OS X Security BasicsOS X Security BasicsKhürt L. Williams, CISSP, CRISCKhürt L. Williams, CISSP, CRISC

AgendaAgenda

Initial setupInitial setup

PrivacyPrivacy

FirewallsFirewalls

Staying safe onlineStaying safe online

Staying updatedStaying updated

QuestionsQuestions

Macs don’t get viruses!Macs don’t get viruses!

Macs are secure?Macs are secure?Borrowing from MacDefender (2011) while Borrowing from MacDefender (2011) while applying important innovations of their own, the applying important innovations of their own, the creators of the notorious Flashback botnet creators of the notorious Flashback botnet (aka, OSX/Flshplyr) infected more than 600,000 (aka, OSX/Flshplyr) infected more than 600,000 Macs in the spring of 2012.Macs in the spring of 2012.

... malware such as OSX/Morcut-A (aka Crisis), ... malware such as OSX/Morcut-A (aka Crisis), first discovered in late July 2012, presents first discovered in late July 2012, presents greater risks.greater risks.

Windows malware hiding quietly on Macs.Windows malware hiding quietly on Macs.

Java and Flash are deadly to MacsJava and Flash are deadly to Macs

LATEST SECURITY LATEST SECURITY UPDATESUPDATES

12/11 12/11 Google Closes Six Security Holes with Chrome UpdateGoogle Closes Six Security Holes with Chrome Update

12/11 12/11 Adobe Flash Player Update Resolves Three FlawsAdobe Flash Player Update Resolves Three Flaws

11/2111/21Mozilla Patches 16 Vulnerabilities with Firefox 17 UpgradeMozilla Patches 16 Vulnerabilities with Firefox 17 Upgrade

11/21 11/21 Opera Software Releases Opera 12.11, Fixes High Severity FlawOpera Software Releases Opera 12.11, Fixes High Severity Flaw

11/16 11/16 Apple Updates XProtect Malware Definitions for Latest Imuler VariantApple Updates XProtect Malware Definitions for Latest Imuler Variant

11/14 11/14 Microsoft Updates Office 2008 and 2011 for Excel VulnerabilitiesMicrosoft Updates Office 2008 and 2011 for Excel Vulnerabilities

11/7 11/7 Opera Browser Upgrade Adds New Features for Mountain Lion, Patches Six VulnerabilitiesOpera Browser Upgrade Adds New Features for Mountain Lion, Patches Six Vulnerabilities

““Security is a not a product, Security is a not a product, but a process.” — Bruce but a process.” — Bruce SchneierSchneier

““Setup Assistant configures the first Setup Assistant configures the first account on the computer as an account on the computer as an

administrator account. Administrator administrator account. Administrator accounts should only be used for accounts should only be used for

administration. Users should use standard administration. Users should use standard user accounts for day-to-day computer user accounts for day-to-day computer

use.” ~ Apple Security Configuration use.” ~ Apple Security Configuration GuidelinesGuidelines

Create a standard account/disable administrator for all Create a standard account/disable administrator for all active usersactive users

Use password assistantUse password assistant

Disable Guest accountDisable Guest account

Parental ControlsParental Controls

Limit applicationsLimit applications

Limit web accessLimit web access

Turn off automatic loginTurn off automatic login

Require a password to modify preferencesRequire a password to modify preferences

Users & GroupsUsers & Groups

““Security is the enemy of Security is the enemy of convenience and convenience is convenience and convenience is the enemy of security.” ~ John Earlthe enemy of security.” ~ John Earl

Block all incoming connectionsBlock all incoming connections

Allow only essential servicesAllow only essential services

SharingSharing

NetworkNetwork

Deactivate unused servicesDeactivate unused services

AirportAirport

Disable when no in useDisable when no in use

Only use WPA/WPA2 on personal networkOnly use WPA/WPA2 on personal network

Use VPN when using public Wi-FiUse VPN when using public Wi-Fi

BluetoothBluetooth

EthernetEthernet

FireWireFireWire

Security & PrivacySecurity & Privacy

Disable automatic loginDisable automatic login

Require password after sleepRequire password after sleep

Recommend 15 minutesRecommend 15 minutes

Choose how apps can run (GateKeeper)Choose how apps can run (GateKeeper)

Safe download listSafe download list

Choose how to share personal dataChoose how to share personal data

Security & PrivacySecurity & Privacy

Mac App Store – Only apps that came from the Mac App Store – Only apps that came from the Mac App Store can open.Mac App Store can open.

Mac App Store and identified developers Mac App Store and identified developers (default in OS X Mountain Lion) – Only allow (default in OS X Mountain Lion) – Only allow apps that came from the Mac App Store and apps that came from the Mac App Store and developers using Gatekeeper can open.developers using Gatekeeper can open.

Anywhere – Allow applications to run regardless Anywhere – Allow applications to run regardless of their source on the Internetof their source on the Internet

““The user's going to pick dancing The user's going to pick dancing pigs over security every pigs over security every time.” — Bruce Schneiertime.” — Bruce Schneier

Wild Wild Web (WWW)Wild Wild Web (WWW)

Do no allow Safari to open safe filesDo no allow Safari to open safe files

Uninstall/disable FlashUninstall/disable Flash

Uninstall/disable JavaUninstall/disable Java

Use a password manager — 1PasswordUse a password manager — 1Password

Block third part cookiesBlock third part cookies

Turn on “Do not Track”Turn on “Do not Track”

Be careful with extensionsBe careful with extensions

Macs don’t get viruses?!Macs don’t get viruses?!

ClamXav (Free)ClamXav (Free)

Symantec iAntivirus (Free)Symantec iAntivirus (Free)

Kaspersky Virus ScannerKaspersky Virus Scanner

Intego VirusBarrier (Free)Intego VirusBarrier (Free)

Sophos Anti-Virus (Free)Sophos Anti-Virus (Free)

Did you get your flu shot Did you get your flu shot this year?this year?

Update Mac software regularly/dailyUpdate Mac software regularly/daily

App Store (Snow Leopard/Lion/Mountain App Store (Snow Leopard/Lion/Mountain Lion)Lion)

Software Update (Leopard and prior)Software Update (Leopard and prior)

Built in app updateBuilt in app update

AV SignaturesAV Signatures

Other toolsOther tools

1Password1Password

OpenDNS/UmbrellaOpenDNS/Umbrella

Our efforts must focus on protecting and Our efforts must focus on protecting and empowering end users—no matter what empowering end users—no matter what platform, device, or operating system they platform, device, or operating system they choose. ~ Sophoschoose. ~ Sophos

““Trust but Trust but verify.” — Ronald verify.” — Ronald ReaganReagan

Questions?Questions?

LinksLinksUmbrella (Umbrella (http://www.umbrella.comhttp://www.umbrella.com))

OpenDNS (OpenDNS (http://www.opendns.comhttp://www.opendns.com))

ClamXav (ClamXav (http://www.clamxav.comhttp://www.clamxav.com))

VirusBarrier (VirusBarrier (http://www.intego.comhttp://www.intego.com))

1Password (1Password (https://agilebits.com/onepasswordhttps://agilebits.com/onepassword))

Apple Security Guides Apple Security Guides ((http://www.apple.com/support/security/guidehttp://www.apple.com/support/security/guides/s/))