SecureYourMac
Latest
Secure Your Mac: What's new in Leopard security?
Mac users everywhere are salivating over the approaching release of Leopard (this humble blogger counts himself amongst that number). We all know about the flashy new additions to the OS that Leopard will bring, but what about security? Apple has a whole section detailing the new security features in Leopard on their huge list of 300+ features to be found in the new OS. The highlights from the security list are: Tagging downloaded Apps: This feature seems to be what Microsoft was trying to do with Vista. The first time you launch a downloaded app Leopard will ask you if you really want to run this app and display from whence this app came (so if you see it was downloaded for a wacky URL you can cancel launching it). Application specific firewall: You can set the firewall to allow or refuse connections per app. Library Randomization: Places system libraries in randomly assigned memory addresses. Interesting there are a few other security enhancements scattered about some other areas of Leopard: Custom access privileges for shared folders: Leopard lets you share folders, which you can do now, but also makes it easy to assign differing levels of access per shared folder. You can also use your contacts in Address Book to control access. Airport Menu: The Airport Menu now tells you if the WiFi networks you're connecting to is secured. The more you know, kids, the more you know. Activity Logging: This feature is both a little creepy, and secure! The best kind, if you ask me. Part of the new set of Parental Controls, though I assume you can use this to track folks other than kids, Activity Logging will log what websites a user visits, who chats with them, what apps are used, and saves a transcript of any chats. Guest Log-In Accounts: Right at this moment you can create a guest account with limited permissions, so any of your friends can use your Mac without having unfettered access to your documents. Leopard has a built in feature that allows you to create Guest Accounts which purge their contents when your guest logs out. The Desktop won't be cluttered with files, Mail won't have someone else's setting waiting, and people won't come to think of the Guest Account as 'their account.' Did I miss anything? Sound off in the comments.
Secure your Mac: Disable automatic login
Most doors have locks on them. Shocking, I know, but they are there for a good reason: to keep people out. It would be nice if we all lived in a Norman Rockwellian world where our doors would never be locked and we would all be busy painting self portraits, but that's not the world we live in.Sadly, in our world your Mac might get stolen. When this happens bad guys have the potential to get their hands on lots of your information. One easy way to thwart them is by disabling automatic login for all accounts on your Mac. This means that when your Mac boots up you will be prompted by a dialog asking for a password (at the very least, you can change the settings on this dialog, but that is a matter for a follow up post). Not the most comprehensive way to Secure your Mac, but it is a start.Read on to learn how to do this.
Secure Your Mac: Untrusted networks and how to deal with them
To tell the unvarnished truth, I have to admit that I'm pretty lax on security for my computers. I don't do anything crazy like open email attachments from people I don't know, and I always double check the address bar of websites before I punch my password in. Even so, on a scale of 1 to 10, I'd say I put about an effort of 5 into keeping my computers secured. There's a lot more I could do.And so I found Albert Lee's short guide on surfing on untrusted networks very helpful. I've got a web server set up that runs my own website, but I never had any idea how to get all my network traffic running through there. Albert's guide makes that super easy-- this Lifehacker piece explains the basics of surfing with a proxy, and Albert's guide tells you exactly how to do everything on your Mac, and even how to automate the whole process using Applescript. Eventually, you can have it set up so that one double-click will get your proxy connected and get you surfing securely.The one thing you know about untrusted networks is just that: they shouldn't be trusted. When it's this easy to get your web traffic locked down, there's no reason not to.Thanks, Albert!
Secure your Mac: SecuriKey USB dongle
As we recently mentioned with regards to the newly available Mac support for the Eikon USB fingerprint scanner, hardware security peripherals on the Mac have been rather thin on the ground. But coming on the heels of the Eikon, GT Security has announced an update to their SecuriKey USB security dongle for Mac which adds encrypted Volume support. Basically the SecuriKey software creates a virtual secure Volume protected by AES 128-bit encryption on which you keep your sensitive data. To access that Volume all you have to do is plug in the USB dongle (which they call a "token"). If you remove the dongle the Mac will reset to the login screen. It's a lot like Knox but locked via a hardware key instead of a password.The SecuriKey Professional Edition is $129.99; there's a software only upgrade for $50 if you should already have one of the dongles.[via MacNN]
Secure your Mac: Eikon biometric security
TUAW has lately been trying to help you Secure Your Mac, and while a few options have been available, biometric security is one area in which the Mac has seemed to lag behind the Windows side. Now UPEK has released a preview of the Mac version of their Eikon Digital Privacy Manager. The software allows you to use the Eikon scanner to login to your account, control your Keychain, switch users, or lock down your Mac. The Eikon scanner is a USB device which costs about $40 and only comes with Windows software. Once you have the scanner however, you can download the Mac Protector Suite Preview for free from UPEK. If security is a serious concern and passwords are getting tedious then a biometric solution like this one looks increasingly cost effective.[via OhGizmo]
Secure your Mac: Do as the Federales do
More security notes from the underground TUAW vault. Up until Mac OS X 10.4 Tiger, you could see your tax dollars at work very readily, as the National Security Agency published OS-specific guidelines for hardening your OS X installation -- mostly commonsense items like "use strong passwords" and "turn off unneeded services," but it was nice to have a document with the imprimatur of the US Government's most professional paranoids that you could show to your spouse/boss/Russian friends and say "See, it's secured!"As of Tiger, however, the NSA has handed over the security stick to Apple and endorsed the vendor guides to securing both OS X and OS X Server as "[tracking] closely with the security level historically represented in the NSA guidelines." You can download the Server version of the PDF from the NSA's website, but oddly the client version seems to hang on download (spies! saboteurs!), so you can grab that one directly from the mothership. Between the two guides you have over 500 pages of security reading, so save the whole weekend.Oops, thanks Derek!
Secure your Mac: strong passwords
It is a sad fact of life that your Mac is only as secure as your password is strong. A good password is complex enough to thwart both idle hands ('I wonder if Scott is as dumb as he looks. I bet his password is 12345. Let me try it and find out') and dastardly hackers out to steal your personal information ('Ah, some fool has left his Mac unattended, let me try some brute force dictionary attacks in hopes that I will gain entrance into his digital domain and clear out his bank account AND delete all his iPhoto pictures'). Sadly, passwords that make security conscious paranoid freaks like myself happy are both difficult to remember and to type (it is all part of their charm). Luckily, Apple has included a small utility that can help you find a password both complex and memorable.Read on to learn how.
Secure your Mac: Keychain on the move
Victor's Mac 101 yesterday gave you the basics of the Keychain, so we all know what it's good for -- keeping your passwords and credentials in a convenient, automatic and protected file. Still, that's an awful lot of passwordy goodness to keep in one place, especially if some of those passwords are controlling access to your financial or professional information. Y'know, what would be really cool -- if you could do it -- take that keychain, and put it on a portable drive, and then you'd have physical control of your passwords even when you aren't with your computer... nice. Conveniently enough, there's a great walkthrough at nevali.net to accomplish this exact task. The basic steps: make a new keychain (with a secure, complex password) and save it to your removable media; once that's done, set your default keychain (where Mac OS X will put new password saves automatically) to the new, portable keychain. From that point on, you can take your passwords with you -- just don't forget to back up that USB drive somewhere safe. Thanks, Mo.
Secure your Mac: Crouching user, hidden folder
Here are a few very simple steps you can take to enhance your Mac's security - not exactly the U.S. Government's Advanced Encryption Standard (AES) algorithm, but enough to thwart many end-users.Create a guest user accountOccasionally, someone will ask me, "May I quickly check my email on your computer? Just real quick..." (often these are Windows users who need an excuse to play with the MacBook Pro). "Sure," I say, but before I hand over the reigns, I switch to my guest user account. Here's how you can create one. Click System Preferences, then Accounts Click the small "+" icon at the bottom of the window In the sheet that appears, set up your guest account. I got fancy and named mine "guest," with a password of "guestpw," but you can choose whatever you like. De-select "Allow user to administer this computer." Now, when someone "borrows" my computer to check their mail, they see an empty home folder, blank email client...the works. Even the rude ones who try to quickly peek won't find anything.Create a hidden folderMac OS X automatically hides a folder that begins with a period. We can use this to our advantage and create a secret folder. However, it's not as easy as creating a folder in the Finder and naming it ".MyPrivateStuff." But it's not difficult, either. Open Terminal. By default, you're in your Home directory Create a new folder with a "." as the first character using the "mkdir" command, like this: mkdir .MyPrivateStuff Hit return. You're done! So how do you access that folder from the Finder? Navigate to your Home folder (open a new window and click the little house in the left sidebar). Now, select "Go to folder..." from the menu bar. Enter the name of the folder you created, including the period (in my case, .MyPrivateStuff). Presto! Your hidden folder appears in the Finder window. Now populate it with your "secret" stuff (financial in nature, of course). One caveat: The Finder "remembers" the last folder you visited with this method, so be sure to "Go to..." a benign folder before you walk away.Combine the two tipsIf you really want to get fancy, combine the two tips: Create a new user account that does nothing but store your secret folder(s). Again, this isn't military-grade security, but simple techniques that you can use as an extra layer of protection for some of your stuff. Good luck.
Secure Your Mac: a new TUAW series
Many in the Mac community feel as though OS X, and Macs in general, benefit from some special aura of security. It is true that there are no known viruses for OS X in the wild, but that doesn't mean that we Mac users can let down our guard. We live in an age where more and more of our personal information stored on our computers, one nice, tidy present for any would be identify thieves. Once some ne'er do well gets their hands on your Mac, you could very well be in deep, deep trouble. I know you don't think it could happen to you, but neither did the folks who left their machines at this Apple Store for servicing.We at TUAW feel it is our duty to help you help yourself, and protect your Macs. Today we are introducing a new series called 'Secure your Mac' in which we will offer up tips, tricks, and howtos all designed to help your Mac stay safe in our troubling times. Some of these tips will be rather straightforward, and others might be entirely new to you. We hope that you not only learn a few things, but that you implement some, if not all, of these tricks so that you can sleep a little more soundly at night.
