Since our last security feature in 2012, a lot has changed with OS X security. Apple has improved kernel-level security protections like Address Space Layout Randomisation (ASLR) and introduced a software signing mechanism in OS X Mountain Lion and OS X Lion similar to that used in iOS. Apple has also spent a significant part of the last year playing 'Whac-A-Mole' with your Java-based applications and web content to combat malicious software by changing Apple's approach to supporting Java on OS X Lion and OS X Mountain Lion. In this feature, we'll have a look at applying baseline security controls to your Mountain Lion-based Mac and we'll have a look at the challenges in 2013 of using web-based Java Applets on your Mac.
Let's have a look at what basic steps we'd recommend to secure a Mountain Lion installation. These are similar to what we've done in the past with Lion, Snow Leopard and so on, but subtle changes to System Preferences may have added, removed or relocated some of the security controls we previously considered.
Like most operating systems, OS X installations default to basic features and convenient use. In today's world (and not just for those of us who are generally paranoid) default configurations of any technology - your computer, phone, internet TV, etc - should be carefully considered. Where possible, we'll try to pick the strictest reasonable approach.
CONVENIENCE VS SECURITY:
USERS & GROUPS
First, let's think about you. Your Mac's account password first: do you have one? Is your Mac set to 'Automatic login' as a user account when started up? In a world where we're slowly becoming overwhelmed with passwords and PINs there are
a few that are really important to assign well - obviously we're including your computer in that list.
Second, we need to ensure your login account on your Mac is relatively secure. Basically secure enough to discourage a 'walk by' opportunistic attack.
Multiplication malady. If you have multiple user accounts on your Mac, make sure they have all been assigned with secure passwords.
So if you'll start System Preferences (Apple Menu > System Preferences) we can begin. Select 'Users & Groups' and then select Login Options. There are a few default options here we'll want to change. Many of these options are great examples of trading the security of your Mac for convenience.
First, you should disable 'Automatic login' on your Mac if it's enabled. This is to prevent access to your Mac without your permission in the event that your Mac is lost or stolen. This is disabled by default in recent releases but, in the past, it may have been enabled prior to an upgrade. We also typically set the login window to 'Name and password' to force a would-be attacker to have to guess a valid username, rather than clicking on user account pictures and having a guess at passwords.
Sign up for Computerworld eNewsletters.