On Apr 6, 2005, at 8:11 AM, Cotty wrote:
On 6/4/05, Godfrey DiGiorgi, discombobulated, unleashed:
(Note that the default Mac OS X configuration, out of the box, is *not*
a proper security-managed Mac OS X system.)
Godders, can you point me towards a decent URL that goes into detail about how one can properly manage the security in OS X?
I've found this to be a reasonably good security primer for Mac OS X: http://www.macdevcenter.com/pub/a/mac/2004/02/20/security.html?page=1 It makes reference to several books that are worth reading too.
The basics:
1- create ONE administrator account, use it ONLY for installation of software and management of the system.
2- make all other accounts standard or controlled user accounts. Always do your work in a user account.
3- turn on the built in firewall and other security features.
4- turn off auto-login, particularly if you're in a shared-use environment. Set the screen saver to require password authentication to re-enter your account. You might want to lock down all System Preferences that can globally affect the config too (make them require authentication) and consider locking the programs in /Applications/Utilities off from user accounts.
5- be sure to use Software Update and get all Security Updates on a regular basis.
Just that covers a tremendous amount of ground towards promoting a low-risk computing environment.
The biggest deficiency in the system configuration, as delivered, is that it is configured for ease of setup and initial configuration ... the first person to set up a system is automatically an administrator account with auto-login turned on. And the built-in firewalling is not turned on. These are
Godfrey
