MacFormat

admin

Securing your Mac, pt 2

Between September 2005 and July 2011 I was a regular contributor to MacFormat in the UK.

Whereas I’m posting the published articles for my MacWarehouse writing with the MacFormat ones I’ve decided to post the text as submitted, including any comments that I included for design. I am, however, allowing myself a few small edits for clarity.

The particular one is my sixth column, written in February 2006. This is presented purely as a historical record as much, if not all, of the information contained in it may well have changed in the meantime.

Securing your Mac, pt 2

In the last part of this article I discussed the risks that might occur with an isolated Mac. This month I’ll cover simple steps that you can take to secure that Mac from prying eyes. They won’t defeat a determined attacker but will help to stop the casual interest of the wrong person. You may not choose to take all of these steps but the more you do the more secure your Mac will be. The balance between convenience and security is ultimately your choice.

Have, and use, a firewall. Most Macs are connected to the internet for at least part of the day, some have a permanent connection via broadband. Statistics show that if an unprotected PC is connected to the internet it will probably be compromised in just a few minutes. Whilst Macs are more secure than PCs we cannot be blasé about our security. This article is too short to go into a great deal of depth about firewalls, I’ll save that for another time, but ensure that you turn on the one that is built into OS X and if you do have broadband make sure that either your router has a firewall built-in or you use a separate one. The OS X Firewall can be found by opening System Preferences, selecting Sharing and then selecting the Firewall tab. Turn the Firewall on and make sure that in the section labelled Allow you only have a check box against the services that you actually need.

Use a good password, and remember it. A password is of no use at all if all someone has to do is to look at a Post-It™ note stuck on your screen to find it. Use different passwords for different things. Don’t use names of pets or family, in fact don’t use real words at all. Mnemonics are useful, as it will be easier for you to remember a phrase than the individual characters and use a mix of upper and lower case and replace some of the letters with numbers or other symbols. Hidden away in OS X is the Password Assistant which will give you a good indication of the strength of your password. Open System Preferences and select the Security preference. Then click the button labelled “Set Master Password” and next to the Master Password box click on the question mark. The Password Assistant will now pop up and you can see how strong your own passwords are or try having OS X suggest some more secure ones for you.

Don’t have the Mac save passwords for you anywhere. It is very convenient to have your Mac start-up without having to enter a password, to connect to any servers automatically and to have usernames and passwords entered into websites for you. Life is much easier when you don’t have to remember all those passwords but what is a convenience when the rightful owner is sat in front of the Mac becomes a very real security risk when the wrong person is there. The more steps that someone has to go through to get to your information the more likely they are to give up before they get there.  The first place to start is back in the Security preference pane. Select “Disable automatic login” and “Log out after… minutes of inactivity”. These two items will ensure that all users of the Mac will need to log in using their password and if they stop using the Mac for a period of time they will be logged out and will have to log back in again. Also select “Require password to wake…” which, in conjunction with setting your screen saver to come on after a period of inactivity, will give you two levels of security if you walk away from your Mac whereby, for example, the screensaver will come on after 5 minutes and require your password to unlock your Mac and after 30 minutes you will be logged out completely. The screensaver can be configured in the Desktop & Screen Saver preference pane and by selecting the “Hot Corners…” button you can set a corner of the screen as being somewhere to start the screensaver immediately. By doing this all you have to do is to move your mouse to that corner of the screen for a few moments and the screen will be locked with your password.

As an aside all users of the Mac have a password but there are a surprising number that don’t know that they have one. You will have had to enter it when you started your Mac up for the first time in the account creation part of the Setup Assistant and you will need it every time you install software on your Mac. If you can’t remember it for whatever reason now is a good time to change it to a more secure one. Go to the Accounts system preference and select your user name, which should be listed under My Account and click on the “Change Password” button. You can access the Password Assistant to help with setting a secure password from here as well, but this time the icon for it is a key. It is also good practice to ensure that all users of the Mac have a separate account. You can always share pictures, music etc. by keeping them in the /Users/Shared/ folder but by having a separate account for each user you enable them to not only keep private information private but everybody can have their account setup the way that they like it with different desktop clutter, dock icons and Finder preferences.

admin

Securing your Mac, pt 1

Between September 2005 and July 2011 I was a regular contributor to MacFormat in the UK.

Whereas I’m posting the published articles for my MacWarehouse writing with the MacFormat ones I’ve decided to post the text as submitted, including any comments that I included for design. I am, however, allowing myself a few small edits for clarity.

The particular one is my fifth column, written in January 2006. This is presented purely as a historical record as much, if not all, of the information contained in it may well have changed in the meantime.

Securing your Mac, pt 1

As computers become an integral part of everyday life it becomes more important that you secure not only your Mac but, far more importantly, the data that it contains. From a business point of view the cost of the hardware itself should only be a minimal consideration, whilst you should take reasonable precautions to satisfy your insurance company replacing a Mac is a trivial expense compared to the cost of loosing business critical data, allowing someone unfettered access to your bank accounts or allowing commercially sensitive data out into the wild. For home users the cost of replacing a lost computer is a much bigger issue but it is still very important to consider what the thief will have access to if they manage to get their hands on an unsecured Mac.

In the first part of this article I am going to look at the security risks surrounding an isolated Mac, later I’ll look at issues affecting the network administrator and the steps that you can take to protect your data.

The important thing to ask is “what are you protecting and who are you protecting it against?”

The first part of this question seems easy to answer at first. You need to think about all the information that is stored on a computer; business or personal financial records are likely to be the biggest part but do you keep a file with the PIN numbers for all your bank or credit cards? What about the passwords you use for online banking, do you keep them on the computer, maybe with the account number so that you can remember which ones to use for each account? If you don’t do that maybe you save the password so that your web browser enters it automatically. A thief may not be able to read your password but they don’t need to is all they have to do is go to your bank’s website and Safari helpfully enters all the details automatically.

What other personal information do you have on your computer, information that could be used to impersonate you? Do you do Self-Assessment of Income Tax, if so you probably have your National Insurance number somewhere on the computer, as well as details of your employer. You may shred letters and bills that you receive through the post but what about those that you get via email or letters that you write on your Mac which include useful information such as details of loans or your mortgage?

When thinking about who you are protecting the data against here are a few things to consider:

Who has access to your computer? A thief can easily hide in plain sight, the office cleaner, the builder that you give a key to so that they can work on the house while you are out, you may trust a friend who comes in to water the plants when you are on holiday but who has access to the key that they have or what happens if they get broken into? The basic fact is that you may well not be aware that somebody has had access to your data until long after it has happened. Somebody does not have to actually steal your computer to be able to steal the data that is on it. You need to take precautions against the casual thief as well as the determined burglar.

If somebody does actually steal your Mac they can spend a lot more time trying to gain access to the data on it. The techniques that you use to deter the casual thief will generally only take a few minutes to overcome, enough to stop someone who wanders by your desk when it is unattended but not enough to be an inconvenience to you when you are using the computer. If someone can have access to your Mac for a long period of time much more serious measures need to be taken to stop them compromising your data. If you have a PowerBook or iBook you need to take strict security measures all of the time as it is just as easy to leave it in a taxi or have it taken from your table when you pop to the toilet as it is to have it stolen from your home or office.

In the next part of this article I’ll look at the techniques that you can use to protect your Mac from both the casual and more determined thief.