Some configuration tips
This guide is inspired by @SwiftOnSecurity’s Decent Security, which is a Windows oriented guide to security for everyone. The information below is mostly a list of settings to configure, but as Decent Security notes, security is an ongoing process. Please remember that you’ll want to regularly update your software and be aware of phishing and other risks, even after you’ve followed these tips. In addition, topics like using a password manager, which can be one of the most important security steps you take, are currently not covered here.
Making sure that your Mac’s operating system software and applications are up to date is one of the most important steps to do. If you follow nothing else on this page, please follow this advice!
App Store: Update Mac OS X
Updating Mac OS X Software is usually done through the “App Store” program. From anywhere on your mac, go to the Apple Menu in the upper left (it’s the apple in the very top left of your screen) and select App Store. When the App Store window opens, click on the “Updates” icon towards the top right of the window.
If any updates are available, you will see them listed here. You can click “Update All” to install them.
If you use Safari as a web browser, it will update through the App Store. Your Chrome and Firefox web browsers, however, will update themselves if you configure them to do so.
To update Chrome, launch it, and go to the “Chrome” menu and choose “About Chrome” from the menu. If an update is available, you will see it listed here. If you’ve configured automatic updates, it may prompt you to re-start Chrome to apply the update. If you don’t have automatic updates turned on, you can enable that here as well.
Firefox has a similar method of updating. First, open Firefox, then go to the “Firefox” menu and choose “About Firefox.” You will either see a message that it is up to date, or it might prompt you to restart if it has downloaded an update.
To enable automatic updates in Firefox:
- go to the “Firefox” menu
- choose Preferences
- Click on “Advanced” at the bottom of the left menu
- Click on “Updates” in the bar across the window under Advanced
- Select “automatically install updates”
Much of the work in security for Mac OS X is done by setting up system preferences to secure settings. This section will walk through them and help you configure them.
To open System Preferences, go to the Apple menu in the top left of your Mac’s screen and choose “System Preferences”
Desktop & Screensaver
- Open the Desktop & Screensaver preference
- Click On Screen Saver, and set a time for it to begin from the dropdown
- Next click on Hot Corners and make sure that none of them are set to disable the Screen Saver
- Within Hot Corners, you may want to select one to turn on the screen saver
Security & Privacy
This is a big one, so we will go tab by tab. First, click the lock in the lower left to enable changes and enter your password.
- Under “General” click “require password” and set a time such as 20 minutes
- Further down on the page, under “Allow apps from” you should select “Mac App Store” for the safest setting. You could also choose “Mac App Store and Identified developers” if you know that you sometimes download tools outside of the Mac App Store
This tab helps you set up encryption for your mac. We will skip for now, but it’s covered further down under “Advanced”
- Click “Turn on Firewall” if it is not on
- Click Firewall options
- Check “enable stealth mode” to enable it if it is off
- Click OK in the options popup
- Check the applications listed here and make sure that they are all ones you are comfortable granting location access to, or access to your calendar and contacts
Energy Saver Control Panel
- Disable “Wake for network access”
(This setting is another one where you should consider how you use your Mac. If you do not use printer sharing, or iTunes or iPhoto sharing, you can turn this setting off. If you do use those features, you may want to keep it enabled. See Apple’s notes on this feature.)
Date & Time
- Open the “Date & Time” Control panel
- Find “Set date and time automatically” — it may be grayed out
- If it is grayed out, click the “lock” icon in the lower left to enable it. If prompted, enter your password.
- Check to enable “Set date and time automatically”
Network Control Panel
- Check to enable “show Wi-Fi status in the menu bar”
- Under Network Names in the middle, check off “Ask to join new networks”
While here, you can remove old wifi networks that your computer has saved.
- Select Wi-Fi in the left column
- Click on Advanced button on the right
- A new window will open. Click on a network name you want to remove
- Click the “-” icon (it’s next to the “+” icon below the list of the network names)
- When you are done removing networks, click OK
Sharing Control Panel
- Look through the list of sharing services.
- Unless you have a specific reason to leave any of them on, the safest option to to uncheck all the sharing options
- Check “Find my Mac” to enable it if it’s not already
- If you’d like to sync passwords using keychain, check Keychain
- Click Options next to keychain
- Check “allow approving with security code” if you have an iphone or iPad that you want to approve access to your keychain from. This means that if you get a new laptop, or new ipad, for example, and add that device to your account to share a keychain, Apple will send a verification code to a device you already have set up. You will enter that verification code on the new device. This is a type of two-factor authentication, and can be helpful to enable.
- Make sure a verification number is set. This should be a number that can receive SMS messages.
- Click “Show bluetooth in menu bar”
- To enable/disable bluetooth click “Turn Bluetooth On”/”Turn Bluetooth Off” on the left side of the control panel
Users & Groups
- Click the lock to make changes
- Click on Guest User in the left
- Uncheck “allow guests to log in”
- Uncheck “Allow guest users to connect to shared folders”
These are other things that you should do to ensure safe computing:
1. Click on your desktop to activate the Finder menu (next to the Apple menu in the top left)
2. Select Preferences
3. Click on Advanced
4. Select show all filename extensions
You might also consider covering your laptop’s camera with a sticker. EFF sells very nice 5 packs that have special adhesive so that they are removable & reusable.
Oversight is a tool that you can install which monitors when the computer’s camera and microphone are activated. It puts up a notification on your desktop, and can be a good safety check since some malware and spyware surreptitiously activates these.
You can turn on full disk encryption using the built-in FileVault tool on your Mac. Before you begin, connect your mac to a power cord and make sure that you have plenty of time for the encryption process to run, as it can be slow.
Open System Preferences, and the the Security control panel. Click on “Security and Privacy” and then click on the FileVault tab. Click on “Turn on FileVault” and follow the prompts.
To learn more & read Apple’s official directions, see their FileVault Guide.
Setting Keychain Timeouts
1. Open your Applications folder, then your Utilities folder, and choose Keychain Access
2. Select a keychain
3. Select Edit
4. Select Change Settings for keychain
5. Change the Lock after number of minutes of inactivity setting
6. Select Lock when sleeping setting