New System New Policies (security/privacy chit chat)

Discussion in 'macOS' started by Floris, Jun 7, 2017.

  1. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #1
    Sup guys,

    This seems to be the perfect time to talk with those with the experience and those without, about the privacy and security on your new system. If you buy a new system, starting fresh, maybe it's a great moment to also think about what to do..

    Maybe it's the right moment to consider not connecting it to the network just yet. And do a few things to help you feel a bit more secure online when you do?

    I am talking about things like.. (and very much so open to your suggestions that are helpful for new/advanced users)

    -- Bios/EFI - Firmware password
    (cmd+r - it's under utilities)

    -- root/admin account - A serious account needs a serious password
    (https://support.apple.com/kb/PH25796?locale=en_US&viewlocale=en_US)

    -- regular accounts - One or more alternative accounts for specific ends (personal, family, kids, work, media, services/daemons/servers)

    -- guest account - maybe consider turning it off, or leave it on if you get a lot of 'friends' that need to use the web for a bit.

    -- FileVault - Full disk encryption
    (https://en.wikipedia.org/wiki/FileVault)

    -- external drive encryption - right click on a usb drive, encrypt it.. let it run for a while, no big deal.
    (https://support.apple.com/kb/ph21791?locale=en_US i dunno if this is perhaps default in macOS now)

    -- dnssec/dnscrypt - consider securing the dns, and/or use a public dns vs the isp one.
    (8.8.8.8 / 8.8.4.4 - dnsmasq and dnscrypt might require brew)

    -- firewall - little snitch, or alike software (or hardware if you have it) firewall and work with it to help you catch naughty behavior in the future
    (https://www.obdev.at/products/littlesnitch/index.html)

    -- 64bit apps - ios/macos is going to drop 64bit support, check if there are updates, contact developers
    (https://forums.macrumors.com/thread...it-mac-apps-starting-in-january-2018.2049186/)

    -- 1password (stand alone app) - consider using 1password for securely storing notes, logins, cc data, etc.
    (https://1password.com/) (personal note: i recommend against any subscription service, or hosted solution for your data, it should be working offline only, with you holding all the keys, screw lastpass, keepwhatever, etc or 1passwords' subscription model)

    -- private browsing / incognito mode - make it your standard when you browse the web, regular visited sites that require an account perhaps exempted
    (https://support.apple.com/kb/ph21413?locale=en_US)

    -- virtualization - if you ever have to test anything: remember, you can sandbox an OS
    (https://www.virtualbox.org/wiki/Downloads)

    -- pgp mail - perhaps consider moving to pgp/gpg mail configuration to step up your game
    (https://ssd.eff.org/en/module/how-use-pgp-mac-os-x)

    -- tor/proxy/vpn - (re)consider a vpn, go pro, no logging, no freebies .. make sure they care about their customers privacy

    -- backups - it is pretty cheap to get a usb-c drive that matches your internal drive just for automatic time machine. you won't regret it in those situations things really go wrong. (also consider offsite second backup, perhaps manually backup your files you care bout the most as well)
    (https://support.apple.com/en-us/HT201250)

    -- Turn off services and stuff you dont use, uninstall apps you dont use, dont' bloatware your machine.

    -- Parental control, kids, friend accounts, etc, it isn't just for blocking certain sites, you can help prevent weak password accounts from going to app store and spending thousands, .. just go through the settings
    (https://support.apple.com/kb/PH25799?locale=en_GB)


    Some if not all of this stuff is kinda 'default' for me, and while i am not perfect, since i just got a new imac, i find it the perfect time to review what i have, what i use, what i dont have and dont use, and how i want to use it, etc.

    It has nothing to do with 'i have nothing to hide', or 'i am paranoid', it's a preventive measure against snooping eyes, prying pokes, avoiding malicious abuse, ransomware, lowering any damage in case of an issue, and all the obvious stuff.

    Each point in this list can be as technically in depth as you can imagine, and there's always someone that knows better, but i think if you just think about the few basics you can do to improve the privacy and security on your system - especially now that you start clean on a new ipad, imac, macbook pro .. etc. Why not perhaps make a change and make that a habit.

    Also, don't scribble down your firmware and root pass, and your 1password master logins on a bit of paper that you can accidentally throw out.. and don't make it a third guess for anybody "password123" and don't use the same one for everything. That said, these are passwords you can't just "copy paste" from other apps, so make sure they're not 50 character of garbled nonsense you can't decypher yourself either :) Something stronger than password123 would be @@pass-word_123@@ (just saying..) For anything else, once you are logged into your system (securely) you should use unique long and strong passwords of at least 16 characters, 32 if you the service allows it - hence why 1password is so handy.
     
  2. Floris thread starter macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #2
    Little update, I am about halfway through with the list myself, slowly taking the time to implement the stuff I want to have 'at least'. Getting there, looking forward to more suggestions.
     
  3. LucyLouie macrumors newbie

    Joined:
    Nov 19, 2015
    Location:
    Texas
    #3
    Thanks for taking the time to post this. It's a great list to work from and must have taken you a lot of time. I will definitely save it for my own use in the future.
     

Share This Page