APPLE MAC SECURITY PRECAUTIONS

Your Apple MAC computer can get the threats from two sources:

1. The Internet
2. Direct Access / Physical Access (if you leave your computer unattended or without taking the necessary precautions)

What can you do to increase your MAC’s security features?

Basically, you will do all the configuration by clicking the Apple icon on the left top corner and choosing the System Preferences option.

1. Using a standard user: When setting up a new operating system, the user that is defined is an administrator type user. Admin users are entitled to make any changes on the computer. It’s a safer practice to use your computer with standard user rather than an administrative user. (Apple>System Preferences> User and Groups option you can change the user type to standard and renew the password.)

2. Secure Password Policy:

Do not choose your password from easily guessable passwords like your name, birthday, phone number or from ones that can be obtained from dictionary or brute force attacks. Secure password policy can be summarized in its simplest form as: A phrase containing at least 8 characters including uppercase, lower case letters, special characters (!, #, $, +, &) and digits. 

3. Disable Automatic login Option:

Disable automatic login option (login without entering a password to the computer).  (Apple > System Preferences > User and Groups >  Login Options; choose automatic login off).

4. Uninstall Flash Player

Flash Player is a software that can contain many security vulnerabilities. If you do not use the software at all, just uninstall it. If you do use it, then set it to make updates automatically. (Apple > System Preferences)

5. Use a Password Manager:

In the world of today, we use many different passwords for various purposes and of course we have to remember them. We would again like to remind you about the password policy in number 2. Besides, instead of keeping all the passwords in your memory, you can keep only one password in mind which is the password manager program’s password and keep the all the other passwords in the manager program safely. (Programs like Key Chain, 1 Password, Keeper that you can download from App Store)

6. Encrypt the files in your disk with File Vault:

If there are valuable files on your MAC computer, you can encrypt your files towards unwanted access. (Apple > System Preferences > Security&Privacy > FileVault tab and turn it on.)

7. Review your Spotlight Permissions:

Spotlight forwards your searches to Apple and Apple can share your information to third party partners. If you would like your search information to remain private, review your Spotlight options. (Apple > System Preferences > Spotlight > Privacy tab, you can define exceptions for your information not be forwarded.

8. Location Services

Inspect your applications that you share your location services with, and disable the ones that are unnecessary. (Apple > System Preferences > Security & Privacy > Privacy tab) Do not forget that the “Find My MAC” application works with location services; and if your MAC is lost or stolen you will be able find your device with the help of this feature. It’s a better idea to use location services with appropriate permissions. 

9. Software Updates

Follow the software updates frequently, and even set it to an automatic version. (Apple > System Preferences > App Store tab there is an option to automatically download and set up the updates).

10. Use Your Screen Saver Efficiently

Do not leave your computer unattended. For securing the computer and the data on it, define a screensaver that will activate after a short time the computer stays idle and will be disabled only by entering your password. (Apple > System Preferences > Desktop & Screen Saver).

11. Activate your Firewall

Activate your firewall and enable it in stateful mode, which means, no one will be able to make a connection to your computer unless you start the connection. (Apple > System Preferences > Security&Privacy > Firewall tab; activate with Firewall on; click Firewall options > Block all incoming connections option will enable your firewall to become a stateful firewall.)

12. Sharing

Control your Sharing. Avoid unnecessary sharing and disable them. (Apple > System Preferences > Sharing) Use this tab to control each service and disable the ones that are unnecessarily enabled. 

13. Define a Firmware Password:

You are encrypting the data on your computer with FileVault but this still does not guarantee a malicious person to boot your computer with a USB stick and erase all the data or install operating system from scratch, in case your computer is stolen or lost. When you define a firmware password, unlike in the case of PCs, firmware password will be asked only if you try to boot the system with unconventional ways. To define firmware password: When booting up the computer, press Cmd+R when the Apple logo appears; then on the screen that appears select Utilitiesà Firmware Password Utility. Please be careful defining this password, since if you forget it, you may need to visit the Apple Authorized Service.

14. Two Step Authentication

If you define two step authentication on your MAC, you will add an additional layer of security. (The second step is a verification code that comes to your telephone) You can find information on Apple’s web page about two step authentication.

15. Guest User

Defining a guest user: If you have enabled FileVault, you can use guest user and login the computer without password; use just Safari and all the data generated through the guest login is erased after the user logs out. Enabling the guest user on the computer enables the computer to be relocated after it’s lost or stolen. (Apple > System Preferences > User & Groups option).

16. Find My MAC!

Activate Find My MAC to relocate your computer if it is stolen or lost. (Apple > System Preferences > iCloud > Find My MAC must be selected.)

17. Third Party Antivirus Software

You can use third party antivirus software to determine malicious code on your MAC. For example, you can use the free version of BitDefender (Can we downloaded from App Store).

18. Use VPN

If you utilize open wireless networks a lot (like airports, coffee shops, libraries etc) you can take advantage of Virtual Private Networks (VPNs) to secure your traffic over the Internet. (Apple > System Preferences > Network, in the box on the left side, click “+” to set up VPN service.) METU offers a VPN service to the users but through this service you can access only local services and network of METU. Visit page https://faq.cc.metu.edu.tr/faq/how-can-i-use-metu-vpn-service-mac-os-x-installed-devices to setup VPN service of METU.

19. Use Legal Software

Do not install illegal software. Do not use Warez. If you use software from Warez, you enable unwanted, malicious codes on your computer. To increase your security, install software only from App Store or identified developers. (Apple > System Preferences > Security & Privacy > General tab, choose Allow apps downloaded in a secure way).

20. Backup Your Data

You should always backup your valuable data against theft, loss, physical damage on disc etc. (Apple > System Preferences > Time Machine).

21. use eduroam SSID for wireless in METU

There are 2 SSIDs for wireless network in METU Campus, eduroam and ng2k. ng2k is an open wireless network that works with MAC address authentication. On the other hand eduroam is secure wireless network working on RADIUS based 8021.x security standard. Furthermore if you setup eduroam on your device, you can wireless network in any institution that is a member of the eduroam infrastructure. You can visit http://eduroam.metu.edu.tr to get information about setting up eduroam SSID on your computer.

References:

1.     http://www.macworld.co.uk/feature/mac/22-ultimate-tricks-improve-mac-security-best-tips-3643100/

2.     https://www.intego.com/mac-security-blog/15-mac-hardening-security-tips-to-protect-your-privacy/