Mac OS X security / hardening best practices

Discussion in 'macOS' started by Avery1, Apr 16, 2010.

  1. Avery1 macrumors member

    Joined:
    Mar 14, 2010
    #1
    Today, I found that I can see the entire contents of my boot disk, when plugged into another machine, as a secondary disk. I did not expect encryption, but did expect some level of PW protection.

    I am much more familiar with UNIX and Windows security.

    What are the best practices for securing/hardening Snow Leopard?

    (I have seen the NSA document, Apple Document, and cisecurity.org benchmarks)
     
  2. hakuryuu macrumors 6502

    Joined:
    Sep 30, 2007
    Location:
    Lomita, CA
    #2
    If you want to protect your machine from being used as a target disk or booting from a disc, netboot, etc. you should set a Firmware password.

    http://support.apple.com/kb/HT1352
     
  3. Sedulous macrumors 68000

    Sedulous

    Joined:
    Dec 10, 2002
  4. John Kotches macrumors 6502

    Joined:
    Jan 19, 2010
    Location:
    Troy, IL (STL Area)
    #4
    And OS X is essentially a *nix underneath.

    When you attach a drive to another flavor of unix machine do you need to have a password to see the contents? Nope. Just the appropriate R/W permissions.

    Shutoff all non-essential services. The fewer paths there are into the machine, the harder it is to be hacked. Try a portscanner against the machine to see what TCP and UDP ports are listening as an additional step.

    There's obviously much more than that, but just by starting there you're ahead of the game.



    Then you are armed with more informatation than most.
     
  5. mac2x macrumors 65816

    Joined:
    Sep 19, 2009
    #5
    Could you recommend a portscanner? I would like to try that. PM if you wish.
     
  6. John Kotches macrumors 6502

    Joined:
    Jan 19, 2010
    Location:
    Troy, IL (STL Area)
    #6
    I usually use nmap for this type of stuff, http://www.nmap.org
     
  7. Avery1 thread starter macrumors member

    Joined:
    Mar 14, 2010
  8. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #9
    I would say do NOT use the OS X built-in firewall, it IMHO is for stupid users wo don't know about real firewalls. If you want real firewall protection and use the UNIX built-in command line IPFW without command line then look at WaterRoof. If that is to much for needs then look at NoobProof. For a comparison between the two look at this.
     

Share This Page