EssayBoard

Here are the security advices in broad sense for your brand new mac!  These advices are not going into details of how to execute certain security measures, but these advices are only meant to inform you what you can try to make your new shiny mac secured.

Believe me, it’s a myth and lies when people and computer salesmen/women tell you that Mac is bulletproof against hackers and crackers and viruses.  Nothing is bulletproof when it comes to computer security!  Even a very secured operating system such as Mac OS X with the best fortified customization of security rules can still be compromised!  How?  Sometimes new bugs are introduced into the systems, and the security rules are only static measures that cannot prevent new bugs from being exploited by malicious evil doers.

The best we can all do to secure ourselves from unintentional consequences in the computer realm/Internet universe is to be paranoid about our security measures for our computer systems.  Yes, Mac is very secured, but it can be even more secured when you go extra miles in customizing and locking down the default settings.  Read more if you are paranoid enough!

General Rules:

1. Mac’s OS X 10.6 by default has Firewall turns off!  You need to turn it back on!  Turn the Firewall on in System Preferences > Security.
2. The firewall for Mac’s OS X 10.6 is securing your Mac at application level!  What is this mean?  It means it does not filter ports!  For an example, FTP is a file transfer protocol application that uses port 21 to transfer files over a network through binary and plain text, and by enabling Mac’s default firewall to not allow all incoming requests or FTP’s requests, it doesn’t mean that another application which uses port 21 will be blocked!  Hackers can spoof an FTP program so you can download and be owned by them.  By blocking port 21, you just maybe stop the hackers from retrieving your sensitive data over port 21 — this is hypothetical deduction since hackers are smart and may randomize ports and so on.  Hackers may even penetrate your lower layer of security by opening ports that are blocked by you.  Solution?  A solution for every possible scenarios is what I don’t have, but blocking specific ports or range of ports on Mac is doable.  How?  You have to learn how to use IPFW!  IPFW is a firewall which comes with Mac, but it does not turn on.  To configure IPFW, you can add IPFW’s rules to /etc/ipfw.conf (you have to create the file if it’s not in /etc).  After adding the rules, you have to flush your old IPFW rules by using the command of [/sbin/ipfw flush].  After flushing the old rules, you need to load new IPFW rules that you have added to IPFW by using the command of [/sbin/ipfw /etc/ipfw.conf].  To see the rules that have loaded into IPFW, you can use the command of [/sbin/ipfw print].  Using those IPFW commands above and to edit IPFW, you must be root or administrator in Mac.  For the IPFW rules, please look them up in your known trusted sources.
3. Mac has less viruses than Windows, but as Mac is getting more popular than ever, it’s a given that more hackers will try to craft sophisticated viruses for attacking Mac systems.  This is why installing an antivirus is still a must for Mac users.  I recommend ClamAV for Mac that can be downloaded on Apple’s website at here.  You may need to configure ClamAV’s files in terminal such as changing certain files’ permissions for it to work correctly.
4. Don’t turn on unnecessary services such as share services in System Preferences > Sharing.
5. Strip SUID/GUID for certain default programs that come with Mac to avoid allowing normal user accounts (standard) from executing such programs.  SUID/GUID has a flag of letter s when you use the command of [ls -l filename-or-path-to-program-here].  To strip SUID/GUID, you can use the command of [chmod -s filename-or-path-to-program-here].
6. Make sure you are using secure virtual memory!  Enabling this in System Preferences > Security.
7. Disabling network interfaces that you are not using such as Airport and Firewire and so on!  Configure this in System Preferences > Network.
8. Encrypt your files and folders on your accounts by turning on FireVault.  It’s not recommend for Mac users who have a slow and old Mac system to use FileVault, because it can take longer to shutdown and start up your Mac as FireVault tries to encrypt and decrypt the account and mount the files and folders for usage.  Enabling FireVault in System Preferences > Security.
9. By default, Mac uses Keychain program to store your sensitive information such as passwords.  When logging in as an authenticated user, Keychain for specific user gets unlocked as Keychain program is using the same password as user.  To tighten up a bit, you can change Keychain’s password to a different password!  This will prevent unauthorized access of your important web accounts such as a bank account — the password for accessing a bank account online which was saved in your Keychain cannot be accessed unless a right password is used in unlocking your Keychain.  Better advice is not to save your bank’s account password in Keychain!  How password is saved in Keychain?  For an example, it can be saved when you allow your browser to remember a password.  Change your Keychain password in Applications > Utilities > Keychain Access (.app).
10. Update all software!  Do this in System Preferences > Software Update.
11. When using share services such as SSH, you must configure it securely.

I probably leave out a ton of good advices!  If you know any other advices that I should look into, please write in the comment section!  Have fun in securing your Mac!  I know this guide is not going into the details such as enabling and disabling the specific options within security programs that I mentioned above, but it should be enough as a warning that your Mac is not that secured unless you are paranoid about its security settings!  It’s never enough when it comes down to securing your computer, be it a Mac or a Linux or a PC (Windows).