- Created by Gabriel Hernandez, last modified on Oct 30, 2018
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 86 Current »
Antivirus-Malware-Spyware Protection
Apply Security Updates in Mac OS X
Automatic Updates: OS System Configuration
Enable and Configure Event Logging
Enabling Firewall in Mac OS X
Encryption: Enable FileVault
Operate with a standard OS X account
Password Complexity
Securing Unattended Macs
Supported Operating System
Note: Apple is no longer providing support for OS X 10.6 (Snow Leopard). Please ensure a plan to upgrade your system(s) have been identified.
Antivirus-Malware-Spyware Protection
There are several applications available to end-users to download and install on their systems.
Cisco AMP - (only for UT systems). Please email help@ece.utexas.edu and provide the UT asset tag number (silver sticker The Property of The University of Texas at Austin) for further details. Your system will need to be verified it is property of the University.
Personal Computers
Sophos
For personally owned Mac computers, the free online Sophos anti-virus software is recommended.
Download Sophos at https://home.sophos.com/mac.
Apply Security Updates
- Select the Apple Menu
- Click About this Mac
- Select Software Updates
Automatic Updates: OS System Configuration
- Open System Preferences via the Dock or Apple Menu
- Select the App Store
- Select Automatically check for updates
- Select Download newly available updates in the background
- Optional: If you want available updates to automatically install after being downloaded, select the options below.
- Select Install app updates
- Select Install macOS updates
- Select Install system data files and security updates
- Optional: If you want available updates to automatically install after being downloaded, select the options below.
Note: If you decide not to have the updates automatically install, be sure to install them in a timely manner when prompted to do after the updates have automatically been updated (step 3 & 4). Your device should continue to prompt you on a scheduled basis.
Enable and Configure Event Logging
By default, OS X "should" be enabled for logging. To enable logging:
For OS X:
- You must temporarily log in as an administrator or your current account must have sudo access
- In spotlight (upper right-hand corner), search for terminal and select it
- Type sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
- Enter administrative credentials
- If the system was already enabled for logging, you should receive the notification Already loaded in the terminal window
Note: the log files are rotated often by time of day, days indicated, and/or exceeding the maximum file size.
For advanced or custom log retention schedules:
- You must temporarily log in as an administrator or your current account must have sudo access
- In spotlight (upper right-hand corner), search for terminal and select it
- type cd /etc
- type sudo vi newsyslog.conf
A list of various log files with their retention schedule are displayed. Notice the count and size options available to change. You have the option to increase these amounts if desired.
Example: To change the count (amount of back up logs) for the system.log file. Continuing in the terminal window with the newsyslog.conf file open for editing:
- manually (using down arrow key) navigate to the system.log file
- navigate using the arrow key to the current count number (e.g. 7)
- verify the number is highlighted and press x to delete the current the number
- type i for the insert command and enter the new count number
- press the ESC key, followed by :wq! and press enter. This will save your entry.
A system restart will make the permanent changes.
Enable Firewall
- Open System Preferences via the Dock or Apple Menu
- Click Security & Privacy
- Click the Firewall tab and select Turn ON Firewall
Note: If the orange padlock icon in the lower left side of the window is closed, click it, and then authenticate with your Mac's administrator username and password.
Optional
To configure the firewall, click Firewall Options... (10.7 and later)
- In the options presented, select a suitable option
Encryption: Enable FileVault
- Open System Preferences via the Dock or Apple Menu
- Select Security & Privacy
- Select the FileVault tab and select Turn ON FileVault
- Make note of the Recovery Key and store in a safe place. Recommended option for UT personnel is STACHE
Operate with a standard OS X account
Running as an administrator? Administrative accounts are granted the ability to virtually perform anything on the computer. Every computer has an administrative account, and many users have the tendency to operate their computer in an administrative mode on a daily basis. This is against guidelines set forth by the Information Security Office.
With an administrative account, malware/viruses have an easier time:
- Hiding itself in the system to install rootkits, backdoors, keyloggers.
- Creating new administrative accounts
- Accessing and running privileges services
- Using an infected system to attack other vulnerable computers on the network
Yes, even Mac OS X systems are susceptible to keyloggers, rootkits, trojans, and other unauthorized malicious applications
If your current account is now an administrative account, you should downgrade this account with only “user/standard” privileges, while also creating a new account for administrative purposes.
Create a new administrative user account
- Open System Preferences via the Dock or Apple Menu
- Go to Users & Groups
- Click on the "+" to add a new account
- If the security lock is closed (lower left corner), click it and authenticate
- Enter an account name and password, and click on Create User
- Select the recently created User Account & Check Allow user to administer the computer
Demote the original user account to a standard user
- Log out of your account and log in with your new administrator account created in the steps above. Return to Users and Groups (Steps 1 & 2 above).
- Select the administrator that you want to demote and Uncheck Allow user to administer the computer
- Restart the computer for changes to take effect
- Login with the primary, standard user account that was just demoted.
Note: When privileged elevation is required (for example - installing a new application or updating OS X) you will be prompted to grant that elevation by logging in with your new administrator account and password that was just created.
Password Complexity
Secure unattended computers
There are two methods to choose from, but both require Step 5 in either option to be completed.
Turn display off after
- Open System Preferences via the Dock or Apple Menu
- Selct Energy Saver
- Configure the time to place the system in sleep mode. At least 15 minutes or less.
- Navigate back to System Preferences home panel and select Security & Privacy
- In the General tab, set Check Require password for sleep or screen saver (immediately).
Set Screensaver
- Open System Preferences via the Dock or Apple Menu
- Select Desktop & Screen Saver
- Use the drop-down options to select 10 minutes (this is the minimum option)
- Navigate back to System Preferences home panel and select Security & Privacy
- In the General tab, setCheck Require password for sleep or screen saver (immediately).
Supported Operating System
Special note: Apple does not publish an official support cycle for macOS. However, in general based on patching for the past few versions of macOS the following seems to apply:
- The current version of OS X gets updates to address security issues and bugs
- The previous version of OS X also gets security updates and might get some bug fixes
- The previous - previous version also gets security updates and is unlikely to get bug fixes
- Older versions are unlikely to get security updates and will not get bug fixes (unsupported)
Since new versions are released every year, this roughly corresponds to a 3 year support cycle, but again there's no commitment on Apple's part. The only official supported release is the most recent one.
For example: Mavericks (10.9 - October 2013) - > Yosemite (10.10 - October 2014) -> El Capitan (10.11 - September 2015) -> Sierra (10.12 - September 2016) -> High Sierra (10.13 - September 2017)
When High Sierra was released, everything before El Capitan could be considered unsupported. Though again it's not a conclusive statement, since an update for Yosemite was released in July 2017. This may have been due to the severity of the bug being fixed or the proximity of the patch to High Sierra's release. There is no way of knowing. However, given their past behavior it seems that any operating system older than El Capitan (10.11) would be considered unsupported.
- No labels