Steps Toward Securing Your MacIntosh

Single-user firewalls

OS X is one of the operating systems used at Southern Connections. We love it.

We strongly recommend that OS X users configure the builtin OS X firewall carefully. If you have the spare change, consider buying a good, freestanding firewall.

Careful attention to your firewall is like locking the back door to the office so that no one can walk right in, take what they want and/or vandalize the place, and leave undetected.

Brian Hill's BrickHouse is the best shareware firewall solution for Mac OS X. It guides you through configuration of the builtin OS X firewall. The builtin firewall is IP Chains and has limitations.

Installation of BrickHouse is drag-and-drop.

Double clicking on the application to begin setup. BrickHouse provides a setup assistant, which guides your through the key security options of your builtin firewall. It is free. Personally, I believe that if you find it useful, you should send him a donation. IMHO

Firewalk X2 is a fullblown commercial firewall for OS X. It provides a higher level of protection than the builtin IP Chains firewall, and for a modest price.

Prepare for the worst: Backup

Back your files up on a regular basis.
When key files are lost, no matter what the cause, they can be expensive to replace.
Good back-ups reduce that expense to a minimum.
Like accounting practices, there are well-developed approaches to backing up your files.
Set a schedule for backups and follow it.

Use passwords and encryption

Password protect your MacIntosh and use effective passwords. Effective passwords are complex. Complex passwords are difficult to crack.
Password protect shared disks.
Encrypt key files on your hard drive, using a password that is different from your user password. To do that with Panther, you can use file vault. Absent file vault, seek out an add-on utility like Mac GNU Privacy Guard, one of the tools sold by PGP or CipherDisk. Remember, when key files are lost, no matter what the cause, they are expensive to replace.

Close doors that do not have to be open

Remove or turn off unneeded services. Unneeded services usually include:

"Web Sharing:" Unless you have a compelling need for Web Sharing, be sure it is off. When it's on, you're offering Web server services. Hackers can be expected to try to break in through that service.
While making sure Web sharing is off, make sure you don't have any other shared service on, unless there is a compelling business need for it.
Remove unneeded software and replace insecure applications (if you can) with secure applications. For example:
- Removing AOL Instant Messenger and any other messaging chat software that is not approved for use at your place of business. Chat software is often fraught with security issues.
- Removing Microsoft Internet Explorer and substitute a more secure browser. The freeware browsers Mozilla and Firefox are good alternatives.
- Removing Microsoft Outlook if it is installed. Use a more secure email client.
Turn computers off when they are not in use. That usually means when the primary user leaves work for the day or weekend

Adopt safe e-mail handling practices

Delete email, without viewing it, that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files. All anti-virus software is imperfect. Businesses that send and receive a lot of email or otherwise exchange files with outside sources frequently inevitably encounter infections against which they are not yet protected. Delete email that has recognizably suspicious attachments is simply due caution.
Never open email attachments unless you are expecting them.
Immediately delete junk mail, chain letters and E-mail messages with questionable subject lines.
Never execute software that is downloaded from the Internet unless it has been scanned for viruses and other malware.
Turn on the constant protection feature of your anti-virus software "on" if it has a constant protection feature, and have it scan all of your incoming email as thoroughly as possible.

Browse safely and use a safe browser

Remember that ordinary Web browsing can be unsafe. Simply browsing an infected site with some Web browsers can infect your machine.
To protect yourself, do the following:
- Choose the safest browser you can find. Netscape and Mozilla are currently good choices.
- Have a consultant or someone in your organization keep track of the security issues associated with the Web browser you choose and notify you when patches or updates are required to maintain your security.
- Use Apple's Software Update to keep your patch levels up-to-date. Apple often provides security patches via Software Update.
We all know that anti-virus software is useless if it is not constantly updated and intensively used. You should, therefore, do the following:
- Update your anti-virus software regularly and perform regular, in-depth full system scans. Most MacIntoshes can complete a full system scan while you are at lunch.
- Turn the constant protection feature of your anti-virus software "on" if it has a constant protection feature.
- Disconnect infected computers from the corporate network to stop the spread of their infections. Remove the infection and restore any damaged files before re-connecting them to the corporate network.
Anti-virus software cannot protect you from everything. Avoid downloading software from unknown, suspicious or untrustworthy sites.

Microsoft Office and MSIE

Some versions of Microsoft Internet Explorer have critical security problems. To fix Internet Explorer, update it through the Software Update Pane/Control Panel of your MacIntosh. Microsoft offers the required patches at http://www.microsoft.com/mac/download/, which it calls "mactopia."

Affected software: