In the third and final part of my series on OS X security I will cover system security. If you missed out previous articles, check out part one on hardware security and part two which covers user security.
Simply using a Macintosh computer is not enough to guarantee your security. If you would like some help beyond the advice in these articles you can download our free Sophos Anti-Virus for Mac Home Edition product to alert you of any threats.
System security
1. Properly configure your firewall
Having a modicum of control over what network traffic is allowed in and out of your machine, and by which applications, is essential is running a secure system. To do this you want to run a Firewall.
Apple were nice enough to include a firewall in OS X, and the version in 10.6 is almost useful. It is comprised of two main parts, the Application Firewall and ipfw, a FreeBSD packet filtering firewall that Apple has inherited in OS X.
The Application Firewall is what you see when you open System Preferences and click on Security -> Firewall. You can control which Services are allowed to accept incoming connections, as well as which Applications.
To begin with, make sure the firewall is switched on. Apple may have been kind enough to include the firewall, but they didn’t switch it on for you *sigh*.
Next, click on Advanced and review any applications that are listed and showing that they are currently allowed to accept incoming connections. Decide if they really should be allowed to.
For example, i use iTunes to listen to my music, but i don’t share out my library, so there is no need for iTunes to accept incoming connections on my machine, therefore i have iTunes set to ‘Block incoming connections’.
The default setting in the application firewall on 10.6 will allow all ‘signed’ applications to automatically accept incoming connections once you have switched on the firewall.
Signed applications are those that have been built by the developer with code signing enabled. This provides a means by which the operating system can verify that the application is what it says it is.
Code signing provides some level of security, however it is not a flawless system by any stretch of the imagination. You shouldn’t blindly rely on the fact that an application is ‘signed’ to mean that you should allow it to accept incoming connections. You should review all of the applications you have on your system and decide whether they should accept incoming connections or not.
The second part to the firewall solution in OS X is ipfw, a packet filtering firewall that is built into the sub-system of OS X. Ipfw is immensely powerful, but can be confusing to a lot of people. It is hidden away from most users unless you go looking for it in terminal.
There are a few applications available that provide a GUI to ipfw which makes things far easier for those that are not used to configuring a firewall from the command line. Two that are particularly good, and free, are WaterRoof and NoobProof.
The Ready Rule Sets in WaterRoof are especially good and provide a very quick way to add additional security to your system very quickly.
2. Secure Safari
When it comes to browsers, I actually like Safari. I tend to use it more than Firefox or Chrome on my Mac. One option that I always disable as soon as i set up a new machine though is ‘Open “safe” files after downloading’.
This can be found in the Safari Preferences and means that while it is enabled files deemed to be “safe” are automatically opened or mounted by Safari after they have been downloaded.
This is hideously insecure, and can lead to malicious code being run without the user having to do anything. If you visit an infected website, and that site causes your browser to download an infected zip file, once it is downloaded Safari will automatically unzip that zip file, causing the malicious code to be run! Disable this option now.
Anything you download can easily be accessed using either the Finder, or by double clicking on the item in the Safari Downloads window.
Having the Safari browser or any browser for that matter, automatically fill in forms for you can be potentially dangerous. Vulnerabilities have been found that allow websites to grab this auto-fill data without ever showing a form on the page. The data that is normally shared by auto-fill is an identity thief’s idea of heaven.
Either Disable ‘Autofill web forms’ in the Safari Preferences, or use a secure application for auto-filling this sort of information like 1Password.
m Preferences | Sharing.
3. Only run the services that you really need
Many users have services running on their systems that they either rarely use, or, more often than not, dont even know are running.
Only run services that you really need, and for those that you rarely use only switch them on when you need them and then switch them off once your finished.
Leaving services running opens up areas for attack over the network. By only running those services that you need you reduce your risk.
To review the services that are running on your system look in System Preferences -> Sharing.
Conclusion
To stay current on the latest Mac threats check out the Sophos Mac Security Hub. Until next time, stay secure.
