os x security basics for keeping your mac safe final
TRANSCRIPT
OS X Security BasicsOS X Security BasicsKhürt L. Williams, CISSP, CRISCKhürt L. Williams, CISSP, CRISC
AgendaAgenda
Initial setupInitial setup
PrivacyPrivacy
FirewallsFirewalls
Staying safe onlineStaying safe online
Staying updatedStaying updated
QuestionsQuestions
Macs are secure?Macs are secure?Borrowing from MacDefender (2011) while Borrowing from MacDefender (2011) while applying important innovations of their own, the applying important innovations of their own, the creators of the notorious Flashback botnet creators of the notorious Flashback botnet (aka, OSX/Flshplyr) infected more than 600,000 (aka, OSX/Flshplyr) infected more than 600,000 Macs in the spring of 2012.Macs in the spring of 2012.
... malware such as OSX/Morcut-A (aka Crisis), ... malware such as OSX/Morcut-A (aka Crisis), first discovered in late July 2012, presents first discovered in late July 2012, presents greater risks.greater risks.
Windows malware hiding quietly on Macs.Windows malware hiding quietly on Macs.
Java and Flash are deadly to MacsJava and Flash are deadly to Macs
LATEST SECURITY LATEST SECURITY UPDATESUPDATES
12/11 12/11 Google Closes Six Security Holes with Chrome UpdateGoogle Closes Six Security Holes with Chrome Update
12/11 12/11 Adobe Flash Player Update Resolves Three FlawsAdobe Flash Player Update Resolves Three Flaws
11/2111/21Mozilla Patches 16 Vulnerabilities with Firefox 17 UpgradeMozilla Patches 16 Vulnerabilities with Firefox 17 Upgrade
11/21 11/21 Opera Software Releases Opera 12.11, Fixes High Severity FlawOpera Software Releases Opera 12.11, Fixes High Severity Flaw
11/16 11/16 Apple Updates XProtect Malware Definitions for Latest Imuler VariantApple Updates XProtect Malware Definitions for Latest Imuler Variant
11/14 11/14 Microsoft Updates Office 2008 and 2011 for Excel VulnerabilitiesMicrosoft Updates Office 2008 and 2011 for Excel Vulnerabilities
11/7 11/7 Opera Browser Upgrade Adds New Features for Mountain Lion, Patches Six VulnerabilitiesOpera Browser Upgrade Adds New Features for Mountain Lion, Patches Six Vulnerabilities
““Security is a not a product, Security is a not a product, but a process.” — Bruce but a process.” — Bruce SchneierSchneier
““Setup Assistant configures the first Setup Assistant configures the first account on the computer as an account on the computer as an
administrator account. Administrator administrator account. Administrator accounts should only be used for accounts should only be used for
administration. Users should use standard administration. Users should use standard user accounts for day-to-day computer user accounts for day-to-day computer
use.” ~ Apple Security Configuration use.” ~ Apple Security Configuration GuidelinesGuidelines
Create a standard account/disable administrator for all Create a standard account/disable administrator for all active usersactive users
Use password assistantUse password assistant
Disable Guest accountDisable Guest account
Parental ControlsParental Controls
Limit applicationsLimit applications
Limit web accessLimit web access
Turn off automatic loginTurn off automatic login
Require a password to modify preferencesRequire a password to modify preferences
Users & GroupsUsers & Groups
““Security is the enemy of Security is the enemy of convenience and convenience is convenience and convenience is the enemy of security.” ~ John Earlthe enemy of security.” ~ John Earl
Block all incoming connectionsBlock all incoming connections
Allow only essential servicesAllow only essential services
SharingSharing
NetworkNetwork
Deactivate unused servicesDeactivate unused services
AirportAirport
Disable when no in useDisable when no in use
Only use WPA/WPA2 on personal networkOnly use WPA/WPA2 on personal network
Use VPN when using public Wi-FiUse VPN when using public Wi-Fi
BluetoothBluetooth
EthernetEthernet
FireWireFireWire
Security & PrivacySecurity & Privacy
Disable automatic loginDisable automatic login
Require password after sleepRequire password after sleep
Recommend 15 minutesRecommend 15 minutes
Choose how apps can run (GateKeeper)Choose how apps can run (GateKeeper)
Safe download listSafe download list
Choose how to share personal dataChoose how to share personal data
Security & PrivacySecurity & Privacy
Mac App Store – Only apps that came from the Mac App Store – Only apps that came from the Mac App Store can open.Mac App Store can open.
Mac App Store and identified developers Mac App Store and identified developers (default in OS X Mountain Lion) – Only allow (default in OS X Mountain Lion) – Only allow apps that came from the Mac App Store and apps that came from the Mac App Store and developers using Gatekeeper can open.developers using Gatekeeper can open.
Anywhere – Allow applications to run regardless Anywhere – Allow applications to run regardless of their source on the Internetof their source on the Internet
““The user's going to pick dancing The user's going to pick dancing pigs over security every pigs over security every time.” — Bruce Schneiertime.” — Bruce Schneier
Wild Wild Web (WWW)Wild Wild Web (WWW)
Do no allow Safari to open safe filesDo no allow Safari to open safe files
Uninstall/disable FlashUninstall/disable Flash
Uninstall/disable JavaUninstall/disable Java
Use a password manager — 1PasswordUse a password manager — 1Password
Block third part cookiesBlock third part cookies
Turn on “Do not Track”Turn on “Do not Track”
Be careful with extensionsBe careful with extensions
Macs don’t get viruses?!Macs don’t get viruses?!
ClamXav (Free)ClamXav (Free)
Symantec iAntivirus (Free)Symantec iAntivirus (Free)
Kaspersky Virus ScannerKaspersky Virus Scanner
Intego VirusBarrier (Free)Intego VirusBarrier (Free)
Sophos Anti-Virus (Free)Sophos Anti-Virus (Free)
Did you get your flu shot Did you get your flu shot this year?this year?
Update Mac software regularly/dailyUpdate Mac software regularly/daily
App Store (Snow Leopard/Lion/Mountain App Store (Snow Leopard/Lion/Mountain Lion)Lion)
Software Update (Leopard and prior)Software Update (Leopard and prior)
Built in app updateBuilt in app update
AV SignaturesAV Signatures
Our efforts must focus on protecting and Our efforts must focus on protecting and empowering end users—no matter what empowering end users—no matter what platform, device, or operating system they platform, device, or operating system they choose. ~ Sophoschoose. ~ Sophos
LinksLinksUmbrella (Umbrella (http://www.umbrella.comhttp://www.umbrella.com))
OpenDNS (OpenDNS (http://www.opendns.comhttp://www.opendns.com))
ClamXav (ClamXav (http://www.clamxav.comhttp://www.clamxav.com))
VirusBarrier (VirusBarrier (http://www.intego.comhttp://www.intego.com))
1Password (1Password (https://agilebits.com/onepasswordhttps://agilebits.com/onepassword))
Apple Security Guides Apple Security Guides ((http://www.apple.com/support/security/guidehttp://www.apple.com/support/security/guides/s/))