Information Computing and Technology Services

Snow Leopard - Recommended System Preferences

These settings are based on the  CIS, Apple and ITCS recommendations.

System Preference

|           Image           |

Click on photo to enlarge image.

Recommended Changes


Appearance

Changes highlight colors, scroll bar placement and number of recent items in the Recent Items list. The settings are personal preference.

x6Appearance 

If intruders gain access to your computer, they can use the recent items menu to quickly view what you've recently used. Setting recent items to "None"  provides some security against unsophisticated intruders.

 


Desktop & ScreenSaver

Sets your desktop background, screensaver images and hot corners.

 

x6Desktop

x6screensaver

The University highly recommends the screen saver to turn on within 15 minutes or less and be password protected. If you are delayed from getting back to your workstation, your data will be protected from prying eyes.

You can also set hot corners to prevent someone who has unexpectedly walked in from viewing your screen.

Screensaver password protection is located in the Security preference panel.

 


Dock

Sets size, magnifications, position on screen, and effects.

x6Dock 

Automatically hide and show the dock can be turned on to prevent others from seeing the applications you have on your computer.

 


Exposé & Spaces

Sets hot corners, expose and Dashboard options.

expose
x6spaces
Turn off everything except for the bottom right corner which will have a password set in the Security preferences.
 

 


Language & Text

Sets language order, text substitution and input sources.
Language & Text
The settings are personal preference.

 


Security > File Vault

Encrypts your home folder.

More from Apple....

FileVault Settings
The settings are personal preference. The password for this CANNOT be retrieved.
    
  • Encrypts using government approved 128-bit (AES-128) encryption by putting your entire home folder into a bundle disk image.
  • Does support 256-bit Advanced Encryption.
  • Great for use on portable systems where physical security can't be guaranteed.
  • Only protects data at rest which means only when a user is not logged in. This is useful if the computer is stolen. 
  • If the password is lost, there is NO way to recover it. 
  • To use FileVault, you'll need to be able to double the size of your home directory. 
  • Not recommended for use with Directory accounts as the passwords don't always sync.
  • Does not protect files transferred over a network.

 


Security > Firewall

Prevents unauthorized programs from accessing your computer.
Firewall settings
Turn Firewall On

 


Security > Firewall > Advanced

Fine tunes the firewall.


OS X 6Firewall Advanced
BEST OPTION
  • Block all incoming connections on and select which applications are allowed in through that preference pane.

NEXT BEST OPTION

  • Automatically allow signed software to receive incoming connections = On

 


Spotlight

Built-in search engine.
  • It searches the name, meta-information associated with the file and the contents of that file. 
  • Location on the hard drive is not an issue.
  • If you have confidential files, you need to properly set access permissions on folders containing those files.
  • By default, the entire system is available for searches.
Spotlight settings
x6 Spotlight Privacy

Place confidential folders in the Privacy area if you need to keep them on your hard drive. However, remember that anyone can remove them from the Privacy area. No authentication is required in this pane so someone can remove them and then do a search.

Consider disabling top-level folders that contain these folders like your Documents folder or ~/Library/Mail for apple mail contents.

 


CDs & DVDs

Tells the Finder what to do when CDs/DVDs are mounted.
x6CDsDVDs

The default settings of the CDs & DVDs preference pane will automatically launch a program assigned within it. If the item contains any malicious actions, they will automatically be launched and the system compromised. Best practice is to set all actions to Ignore.

 


Displays

Monitor or laptop display settings.
Display Settings
Turn Show displays in menu bar on so there is easy access on portables to attached second monitors or projectors.

Use caution when enabling mirroring which might expose private data to others.

 


Energy Saver

Battery or Power Adapter settings.
 

Configure the computer so it only wakes when you physically access it. Do not set it to restart after a power failure.

 


MobileMe

A suite of tools to help synchronize data when you're away from your computer.

x6 MobileMe

Should only be used for accounts that don't have access to critical data. Avoid enabling MobileMe for administrator or root user accounts. 

Leave all options blank.

 


Network

Ethernet, Wireless and VPN settings

Snow Leopard Network Settings

 

 

Its recommended that you disable unused hardware devices in the list. From the list, select the device you don't use. Click the action button below the list and select "Make Service Inactive".

 


Sharing

File sharing, screen sharing, etc

Snow Leopard Sharing Settings

 

 

Bluetooth

Used to set up wireless keyboards, mice etc.

 x6Bluetooth
 

If you are not using Bluetooth, turn it off.

 


Accounts

Account password, setup, etc

Snow Leopard Account Settings

 

x6AccountSettings

 

Modify login options to provide as little information as possible.

Disable automatic login.

Require that you enter the name and password instead of clicking on a name.

Don't use password hints.

Disable Restart, Sleep and shut down buttons so someone can't restart the computer without pressing the power button or logging on.

Disable fast user switching - it allows multiple users to be simultaneously logged in which means its difficult to track user actions and also allows users to run malicious apps in the background while another user is using the computer. When some external volumes are mounted under another user's account, they grant access to all users and ignore access permissions. 

Avoid accounts shared by multiple users. Individual accounts maintain accountability. If a shared account is compromised, its hard to track down the offender.

 


Date & Time

Account password, setup, etc

 Snow Leopard Date & Time

Snow Leopard Time Zone

Snow Leopard Clock

 

Correct date and time settings are critical especially for those machines that are on the domain or user Kerberos. Incorrect date and times can cause security issues. Make sure "Set data and time automatically" is checked.

 


Startup Disk

Sets which disk, partition or device your system boots from.

Snow Leopard Startup Disk

 

 

Always have at least one item selected. If there is not something selected, sometimes your system will choose for you. A "?" might appear at startup while it searches for a bootable disk.


 

 
Need Help?