6/4/2008
11:17 PM
George V. Hulme
George V. Hulme
Commentary

OS X Lockdown

I just finished reviewing Apple's Mac OS X Security Configuration for Version 10.5 Leopard guide. Anyone who is interested in keeping the 10.5 installation secure should take a look.



I just finished reviewing Apple's Mac OS X Security Configuration for Version 10.5 Leopard guide. Anyone who is interested in keeping the 10.5 installation secure should take a look.The 240-page PDF is more of a book than a guide. And while it's aimed at the more technically inclined, there is some good advice for the average user. The guide is available here. If you haven't made the move up from Tiger or Panther, those guides also are available.

The guide starts off with an overview of the Mac OS X security architecture: open source kernel, secure default settings, access permissions, and so forth. Some useful tips for those new to the Mac include chapter 2, which covers in detail a secure OS X installation. There's also a number of useful security checklists on page 207, Appendix A. While some of the advice makes use of the OS command line, average users don't need to, and shouldn't, go that deep. There's plenty you can do to harden the average user's system from the standard GUI.

For instance, the guide advises using a removable storage device when it comes to managing passwords in the keychain. I use a USB for my keychain, and I keep a backup handy as well.

Since so many attacks today are aimed at the application level, the following instructions from the guide are good advice for anyone:

  • Accept only applications from known and trusted sources.

  • Run an antivirus program if you find suspicious files or applications, or if you notice unusual behavior on your computer.

  • To reduce the amount of exposure to harmful applications or files, limit the number of administrator accounts you create. Consider creating a user account for your daily work and then use an administrator account only when you need to install software or administer accounts.

  • If you enabled the root user and you don't need it, disable it.

  • Mac OS X comes equipped with a number of great security tools, such as the Application Firewall, FileVault for encryption, and easily establishing administrator and nonadministrator accounts. This guide explains it all.
     

    Recommended Reading:

    Comment  | 
    Email This  | 
    Print  | 
    RSS
    More Insights
    Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service