Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Safe and sound: securing Mountain Lion

Neal Wise | April 18, 2013
Let’s have a look at what basic steps we’d recommend to secure a Mountain Lion installation. These are similar to what we’ve done in the past with Lion, Snow Leopard and so on, but subtle changes to System Preferences may have added, removed or relocated some of the security controls we previously considered.

That keeps our friends XProtect.plist/XProtect. meta.plist (used by the OS X file quarantine function) up-to-date with Apple's list of known malicious software. It also keeps track of the current versions of browser plug-ins known to be a source of security issues such as Oracle's JavaAppletPlugin and Adobe's Flash Player plugin.

We would also recommend selecting 'Require an administrator password to access locked preferences' if you share use of your Mac with family members who you don't want changing the configuration of your Mac.

Under the General tab you'll want your Mac to demand that users provide a password to unlock the screensaver or when you wake (or unsuspend) your Mac. By default, Mountain Lion requires a password to be provided immediately once the screen is locked. This is an effective way of ensuring your Mac isn't accessed for unauthorised use. We do advise assigning a 'return to base' message to appear on the lock screen.

It's worth it to us, for peace of mind, to offer a reward to have our Macs returned. Once applied, the warning message appears on both the lock screen and on system boot if you have FileVault enabled.

GATEKEEPER

The next configuration option relates to Apple's Gatekeeper trusted software initiative. Gatekeeper was introduced in OS X Lion 10.7.5 and OS X Mountain Lion and is really the combination of a few things. Mainly, the file quarantine inspection function is used with downloads in Safari, Mail, Messages and other applications, as well as being a digital signature system used for Apple's registered developer program and the Mac App Store.

ID default. In default mode, all applications not signed with an Apple Developer ID will need to be manually approved by the user in order to run the software.

The next configuration option relates to Apple's Gatekeeper trusted software initiative. Gatekeeper was introduced in OS X Lion 10.7.5 and OS X Mountain Lion and is really the combination of a few things. Mainly, the file quarantine inspection function is used with downloads in Safari, Mail, Messages and other applications, as well as being a digital signature system used for Apple's registered developer program and the Mac App Store.

Registered developers can digitally sign their software using their Developer ID certificate. This digital certificate framework permits Apple and, indirectly, the end user to confirm that the application was signed by someone who has provided their contact and/or company details (and US$99) to Apple. Or that it was signed by someone with access to that key in some way.

The Mac App Store requires using these Developer ID certificates to sign submitted applications. The Mac App Store also requires following certain guidelines for applications, including requirements to access resources on your Mac. For example, iOS and OS X provide local device and profile managed configuration to specify use of device resources including cameras and microphones and device- based information (on your Mac or phone) using the device's Address Book or Calendar data.

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for Computerworld eNewsletters.