▸ Change Password for Keychain Login
  4. Fill in all the requirements field. The good thing here is, you can see your password strength when entering new keychain login password
  5. Confirm your changes and try not to forget your new password

But of course, the better solution is not to let strangers know your login password.

Mac Security

Don't Give Permission Easily

Before doing any changes to your Mac, your Mac will prompt a login window asking for your password. This is meant to give your more control over your account.

If you got window prompted asking your password out of the blue, don't give it out if you don't really know what's happening. Maybe it's a malware..

Keep Your Mac Up To Date

Most of the time, Apple will release patches for potential security issues. So make sure you check for updates daily. Or, you can have your Mac to check it daily for you:

  1. Go to Apple ▸ System Preferences..
  2. Choose Software Update pane
  3. Click on Scheduled Check section
  4. Enable check for updates and enable download important updates automatically
  5. Select Daily checking for updates

Mac Security

There is something you need to take note, if there exists new version of your Mac OS X in Software Update List, make sure you check on forums to see whether any issues encountered during updating.

Controlling Screen Sharing

In Leopard, you can do screen sharing. This is a mixed blessing: You can share your screen as you want but also strangers can access and control your screen.

So you need to handle screen sharing permission: only to enable it with your permission. How to do it?

  1. Go to Apple ▸ Preferences..
  2. Choose Sharing
  3. Click on Screen Sharing
  4. Near the notification Screen Sharing: On, you will see Computer Settings.. button. Pop up menu will appear when you clicked on it
  5. Disable allowance for VNC viewers with password while enabling anyone may request permission. This way, in order to control your screen, everyone should get your permission first

Mac Security

Building Strong Firewall

Firewall is turned on by your Mac default setting. But for the sake of completeness, maybe you are interested in applying Stealth Mode for your Mac: To make your Mac hidden beneath the wall.

  1. Open to System Preferences: Apple ▸ Preferences..
  2. Choose Security and Go to Firewall section
  3. Allow only essential services by choosing the second radio button
  4. Click on Advanced.. button to reveal pop-up menu
  5. Enable Stealth Mode where your Mac will give no response unexpected traffic source

Mac Security

Backup Often

The easiest way to make backup is by using feature introduced by Leopard: Time Machine. After setting backup drive for the first time, your Mac will automatically do the backup for you.

Mac Security

But if you choose to backup manually, you can use Carbon Copy Cloner and/or Super Duper as discussed in my earlier post: Make Mac Backup.

Encrypting Sensitive Data with FileVault

If your data can do harm to your business, you should consider turning on FileVault. With FileVault, your Home folder will be encrypted so that unauthorized users can't access those data.

So even though your Mac is stolen, the thieves cannot access your files. But be careful, if you lost your login password and master password, your data will be lost forever (as shown in the warning).

Mac Security

To turn on FileVault:

  1. Open System Preferences
  2. Go to Security Preferences Pane and choose FileVault section
  3. Set Master Password first
  4. Turn On FileVault. It will take a while to turn on your FileVault and keep in mind that you need harddisk free space as big as your Home folder size for temporary use while encrypting data
  5. You will be logged out during encryption process

Visiting UsingMac.com Often

It's obvious, right?

One last thing, currently we got no virus on Mac, but who knows that someday some malevolent enterprises will create one. So my advise, keep up to date, especially on security issues, and stay low profile.

Categories: Popular, Utilities
Tags: Account, Essential, FileVault, Mac, Security

Subscribe to RSS Leave a Comment (13)

Related Entries

Some articles taken from our resource base, tightly related to current article, to empower you with more knowledge on tweaking the most out of your Mac.

13 Comments

David 

Love the last tip

Mac tips 

Great list of tips! By default the Mac is pretty secure from external threats like viruses and trojans, but it's always a good idea to implement some simple things to help protect your Mac. I reproduced my favorite two tips (Requiring login on boot and on system wake) and linked back to this list from a blog post I just wrote. 

Good stuff!
- Bill Ellis

MAC Lovers 

Great Tips. Especially Securing Sleeping MAC.
Thanks.

Hamble 

Good tips – but I'd just like to emphasise the importance of enabling FileVault or similar encryption software to protect the most sensitive data on your hard disk, as it is very easy to get at all unencrypted data on a Mac laptop using Target Disk mode on startup from another computer. While there is a way of disabling Target Disk mode, even this isn't foolproof to anyone who knows what they're doing and is determined enough. Strong encryption is the only surefire way of keeping data safe from everyone but super-computer owners with a lot of time on their hands.

Sebastian Lewis 

NO!  Don't enable VileFault!  Seriously, this thing is a hassle, every time you shut down you have to reclaim space, it continues to eat up space, it slows down your Mac, and it encrypts your data with the same password that you use to login, so if someone has that, they have your data anyway.  All it does is move your ~ folder to an encrypted DMG, if you do have really sensitive data, then create an encrypted DMG yourself in Disk Utility, give it a different password than your login password, and move the data into that.  This has the added benefit of being portable, you can use 256 bit AES encryption (if I remember correctly VileFault only uses 128 bit AES) that is not the same as your login password, and it can have a file hierarchy that's entirely separate from your "main" file hierarchy.

Sebastian

butterworm 

adding to the case against filevault - encryption and decryption are performed on the fly, while you use the computer, so unless you have a super cool mac pro with heaps of ram on board, your computer will be significantly slower with filevault enabled.

also, when you empty the trash, you have to log out, and then wait for a while, while mac os x recovers the unused portion of the hard drive.

as if that weren't enough, every time the trash is emptied, it is securely emptied, unless you specifically tell the computer otherwise on a case by cases basis. secure empty trash is secure, but is very slooow.

i was told by an apple rep that the reason filevault exists is because it is a requirement of apple's supply contract with the US military, which is fair enough. my two cents - unless you have military level data that would bring companies or governents down if made public, filevault is not for you. the cons far outweigh the pros. there are better solutions for most users.

Dragracer 

that's a gud one.

Sish 

Password protection  for Sleep would be great if it wasn't linked to Screensaver. So love having to password in every 10 mins or so.

leo 

One thing I find essential to enable is displaying the Keychain Access icon in the Menu Bar.  This lets you lock your screen without having to sleep - I use it all the time when I leave my Macbook on my desk at work.  It'll also let you globally lock and unlock the keychain very easily. 

To enable it, follow the directions above to get into the Keychain Access utility. 

Go into Keychain Access, Preferences, and select "Show Status in Menu Bar"

Titanick 

Whoa!! What a man, leo!! I always used to lock my screen temporally by 1) open System Preference. 2) go to Security. 3) check the box "require password to wake...". 4) move the arrow to lower left corner (to active screensaver). They're all 4 steps while you only use 1!! Damn!! If I know this sooner!! Oh hey, thank you very much leo. You're the man!

Zomg 

Awesome, loved the tips!

Tomge 

These are all good things but as long as you don't change the firmware password off your apple then everyone can change your passord by just using the install dvd and choosing reset paswoord utility. Indeed people it's so easy. Change the firmware password and use al these stuff and you are better protected even when they steal your computer.

Do all the above things, document your password and please don't save it at this computer but keep it somewhere else, like your phone, diary, paper, ...;-) and use the firmware password.

Sonja Tauks 

To keep you mac secure I would recommend - Rohos Logon Key for Mac - two-factor authentication solution that allows secure Mac login, keychain access and desktop unlock with a USB key - http://rohos.com/products/rohos-logon-key-for-mac/

Leave a Comment