Securing your computer: Macintosh Quick-Click Guide

“The security systems have to win every time, the attacker only has to win once.”
          - Dustin Dykes

[minor updates and corrections: Monday, May 19th, 2014 05:25:06 PM PDT]

[Bonus material is available for some items. Use this link to show all “Bonus Material” { + } ]
If you have not yet had a chance to securely configure your Mac OS X system to meet the campus Cyber Safety Program policy requirements, you may find this Quick-Click Guide useful.

Another source that may provide a useful example of how to introduce your users to computer security is my podcast: Secure Your Computer Now.


Table of Contents


This note describes Mac OS X configuration settings for Cyber Safety Program compliance. It is terse and bare-bones, but it does give you a recipe of things to click and check.

Systems should remain isolated from the operational network until they are completely and securely configured whenever possible; use of an isolated test network is recommended for installation and configuration.

The U.S Computer Emergency Readiness Team (US-CERT) site contains an excellent document describing steps you should take before you connect a computer to the Internet. The page contains configuration information for both Windows XP and Mac OS X users.

   http://www.us-cert.gov/reading_room/before_you_plug_in.html/

Set Up System Preferences  

 

Anti-Virus


Other Issues

 

Other Safe Computing Practices

 

Note:

Most of the remaining items in the policy require inspection of
files, behavior modification, or individual policy decisions that are
beyond the scope of this “Quick-Click” Guide.

Additional information and discussion of these issues can be found at:

    http://security.ucdavis.edu/cybersafety.cfm



Bonus Material:   Additional & Advanced Security Settings

The following items are not specified by the Cyber Safety Program, but they involve security settings you may find useful. For some of these suggestions, you should be familliar with the UNIX command line and editing plain text configuration files. Most of these operations will require administrator access and it is strongly recommended that each file be backed up before editing it.

Disclaimer

This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration issues. Care must be taken when implementing these recommendations to address local operational and policy concerns.


   


Much of the material in this document is derived from information in:

  Please send comments, corrections, and suggestions to: epwaterstraat at ucdavis dot edu