<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Josh More on Mac OS X Security</title></head><body>
<div>We had a fascinating meeting last night [reminder, it's every
fourth Tuesday at 7p at Haddock Computer, on 73rd St.] on Security for
your computer running Mac OS X. Josh is a security specialist at
Alliance Technologies and while at times the concepts were a bit
arcane for most, he was very clear and helpful in bringing them to the
rest of us. Great job and I'm going to summarize the meeting in
the following bullet points:</div>
<div><br></div>
<div>Mac OS X is no more secure than any other OS, and it too needs to
have protective steps taken to prevent theft, breakage, hacking and
the like. The test of how paranoid you need to be and how secure
you should be is: how and where is your data stored and how
could someone use it against you? If your on line banking
records are on your computer, they're not safe if you don't take steps
to protect them. If your personal family information, health
history, etc., is on your computer, it's not safe if you don't take
steps to protect it. If your business records are there,
you have obligations to those clients or businesses to protect them
from access by others. If you have written the Great
American Novel, the Greatest Piece of Music, its special nature is
compromised if it's not secured. In other words, it's NOT
paranoia, it's a necessity to be concerned about security whether
you're a home user or someone with other needs as well.</div>
<div><br></div>
<div>There are Command Line [Terminal] steps that can be taken to<i>
really</i> make an OS X machine secure against dangers, but those are
not for the faint of heart and probably better done by someone used to
the steps needed [I know my rule is don't mess with Terminal -
fortunately, there are lots of free and shareware applications that
can be of asistance here]</div>
<div><br></div>
<div>The whole issue of<b> Physical Security</b> is forgotten, but
it's really the first and primary barrier: you need to make sure
no one has access to your computer/data through theft, hacking, etc.
Once someone gains entry to your computer and its data, they can take
information and use it to hurt you or others. So you need to
prevent thefts, stolen laptops or harddrives or USB Flash sticks, and
the Q is how to do that. There are plenty of good software
resources for that [more information will be on the website of DMMUG,
www.DMMUG.org].</div>
<div><br></div>
<div><b>Use a Lock</b>: cables with keys or combinations lock to
the computer thru its locking port and you attach it then to some
immoveable object [don't tie it to a chair or pillow and expect it not
to wander away]. If some determined thief comes across it,
he/she will turn and steal someone else's unlocked laptop and yours
will probably be safe.</div>
<div><br></div>
<div>There are alert systems, tracking down systems and the like which
also deter theft or, if it happens, finds the culprit and lets you rip
them limb from limb. [There are more advanced technical steps
within OS X such as setting up the open firmware or EFI to require
passwords before booting and the like, which may be worth
exploring]</div>
<div><br></div>
<div>Disable the Microphone and iSight in your computer, since access
to them could allow someone to steal images or sounds from a highly
confidential meeting [again, whether or how much you may need this
depends on your circumstances; it's certainly something to
askthe IT department personnel about].</div>
<div><br></div>
<div><b>Reset the various OSX defaults:</b> there is a tradeoff
between Security and Useability and Apple's defaults err toward the
latter. So, if you want a more secure machine you will have to
jump through some hoops to use it, but it'll be more protected, your
data will be more protected, and the hoops won't be that difficult to
handle given the pay back. (1) in System Preferences, set the
machine to go to sleep regularly and require a password to wake it
from sleep, (2) disable the IR [infrared], (3) use an encrypted Disk
Image created by<b> Disk Utility</b> [free program, part of Utilities
in OSX] to store things that you want protected especially and use
AES-128 security to encrypt, (4) reset your Account preferences to
keep the Administrative user only for limited purposes and use only a
Standard account for yourself, (5) limit the number of Log In items to
those you really need and recognize.</div>
<div><br></div>
<div><b>Have a good way to generate passwords and use it.</b>
Passwords should have: uppercase and lower case letters, numbers
and punctuation. They can be created in and stored in Keychain
Access [an encrypted file reachable thru a special password you better
remember, again a free program in the Mac OS X Utilities].
There're also programs such as 1Password and Password Wallet that
leverage the keychain and allow for all sorts of things to be secured,
remembered and accessed beyond the main computer [such as thru syncing
with Treos, iPhones, .Mac etc.] [shameless plug, I have a
Password Algorithum article I wrote on my website for download,
http://www.herringlaw.com/publications.html ]</div>
<div><br></div>
<div><b>Use your Firewall:</b> You need to prevent easy access
to your computer by those who would come into it thru wifi or landline
or whatever and get your data. If you don't both set up your
software OS X Firewall [Sharing pane in System Preferences]<i> AND</i>
have a hardware firewall between the cable or DSL modem and your
computer, you are asking for trouble.</div>
<div><br></div>
<div>Turn off sharing of Printers. In fact, in larger
enterprises with those fancy new large printers, there are people
hacking the printers and then getting into the network, so closing the
printer system to unnecessary access is vital [again, tell your IT
folks].</div>
<div><br></div>
<div><b>QuickTime</b> is a major security hole - apply all updates and
security patches, disable Auto Play and Instant On in the
preferences.</div>
<div><br></div>
<div>Be sure to Security Empty Trash and Secure Erase FreeSpace to
prevent information being leaked; Secure Virtual Memory [all
these terms are in the OS X Help area or googleable]</div>
<div><br></div>
<div><b>Get a Virus Program</b> - Macs can have viruses and, more to
the point, pass them on if they are received. Be good to
yourself and your data and protect it from viruses. I use
VirusBarrier, there are programs from Symantec, Virex [a bit old],
Sophos, and free programs ClamAV and ClamXAV. And be sure to
update your definitions regularly, and run it.</div>
<div><br></div>
<div><b>Wireless is like Radio</b> - it not only receives data, it
sends it. You need to make it difficult for people to steal or
obtain your wireless signal or use it to access your comptuer.
Use encryption of messages and material over wireless, set up your
Airport Utility to use WPA security. </div>
<div><br></div>
<div><b>Practice Safe Computing:</b> don't click on links in emails -
enter the URL directly in the browser instead; if you can, use
cable not wireless, in public hotspots [coffe cafes, city libraries,
other general access points] do NOT do any banking or handling of
extremely confidential information. The old saw about 'you're
not paranoid, they really are out to get you' holds true -- maybe no
one is targeting<i> you</i>, but they will target your data and use it
for their own purposes [and hurt you in the process]. Make it
hard to do so.</div>
<div><br></div>
<div>Your banks, brokerage accounts and other such are all interested
in security. Don't pay attention to emails from them [probably
spoofs or phishing] but go to your bank's or credit card or brokerage
sites and check their information on security. Lots of good tips
there too.</div>
<div><br></div>
<div>A great and helpful program no matter the OS, but a good wakeup
call for OS X users. </div>
<div><br></div>
<div><br></div>
<x-sigsep><pre>--
</pre></x-sigsep>
<div><font size="-1" color="#000000"><b>Victoria L. Herring, Attorney
in Des Moines, Iowa</b> - Civil rights, Discrimination &
Employment Law, http://www.herringlaw.com. Ph. 515/255-4475;
iChat AV: victoriaherring@mac.com; Skype:
vlherring.</font></div>
</body>
</html>