The MacValley blog

 

Welcome to the MacValley blog, your first stop for all the latest MacValley news and views.

 

Tom Briant

The MacValley blog

Editor: Tom Briant

 

Click here to email Tom

Click here for Tom's profile

 

 

To search the blog posts please use the box below

Thursday, April 12, 2012

Six Tips for Enhanced Mac Security

Hi Everyone:

This is the draft script I used for my April 2012 presentation on Mac security. You will also find a video in Mac .mov format showing the Powerpoint slides I showed during the presentation

If you want the full presentation in Powerpoint .ppt format, go here to our Meetup page.

Here is the script:


How to Add Security to Your New Mac (or old Mac) in Six Easy Steps.

Hello, I’m Tom Briant, editor of the Voice. Nils Jakobsen won’t be joining us tonight. He got a new job in San Francisco. So, I’m his replacement for tonight.

To begin with, let’s look at a stock MacBook Air that someone just took out of the box and set up. When they press on the power button, it comes to life immediately. Their desktop is ready to go. They don’t share this machine with anyone else. It’s their machine exclusively. When the screensaver comes on, they just press the Enter key to return to the Desktop. Their home Wi-Fi network consists of their MacBook and the wireless router from AT&T U-Verse. They surf the Net and read their e-mail from this one account. Their administrative password is their mother’s name. All is seemingly well.

So what’s wrong here?

Anyone who wants to use that machine just has to press the Power button to reach the Desktop.  It doesn’t matter whether the owner wants them to or not.

If a message comes on that a program wants to be installed, they only have to Press “Yes” to install it. Malware could creep in due to carelessness.

The screensaver doesn’t demand a password to return to the Desktop. If they leave the laptop in plain view, anyone can get into it with just a tap.

At least their home network has security. AT&T put a password on the router in order to use it. If your router doesn’t require a password, install one! You don’t want to share your Wi-Fi with other people you don’t know.

Don’t surf the net and read e-mail from an administrative account! Most malware depends on the owner having not upgraded from the 1 original administrative account they set up in the euphoria of opening the box. If malware hits a standard account without administrative privileges, it’s stymied.

If a hacker wants to attack your computer, they’ll try every word in the dictionary as your password. Don’t make it easy for them by using a common word as a password. Honor Mom by putting her picture up as wallpaper on your Desktop instead.

So, what can you do to harden your Mac against attack?

First, turn off automatic log-in. Go to System Preferences and select the Security & Privacy preference pane.

Now click on the padlock icon in the lower left-hand corner of the preference pane. You’ll be prompted for an administrator password-your Mom’s name-to make changes.

Disable automatic login for all accounts on this computer.

Require an administrator password to make changes in system preferences with lock icons.

Log out after a specified period of inactivity.

Change the login window to show fields for the user name and the password.

Second, Require password as soon as possible after sleep or screensaver begins.

Third, stop using that original administrative account to surf the net or read e-mail. You’re most vulnerable when doing those activities.

You may think that you have to set up a new standard account and enter all your serial numbers for your software. You may not know where you put those licenses. What are you going to do?

Here’s what to do. Set up a second administrative account with a secure password.  For a minute, you’ll have two administrative accounts. Then you will go into Users & Groups (or Accounts in previous OS X versions) to change your old administrative account into a standard one.

You’ll still have your data intact. You won’t need to enter license information that you can’t put your hands just yet.  You just won’t be able to install software from that account so easily. And that’s a good thing.

Fourth, change your passwords regularly.

Fifth, harden your Wi-Fi router. Don’t use an unsecured router. If you want to share Wi-Fi with someone, give him or her the password and tell him or her not to spread it around.

At least two men with unsecured Wi-Fi routers have been arrested on child pornography charges by the Feds. It took them some time to convince the government they weren’t total criminal slime. They could have avoided the problem by password protecting their Wi-Fi routers. It turns out their neighbors borrowed some bandwidth to download child porn.

Sixth, tell Safari not to open “safe” downloads. There are no safe downloads. You have to look at them first.

Go into Safari’s preferences and uncheck that preference.

Along with that, you want to go into the Finder and check the Advanced preference to show all file extensions. One common malware trick is to string two file extensions together. You see the name of the file as “cutebunny.jpg” but the real name is “cutebunny.jpg.tgz” If you let Safari automatically decompress that file, who knows what might happen!

If I may, I’d like to add a number 7 tip. Regularly check for software updates from Apple.  That is #2 on the National Security Agency’s list of Mac security tips.

3 comments:

  1. This is great information. Everyone can and should read this over. It's thought provoking, and it can lead to security improvements that can help keep precious information safe.

    And there's nothing more important than keeping private information private. Safe from prying eyes.

    Cristael

    ReplyDelete
  2. I'm having a terrible time trying to figure out the words that tell people I'm not a robot. Any robot could figure them out better than any human can. :) Is there a way to make these words even semi-legible?

    That said, this is an excellent article. I'm so glad to see it up so that I can review what we talked about at the May meeting.

    ReplyDelete
  3. Hello,
    This post was inspired by a long weekend I spent browing your blog! So thanks for what you do, and thanks for your comments here.

    data loss prevention

    ReplyDelete

 

 

Blog Archive