....Several factors have recently modified Macintosh user's traditional feelings of invulnerability. The popularity of Mac OS X has increased dramatically in recent years, because of this hackers, government spies, identity thieves, and cyber terrorists are now focusing their attention on exploiting holes in Mac OS security. Several Trojan horses have surfaced which take advantage of these security holes. Granted, Apple has been quick to issue patches which protect users from these particular malware attacks (these are included in the most recent OS X Security Updates). But the fact remains that we Mac users are no longer invulnerable to attack, and additional steps must be taken to maintain computer and online security.
....Mac OS X users should not despair about the shifting security landscape. This is just a new dimension we must incorporate into our contemporary post 9/11 reality. OS X (especially Tiger) is still the best and most secure operating system on the planet. But additional steps should be taken to enhance your Mac's built-in security systems.
..Step 1. Use strong passwords!
It is absolutely essential that Mac users use strong passwords. Notice that I specify "passwords" (plural). It is dangerous to use one password for every login. Many people use their email password for various other online uses. If a hacker, shoulder surfer or other do-badder records your email password, they have just stolen the key to the kingdom!
Basic password rules:
A. Do not use the names of family, pets or nicknames as passwords. These are the first ones hackers try out.
B. Do not use common words, or words found in the dictionary. Hackers can run every word in the english language in minutes and discover yours.
C. Use "strong" passwords that are six or more characters, and that incorporate either numerals and/or symbols. Example: aardvark - not a good choice as it is the first word in the English dictionary. But @@rdv@rk5 is a better choice as it transposes @'s for the a's and inserts a numeral. Alphebetical O's can also be replaced by numeral 0's, etc. Some people purposely mispell passwords to make them stronger.
D. Do not record and store your passwords in your wallet, PDA or computer. It is best to either memorize them, or if they are too numerous, use your OS X Keychain Access Utility. If you must store multiple passwords on your Mac, do so in a password protected database like Filemaker Pro. And don't name the file "secret passwords."
E. Don't give out your passwords to anyone, not friends, family or even computer service geeks. They may not be as careful guarding your passwords as you are. If someone does inadvertantly learn your passwords... change them immediately.
F. Change passwords on a regular basis. It is a good idea to modify your passwords periodically. Although this makes additional demands on you, it does provide increased protection. There are a number of free password generation applications and widgets available that create strong random passwords for you. I don't personally use these utilities, but they seem useful and reliable.
Administrative password - When setting up your Mac for the first time, you will be asked to provide an administrative password. This password is used to protect your Mac from unauthorized tampering in your home or work environment. It also protects the Mac from hackers trying to gain access through the internet or a local network. Any time you attempt to install a new software program thereafter, you will be asked to re-enter this password. You will also be asked for the administrative password if you do anything that could be construed as potentially suspicious or hacker-like. Follow the Basic Password Rules for creating and safeguarding your administrative password. Don't use your email password, children, pets or common names.
.. Step 2. Set login password(s) on startup
It is very important for your Mac security to require a password)s) when starting up the computer. This is done by:
A. Going to "System Preferences," click on "Accounts," then click on Login Options. You will be asked to supply your administrative password to access the loggin options.
B. Uncheck "Automatic log in as:" The Mac will then require a password on startup.
C. make sure that the "Display login window as" is set to: "List of users" Each user should have their own private password, unknown to the others.
.. Step 3. Create a seperate user account for each individual using your mac
If more than one user accesses the Mac, create a separate account for each. This is done by:
A. Access "System Preferences," click on "Accounts," click on lock icon at bottom, then enter administrative password.
B. Click the "+" symbol to add new account. Enter user's name, and then have them supply their password.
When the computer starts up, it will present the names of the authorized users. Each one will have to click on their name, and then enter their password to gain access to their private section of the Mac. Their files, bookmarks, email etc. are separated and kept private from the others.
.. Step 4. Enable Firewall(s)
A. Open System Preferences from Blue Apple Menu, or from the System Preference Icon in your Dock.
B. Click once on the "Sharing" icon in the Internet & Network category.
C. Click once on the Firewall Tab. This will bring up the Firewall Preference panel.
D. Click the "Start" button to enable Firewall. The fewer access are ports checked, the better. These are portals into your Mac from networks and the internet.
E. While still in the Firewall Preference panel, click on the "Advanced" button. This brings up additional sharing options.
F. Check both "Enable Firewall Logging" and "Enable Stealth Mode." Firewall logging keeps a log of Firewall Activity, including blocked attempts at access from outside. Stealth Mode makes Tiger users virtually invisible to outside hackers attempting to "ping" their home network. "Stealth Mode" does not make users invisible on the internet. Your IP address will still show up on every site you visit, unless you take further measures to mask your IP Address (see: stealth surfing, proxy servers, anonymizers and IP masking).
.. Step 5.
Clean up your act. Users can significantly reduce their personal threat levels and avoid attreacting the attention of online spies by avoiding sites, chat rooms, and topics that are illegal, immoral or politically sensitive. Although users may naively believe that they are safe in the privacy of their own homes, this is an illusion. Intelligence and IT professionals inform me that ALL internet and email activity is now routinely monitored, sifted and data-mined. Whenever you access a government website, your access is logged, your IP address is recorded, and a magic Cookie is inserted into your browser.
.. Step 6. Managing Browser Cookies
"Magic Cookies" identify, track and record user information, which is then surreptitiously transmitted back to the parent corporation, nonprofit organization or govenrment agency, etc. Most of the uses of cookies are completely benign, but they can also be used to monitor and track users.
....Some people elect to turn off cookies (within their web browser preference settings), but this effectively disables the browser, as cookies have become an essential component of browser operation. This is how NetFlix remembers your movie preferences, and eBay keeps track of your loggins and transactions.
....Unfortunately, cookies are also being used to identify users, collect information, chart surfing habits and then forward this information to databases maintained by parent corporations, institutions and governmental agencies. I recently downloaded an unclassified NSA security manual designed to help NSA employees configure their MAC OS X security systems. Following a hunch, I immediately checked the cookies in my Safari web browser, and found that the NSA had inserted a spy Cookie into my browser:
"Cookies have been of concern for Internet privacy, since they can be used for tracking the browsing of a user. As a result, they have been subject to legislation in various countries such as the United States, as well as the European Union. Cookies have also been criticised because the identification of users they provide is not always accurate and because they can be used for network attacks." - http://en.wikipedia.org/wiki/Web_cookie / 5.3.06
Managing Cookies - It is essential that internet users become adept at managing their browser cookies. To do so:
A. Pull down the Safari menu (top left of screen) to "Preferences."
B. Click on the "Security" icon. Near the bottom of the Security Panel is a button that reads: "Show Cookies." Click the button. It will bring up a list of cookies that are presently installed in your browser preferences. If you have never looked at these before, the list can be very lengthy. Do not be dismayed!
C. Weed out unwanted browser cookies on a regular basis. If you do not know the origin of a particular cookie... trash it! Keep the cookies that originate from sites that you frequent, and remove the rest. To do so:
D. Simply select the cookie (or "shift" key to select multiples), and then click on the "Remove" button. Cookie removal should be done on a regualr basis. If you accidentally remove one you wanted to keep, don't worry; the next time you access that site another cookie will be added.
.. Step 7. Don't "erase" sensitive files... Eradicate them
You will notice that there are two "Empty Trash" options under the "Finder Menu" (while at the desktop): "Trash" and "Secure Empty Trash." Using the "Trash" command gets rid of the file, but it can still be recovered using Norton System Suite or Techtool Pro. When you choose the "Secure Empty Trash." option the file is overwritten with zeros and ones and is therefore unrecoverable.
.. Step 8. Using "File Vault"
File Vault is a powerful security utility supplied free with OS X that allows users to encrypt and password protect the contents of their personal user accounts (all of the files and data stored in their "home folder." When FileVault is enabled in the "System Preferences/Security Utility" it creates a separate volume (disk image) and encrypts the Home Folder contents. This data is encoded using the latest government-approved encryption standard; AES-128 or 128-bit encryption keys.
....APPLE WARNING: "If you turn on FileVault and then forget both your login password and your master password, you will not be able to log in to your account and your data will be lost forever."
....FileVault is a very useful system for protecting sensitive data. But it does take time to encrypt and de-encrypt the data. It also asks users if they want to "recover unused disk space" in filevault prior to shutting down the Mac. This takes additional time.
Note: An additional security feature often overlooked in the "System Preferences/Security Utility" is the option for requiring a password when waking "this computer up from screen saver of sleep mode." If the computer is left on and unattended, anyone that passes by can access it. It a password is required when waking the computer up, their access is denied.
.. Final Words:
As previously mentioned, Apple Macintosh computers come very secure right out of the box. This is the main reason that the NSA considers Tiger to be the most bulletproof OS on the planet. It reccomends OS X to its agents to protect their own personal information. The NSA even created a manual for configuring OS X for enhanced security. WARNING: Do not go to the NSA site for this .pdf, as they will tag you and place a Cookie in your browser to spy on you. If you want to download the NSA OS X configuration Manual safely from the-macman.com, click here.
Without incorporating additional security measures, everything you do online is wide open to scrutiny. We have abdicated our constitutional guarantees of privacy, and are being continually monitored! So follow the eight simple steps to increase your levels of online privacy, security and peace of mind.
This concludes Mac Security 101
• If you wish to learn more about digital security, online invisibility, encryption, anonymous web surfing, anonymous email, VOIP security and encryption, check back here soon. I am working on an a new Mac-based digital security website: Asylon - Secure Personal Communications
|
