13:05 ET Dow -154.48 at 10309.92, Nasdaq -37.61 at 2138.44, S&P -19.130 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 0 1 100001 0 1 0 1 1 0 1 0 00 0 1 1 1 0 1 100001 0 1 1 100001 13:05 ET Dow -154.48 at 10309.92, Nasdaq -37.61 at 2138.44, S&P -19.1313:05 ET Dow -154.48 at 10309.92, Nasdaq -37.61 at 2138.44, S&P -19.13

.

.

Tuesday, July 14, 2009

30 Simple Steps to Secure Your Mac

30 Simple Steps to Secure Your Mac



1. File Sharing - Make sure you're not unwittingly ''sharing'' your files

- System Preferences > Sharing

A. Click on "DVD or CD Sharing," so that it is highlighted
i. Briefly select "On" and then select "Ask me before allowing others to use my DVD drive"
ii. Now, Deselect "On" for DVD or CD Sharing
B. Click on "Screen Sharing"
i. Move your mouse pointer to the right to "Allow access for:" and select "Only these users:"
ii. Click on each users name in the dialog box and then click the "-" sign, immediately beneath
C. Click on "File Sharing"
i. Move your mouse pointer to the second dialog box to the right: "Users"
ii. Click on each users name and then click the "-" sign; do this until there are no users left. There shouldn't be too many to begin with.
iii. Move your mouse to the left one dialog box to the dialog box entitled "Shared Folders"
iv. Click on each shared folder and then click the "-" sign, removing access to the folder in question; do this for each shared folder. Again, there shouldn't be too many listed.
D. Click on "Remote Login"
i. Move your mouse to the right again to the adjacent dialog box entitled "Allow access for:"
ii. Click on each listed user and click the "-" sign; do this for each listed user until the box is empty.
E. Click on "Remote Management"
i. Perform steps identical to "E", the step immediately above this step.
F. Click on "Remote Apple Events"
i. Perform steps identical to "E", again.
G. Click on "Bluetooth Sharing"
i. Move your mouse to the right and deselect the drop-down dialog box options for "When receiving items:" and choose "Never Allow"
ii. Immediately below, select "Require pairing"
iii. Move your mouse down to the option "When other devices browse:" depress the drop-down dialog box of options and again choose "Never Allow"
H. Now, move your mouse to the left, and deselect "On" for each offered service - both those you adjusted and those you didn't adjust. Make sure they are all turned off.

2. Bluetooth - Make sure your Bluetooth isn't on and that it's not broadcasting.

- System Preferences > Bluetooth

A. Deselect ''Discoverable''
B. Deselect ''On"
C. Deselect ''Show status in menu bar''
- System Preferences > Bluetooth > Advanced
A. Deselect "Bluetooth-PDA-Sync"

3. Security - Make sure your basic settings don't allow for unexpected local or remote login and also that your firewall is turned on securely.

- System Preferences > Security

A. Depress the "General" button in the row of choices.
i. Move your mouse down about 2 inches (this distance is dependent on the size of your monitor: mine is 15". If your monitor is larger, the distance will be greater) and select "Disable remote control infrared receiver"
ii. Select "Use secure virtual memory" - each of the following choices is located immediately above the former choice.
iii. Select "Require password to unlock each System Preferences pane"
iv. Select "Disable automatic login"
v. Select "Require password to wake this computer from sleep or screen saver"
B. Depress "FileVault" - top row - where you started
i. Move your mouse to the lower of the two options and depress "Turn on FileVault"
ii. You will be prompted to create a master password by a drop-down dialog box.
iii. You will see a small icon with a key in it. This icon will be located to the immediate right of the password entry dialog.
iv. Depress the key and a second dialog box entitled "Password Assistant" will appear.
v. Depress "Type", the uppermost dialog of choices, and select "Random"
vi. Write this password down on a piece of paper and place it somewhere that is both memorable and safe.
vi. Type this password into the lower of the two entry dialogs - there are only two and your point-of-entry is located under the first - hit enter.
vii. A new and larger dialog box will appear and prompt you to make sure you want to proceed. Select use "secure sleep memory", and then hit "OK". You will be logged out. Log back in.
C. Return to System Preferences > Security > Firewall
i. There are three primary selections available on this dialog. Chose the second or middle: "Allow only essential services"
ii. Move your mouse to the lower, bottom right corner and depress "Advanced"
iii. A new dialog box will appear. Select both of the two options: 1) "Enable Firewall Logging ; & 2) "Enable Stealth Mode". Click "OK".
4. Energy Saver - Make sure your computer's on/off state can't be remotely triggered

- System Preferences > Energy Saver > Power Adapter

A. There are two selectable choices across the open dialog box. Select the option on the right: "Power Adapter"
B. The uppermost selection is Graphics. Select "Higher performance".
C. Move your mouse downward about 2 inches and deselect both: 1) "Wake for Ethernet network administrator access"; & 2) "Restart automatically after a power failure".
D. Move your mouse downward again. This time about an inch to select "Show battery status in the menu bar".

5. Accounts - Make sure you deactivate the "Guest Account", create a more secure Standard user account for yourself (you'll then have 2), and secure the login process

- System Preferences > Accounts >

A. Click on "Guest Account" in the leftmost pane. This panes heading reads "My Account".
B. There are 3 choices. Make sure they are each deselected: 1) "Allow guests to log into this computer"; 2) "Enable Parental Controls"; & 3) "Allow guests to connect to shared folders"
C. Located at the bottom of your Accounts dialog box, in the lower leftmost corner, you will see a selectable rectangular dialog button with a little house icon on it. Depress this "Login Options" button.
D. The primary pane will change and you will be presented with more choices i. Starting from the top, option: "Automatic login:" set this to "Disabled"
ii. Move your mouse to the option immediately below. It is labelled "Display login window as:"
iii. Depress "Name and password"
iv. Deselect each of the 5 remaining options so that not one is enabled:
a. "Show the Restart, Sleep, and Shut Down buttons
b. "Show Input menu in login window
c. "Show passwords hints"
d. "Use VoiceOver at login window"
e. "Enable fast user switching"
E. Move your mouse to the lower left corner again and click the "+" button to create an additional account - a "Standard" user account
i. A drop-down dialog box will again appear. You will see 6 labeled parameters. The uppermost will read "New Account"
ii. Depress the selection dialog to the immediate right of the New Account label and chose "Standard"
iii. Enter names in the spaces reserved for "Name" and "Short Name"
iv. For "Password:", depress the key icon and bring up the "Password Assistant". Follow the steps you took above at 3.B.v.
v. Leave "Password Hint:" blank
vi. Lastly, select "Turn on FileVault" for this account

6. Keyboard & Mouse - Prevent Bluetooth devices from Waking the computer

- System Preferences > Keyboard & Mouse

A. There is a row of selectable icons across the top of "Keyboard & Mouse" dialog box. Select the middle button: "Bluetooth"
B. Move your mouse downward about 4 inches and deselect "Allow Bluetooth devices to wake this computer"

7. CDs & DVDs - Prevent users from loading unauthorized media on your computer via your optical drive

- System Preferences > CDs & DVDs

A. Set each of the following to "Ignore". You will still see an icon on your desktop for DVDs and CDs inserted into your drive, as always. However, a Finder window will not appear and code won't be auto-run.

8. Eposé - Prevent users from deactivating your screen saver without entering your password

- System Preferences > Eposé & Spaces

A. This dialog box has two stacked sections. The uppermost allows you to set an option that will produce a result when you move your mouse pointer to the specified corner.
B. Make sure not one of the four selections is set to "Disable Screen Saver"

9. Sound - Ensure your microphone doesn't capture unintended sound

- System Preferences > Sound > Input

A. Depress "Input" and in the top of the resultant dialog box you will see the heading "Choose a device for sound input"
B. Depress "Internal microphone" and reduce the "Input volume" to as low as possible; move the slider all the way to the left.
C. Depress "Line In", located immediately below, follow the steps you just took in step B; move the slider all the way to the left.

10. QuickTime - Take control of QuickTime so that it does not auto-run potentially bad code or store it in your system's cache memory

- System Preferences > QuickTime

A. On the top of this system pane, you'll see a row of buttons. Depress "Browser" and deselect "Play movies automatically" and "Save movies in disk cache"
B. Now depress streaming, located two cells to the right of "Browser", and deselect "Enable Instant-On"

11. Network - Turn unused network protocols to "Inactive"

- System Preferences > Network

A. There are two panes in the Network dialog box. In the left pane you will see "Bluetooth", "Ethernet", "AirPort", and "FireWire".
B. Click on FireWire and then move the mouse downward about 2 inches to the small wheel icon above the padlock and to the right of the "+" and "-" signs.
C. A drop-down dialog box will appear. Select "Make Service Inactive"
D. Do the same for Bluetooth.
E. Usually, you will use either Ethernet or AirPort to access the Internet. To be safe, only enable the services you will use and disable them when not in use.

12. Speech - Ensure no one can give your computer commands via its voice recognition capabilities

- System Preferences > Speech

A. In this dialog box there are two panes, one within the other.
B. In the top row of the inner pane, there are two buttons: 1) "Settings"; & 2) "Commands". Depress Settings and set "Microphone:" to "Line In".
C. Set "Listening Method:" to "Listen only while key is pressed.
D. Now, once again return to the top row of the inner pane and depress "Commands"
E. You will see a small dialog box appear within the smaller of the two dialog boxes before you. Deselect each "command set." so that not one is left on.

13. Universal Access - Ensure access is not enabled for foreign and unauthorized devices

- System Preferences > Universal Access

A. Select the bottom option "Show Universal Access status in the menu bar". This icon will visibly darken to bring any unauthorized connectivity to your attention.
B. Deselect "Enable access for assistive devices"
C. The top row of this pane shows 4 buttons. The first button, on the leftmost side, is "Seeing". Click this and ensure "VoiceOver:" and "Zoom:" are set to "Off."
D. Click the "Keyboard" button, located second from the right and ensure that "Sticky Keys:" and "Slow Keys:" are set to "Off"
E. Select "Mouse & Trackpad" and ensure the uppermost option, "Mouse Keys:", is set to "Off."

14. Finder - Ensure that you are are deleting files securely, not just removing file names from the directory tree, and that you are aware of any connected servers

- Dock > Finder

A. Ensure that you see "Finder" in the uppermost left corner, to the immediate right of the small apple icon.
B. Click "Finder" so that the appropriate drop-down menu appears. Move down to increments to select "Preferences..."
C. A dialog box will appear. Click "General". Select "Connected servers" under "Show these items on the Desktop:"
D. Click "Sidebar" and ensure that every icon/option is selected. The objective is to bring to light any and all networked devices.
E. Click "Advanced" and make sure that the top four options are selected, specifically "Empty Trash securely" and "Show all file extensions"



1. File Sharing - Make sure you're not unwittingly ''sharing'' your files

- System Preferences > Sharing

A. Click on "DVD or CD Sharing," so that it is highlighted
i. Briefly select "On" and then select "Ask me before allowing others to use my DVD drive"
ii. Now, Deselect "On" for DVD or CD Sharing
B. Click on "Screen Sharing"
i. Move your mouse pointer to the right to "Allow access for:" and select "Only these users:"
ii. Click on each users name in the dialog box and then click the "-" sign, immediately beneath
C. Click on "File Sharing"
i. Move your mouse pointer to the second dialog box to the right: "Users"
ii. Click on each users name and then click the "-" sign; do this until there are no users left. There shouldn't be too many to begin with.
iii. Move your mouse to the left one dialog box to the dialog box entitled "Shared Folders"
iv. Click on each shared folder and then click the "-" sign, removing access to the folder in question; do this for each shared folder. Again, there shouldn't be too many listed.
D. Click on "Remote Login"
i. Move your mouse to the right again to the adjacent dialog box entitled "Allow access for:"
ii. Click on each listed user and click the "-" sign; do this for each listed user until the box is empty.
E. Click on "Remote Management"
i. Perform steps identical to "E", the step immediately above this step.
F. Click on "Remote Apple Events"
i. Perform steps identical to "E", again.
G. Click on "Bluetooth Sharing"
i. Move your mouse to the right and deselect the drop-down dialog box options for "When receiving items:" and choose "Never Allow"
ii. Immediately below, select "Require pairing"
iii. Move your mouse down to the option "When other devices browse:" depress the drop-down dialog box of options and again choose "Never Allow"
H. Now, move your mouse to the left, and deselect "On" for each offered service - both those you adjusted and those you didn't adjust. Make sure they are all turned off.

2. Bluetooth - Make sure your Bluetooth isn't on and that it's not broadcasting.

- System Preferences > Bluetooth

A. Deselect ''Discoverable''
B. Deselect ''On"
C. Deselect ''Show status in menu bar''
- System Preferences > Bluetooth > Advanced
A. Deselect "Bluetooth-PDA-Sync"

3. Security - Make sure your basic settings don't allow for unexpected local or remote login and also that your firewall is turned on securely.

- System Preferences > Security

A. Depress the "General" button in the row of choices.
i. Move your mouse down about 2 inches (this distance is dependent on the size of your monitor: mine is 15". If your monitor is larger, the distance will be greater) and select "Disable remote control infrared receiver"
ii. Select "Use secure virtual memory" - each of the following choices is located immediately above the former choice.
iii. Select "Require password to unlock each System Preferences pane"
iv. Select "Disable automatic login"
v. Select "Require password to wake this computer from sleep or screen saver"
B. Depress "FileVault" - top row - where you started
i. Move your mouse to the lower of the two options and depress "Turn on FileVault"
ii. You will be prompted to create a master password by a drop-down dialog box.
iii. You will see a small icon with a key in it. This icon will be located to the immediate right of the password entry dialog.
iv. Depress the key and a second dialog box entitled "Password Assistant" will appear.
v. Depress "Type", the uppermost dialog of choices, and select "Random"
vi. Write this password down on a piece of paper and place it somewhere that is both memorable and safe.
vi. Type this password into the lower of the two entry dialogs - there are only two and your point-of-entry is located under the first - hit enter.
vii. A new and larger dialog box will appear and prompt you to make sure you want to proceed. Select use "secure sleep memory", and then hit "OK". You will be logged out. Log back in.
C. Return to System Preferences > Security > Firewall
i. There are three primary selections available on this dialog. Chose the second or middle: "Allow only essential services"
ii. Move your mouse to the lower, bottom right corner and depress "Advanced"
iii. A new dialog box will appear. Select both of the two options: 1) "Enable Firewall Logging ; & 2) "Enable Stealth Mode". Click "OK".
4. Energy Saver - Make sure your computer's on/off state can't be remotely triggered

- System Preferences > Energy Saver > Power Adapter

A. There are two selectable choices across the open dialog box. Select the option on the right: "Power Adapter"
B. The uppermost selection is Graphics. Select "Higher performance".
C. Move your mouse downward about 2 inches and deselect both: 1) "Wake for Ethernet network administrator access"; & 2) "Restart automatically after a power failure".
D. Move your mouse downward again. This time about an inch to select "Show battery status in the menu bar".

5. Accounts - Make sure you deactivate the "Guest Account", create a more secure Standard user account for yourself (you'll then have 2), and secure the login process

- System Preferences > Accounts >

A. Click on "Guest Account" in the leftmost pane. This panes heading reads "My Account".
B. There are 3 choices. Make sure they are each deselected: 1) "Allow guests to log into this computer"; 2) "Enable Parental Controls"; & 3) "Allow guests to connect to shared folders"
C. Located at the bottom of your Accounts dialog box, in the lower leftmost corner, you will see a selectable rectangular dialog button with a little house icon on it. Depress this "Login Options" button.
D. The primary pane will change and you will be presented with more choices i. Starting from the top, option: "Automatic login:" set this to "Disabled"
ii. Move your mouse to the option immediately below. It is labelled "Display login window as:"
iii. Depress "Name and password"
iv. Deselect each of the 5 remaining options so that not one is enabled:
a. "Show the Restart, Sleep, and Shut Down buttons
b. "Show Input menu in login window
c. "Show passwords hints"
d. "Use VoiceOver at login window"
e. "Enable fast user switching"
E. Move your mouse to the lower left corner again and click the "+" button to create an additional account - a "Standard" user account
i. A drop-down dialog box will again appear. You will see 6 labeled parameters. The uppermost will read "New Account"
ii. Depress the selection dialog to the immediate right of the New Account label and chose "Standard"
iii. Enter names in the spaces reserved for "Name" and "Short Name"
iv. For "Password:", depress the key icon and bring up the "Password Assistant". Follow the steps you took above at 3.B.v.
v. Leave "Password Hint:" blank
vi. Lastly, select "Turn on FileVault" for this account

6. Keyboard & Mouse - Prevent Bluetooth devices from Waking the computer

- System Preferences > Keyboard & Mouse

A. There is a row of selectable icons across the top of "Keyboard & Mouse" dialog box. Select the middle button: "Bluetooth"
B. Move your mouse downward about 4 inches and deselect "Allow Bluetooth devices to wake this computer"

7. CDs & DVDs - Prevent users from loading unauthorized media on your computer via your optical drive

- System Preferences > CDs & DVDs

A. Set each of the following to "Ignore". You will still see an icon on your desktop for DVDs and CDs inserted into your drive, as always. However, a Finder window will not appear and code won't be auto-run.

8. Eposé - Prevent users from deactivating your screen saver without entering your password

- System Preferences > Eposé & Spaces

A. This dialog box has two stacked sections. The uppermost allows you to set an option that will produce a result when you move your mouse pointer to the specified corner.
B. Make sure not one of the four selections is set to "Disable Screen Saver"

9. Sound - Ensure your microphone doesn't capture unintended sound

- System Preferences > Sound > Input

A. Depress "Input" and in the top of the resultant dialog box you will see the heading "Choose a device for sound input"
B. Depress "Internal microphone" and reduce the "Input volume" to as low as possible; move the slider all the way to the left.
C. Depress "Line In", located immediately below, follow the steps you just took in step B; move the slider all the way to the left.

10. QuickTime - Take control of QuickTime so that it does not auto-run potentially bad code or store it in your system's cache memory

- System Preferences > QuickTime

A. On the top of this system pane, you'll see a row of buttons. Depress "Browser" and deselect "Play movies automatically" and "Save movies in disk cache"
B. Now depress streaming, located two cells to the right of "Browser", and deselect "Enable Instant-On"

11. Network - Turn unused network protocols to "Inactive"

- System Preferences > Network

A. There are two panes in the Network dialog box. In the left pane you will see "Bluetooth", "Ethernet", "AirPort", and "FireWire".
B. Click on FireWire and then move the mouse downward about 2 inches to the small wheel icon above the padlock and to the right of the "+" and "-" signs.
C. A drop-down dialog box will appear. Select "Make Service Inactive"
D. Do the same for Bluetooth.
E. Usually, you will use either Ethernet or AirPort to access the Internet. To be safe, only enable the services you will use and disable them when not in use.

12. Speech - Ensure no one can give your computer commands via its voice recognition capabilities

- System Preferences > Speech

A. In this dialog box there are two panes, one within the other.
B. In the top row of the inner pane, there are two buttons: 1) "Settings"; & 2) "Commands". Depress Settings and set "Microphone:" to "Line In".
C. Set "Listening Method:" to "Listen only while key is pressed.
D. Now, once again return to the top row of the inner pane and depress "Commands"
E. You will see a small dialog box appear within the smaller of the two dialog boxes before you. Deselect each "command set." so that not one is left on.

13. Universal Access - Ensure access is not enabled for foreign and unauthorized devices

- System Preferences > Universal Access

A. Select the bottom option "Show Universal Access status in the menu bar". This icon will visibly darken to bring any unauthorized connectivity to your attention.
B. Deselect "Enable access for assistive devices"
C. The top row of this pane shows 4 buttons. The first button, on the leftmost side, is "Seeing". Click this and ensure "VoiceOver:" and "Zoom:" are set to "Off."
D. Click the "Keyboard" button, located second from the right and ensure that "Sticky Keys:" and "Slow Keys:" are set to "Off"
E. Select "Mouse & Trackpad" and ensure the uppermost option, "Mouse Keys:", is set to "Off."

14. Finder - Ensure that you are are deleting files securely, not just removing file names from the directory tree, and that you are aware of any connected servers

- Dock > Finder

A. Ensure that you see "Finder" in the uppermost left corner, to the immediate right of the small apple icon.
B. Click "Finder" so that the appropriate drop-down menu appears. Move down to increments to select "Preferences..."
C. A dialog box will appear. Click "General". Select "Connected servers" under "Show these items on the Desktop:"
D. Click "Sidebar" and ensure that every icon/option is selected. The objective is to bring to light any and all networked devices.
E. Click "Advanced" and make sure that the top four options are selected, specifically "Empty Trash securely" and "Show all file extensions"

No comments:

Post a Comment