Macintosh - Security Information

Securing OS X

Even a Mac can be hacked. Think of it as a car. If you leave the keys in the ignition, it's just a matter of time before someone walks by, sees the keys in the ignition and drives off. It's the same with a computer. If you leave everything unlocked, no passwords, no firewalls, someone, at some time, is going to take it. Here's how to prevent someone from stealing your "car."

First: Prevent Physical Access

One of the best ways to keep your data safe is to keep it physically inaccessible.

  1. Use cables and locks to keep the whole machine from being stolen. Even the largest desktop can disappear if a room is unattended for a long period of time. A recommended brand is Kensington. There are locks for computers like these
  2. Keep your office door locked, even if you're only going down the hall for a few minutes. Apple has made items so sleek and small they can fit into pockets and bookcases with ease.
  3. Limit access to the keys to the computer area. If only a few people can enter, there is less chance of items going missing.
  4. Keep services like file sharing, BlueTooth or Web services turned off. Don't let thieves on the network access your computer remotely. You can also turn on the firewall to keep out unwanted visitors.
  5. Do you share a system with other people? Give them their own accounts.
  6. Keep data where it's supposed to be. In other words, install applications in the Applications folder, your data in your Documents folder, place pictures in the Pictures folder, etc. If another user logs in to their account on your machine, they can't access anything that is in your account except for the Public folder.
  7. Don't save files to the desktop. If you haven't set a screen saver, locked your door or turned off your computer, anyone can walk by and read an open file or double-click on a file and then read it.
  8. Don't leave your email window open. Again, anyone walking by can see or read your mail. Sensitive data can become compromised in this way.
  9. Do you share or use a public Mac? Afraid to surf for sensitive data? OS X's Safari is your answer. It features private browsing so cache files and history can no longer be accessed by other users. Just open Safari and turn on Private Browsing from the menu.

Second: Protect Your Account

  1. Require every user to log in to the Mac. Don't turn on Automatic login. If this feature is enabled, anyone can turn on the power and access your files.
  2. Lock your screen. You can use a hot corner, drag your mouse to it to start the screen saver and walk away. If correctly set, anyone trying to get in will have to enter your password to get access. This helps if you need to leave for lunch or class but can leave everything running.
  3. Log out of the machine so the login screen is displayed.
  4. Lock your Keychain application.

Third: Verify Your Network

Avoid wireless networks whenever possible. They are inherently insecure. ECU now provides a secure wireless network called eduroam.

Fourth: Keep Viruses at Bay

Yes, the Macintosh is fairly secure, but where there's a will, there's a way. Make sure your Symantec Endpoint antivirus software is up to date.  Symantec Endpoint is a free download from the ECU Download Center,

Fifth: Keep EVERYTHING Up To Date

Make sure you've downloaded all the operating system updates available and checked the system preferences. Also make sure all applications are up to date. Most should have a Check for Updates section under the Help menu in the tool bar.

Sixth: Use Secure Erase Trash

Think that file is deleted when you tell the trash to empty? Not true. The name of the file has been removed from the disk directory, but the data is still in place. Secure Erase will immediately overwrite the file with random data so it cannot be reconstructed even while using US DoD specifications.

Last But Most Important: Back Up Your Data

Take your backup off site if at all possible. Don't leave it in your office or near the computer where a thief can take it AND your computer.

Here are some back up suggestions:

  • PirateDrive is 40GB of free storage that is backed up daily and password protected.
  • Use jump or flash drives with encryption software and even fingerprint readers for biometric access control. However, be cautious with these small drives. They are easily stolen, dropped and damaged, or washed while in your pocket.