Macintosh - Security Information
Securing OS X
Even a Mac can be hacked. Think of it as a car. If you leave the keys in the ignition, its just a matter of time for someone to walk by, start it up and drive off. Its the same with a computer. If you leave everything unlocked, no passwords, no firewalls, someone at some time is going to take it. Here are some items to do to keep someone from stealing your "car".
FIRST: Prevent physical accessOne of the best ways to keep your data safe is to keep it physically inaccessible.
- Use cables and locks to keep the whole machine from being stolen. Even the largest desktop can disappear if a room is unattended for a long period of time. A recommended brand is Kensington. There are locks for computers like these http://us.kensington.com/html/1434.html.
- Now, think about the hard drive(s) inside. Most desktops have a security bar on the back of its case. Put a padlock in the security bar and this will keep someone from popping open the case and taking your hard drive, your expensive video cards or the memory. You can have the best password-protected screen saver in the world, but it only takes five seconds to open a Mac Pro, disconnect a hard drive and walk away with it to hack into at leisure.
- Keep your office door locked, even if you're only going down the hall for a few minutes. Apple has made items so sleek and small they can fit into pockets and bookcases with ease.
- Limit access to the keys to the computer area. If only a few people can enter, there is a less chance of items becoming missing.
- Keep services like file sharing, BlueTooth or web services off on your machine. Don't let thieves on the network get into your computer remotely. You can also turn on the Firewall to keep unwanted visitors out.
- Have other people that share your computer? Give them their own accounts.
- Keep your data where it's supposed to be. In other words, install applications in the Applications folder, your data in your Documents folder, place pictures in the Pictures folder, etc. If another user logs in to their account on your machine, they can't access anything that is in your account except for the Public folder.
- Keep files off your desktop. If you haven't set a screen saver, locked your door or turned off your computer, anyone can walk by and read an open file or double-click on a file and then read it.
- Don't leave your email window open. Again, anyone walking by can see or read what you have. Sensitive data can become compromised in a heartbeat.
- Share or using a public Mac? Afraid to surf for sensitive data? OS X's Safari is your answer. It features private browsing so cache files and history can no longer be access by snoopers. Just open Safari and go to the Safari menu. Turn on Private Browsing from there.
SECOND: Protect your account
- Require everyone to log into the Mac. Don't turn on Automatic login no matter how inconvenient. Anybody can then sit down at your computer, turn the power on, and get into your files.
- Keep your passphrase secret AND complicated. A good idea is to use the same one you use for your pirate account. It already follows all the rules: http://www.ecu.edu/cs-itcs/policies/passphraseStandard.cfm
- Lock your screen. You can use a hot corner, drag your mouse to it to start the screen saver and walk away. If correctly set, anyone trying to get in will have to enter your password to get access. This helps if you need to leave for lunch or class and you can leave everything running "as is".
- Log out of the machine so the login screen is displayed.
- Lock your Keychain application.
- Use File Vault. It will encrypt your home folder so that it is protected from most hacking.
THIRD: Verify your networkAvoid wireless networks whenever possible. They are inherently insecure. ECU now provides a secure wireless network called "buccaneer".
FOURTH: Keep viruses at bay
Yes, the Macintosh is fairly secure, but, where there's a will, there's a way. Make sure your Norton Antivirus software (required for any computer connected to the ECU network) is the latest version. Log into your OneStop and access the Software Downloads section to verify this.
Also make sure that your preferences and scan schedules have been set up correctly.
FIFTH: Keep EVERYTHING up-to-dateMake sure you've downloaded all the operating system updates available and checked the system preferences. Also make sure all your applications are up to date. Most should have a Check for Updates section under the Help menu in the tool bar. OS 9 users should consider updating to OS X.
SIXTH: Use Secure Erase TrashThink that file is deleted when you tell the trash to empty? Not true. The name of the file has been removed from the disk directory but the data is still in place. Secure Erase will immediately overwrite the file with random data so it cannot be reconstructed even while using US DoD specifications.
LAST BUT FOREMOST: Backup your dataTake your backup off site if at all possible. Don't leave it in your office or near the computer where a thief can take it AND your computer.
Here are some back up ideas
1. If you have Leopard (X.5), use Time Machine.
2. Use a .Mac account. There's a fee with this account so read the contract.
3. Burn CD/DVDs of your data. You can use the Finder, Disk Utility or a third party software like Toast to create the CDs or DVDs. It's highly recommended to date them so you can easily discern the differences between the copies.
4. Use jump or flash drives which are now available with encryption software and even fingerprint readers for biometric access control. However, be cautious with these small drives. They can be easily stolen, dropped and damaged, or washed while in your pocket.
5. Use your iPod. Turn disk mode on and drag your data to it every once in awhile.