Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Safe and sound: securing Mountain Lion

Neal Wise | April 18, 2013
Let’s have a look at what basic steps we’d recommend to secure a Mountain Lion installation. These are similar to what we’ve done in the past with Lion, Snow Leopard and so on, but subtle changes to System Preferences may have added, removed or relocated some of the security controls we previously considered.

This configuration can be used to reduce the likelihood of unauthorised (i.e. not signed by a developer key) software being run on your Mac, but there are some limitations mostly relating to Mac software in use that pre-dates code-signing
of applications. So it tries to strike a balance by permitting the user to specify trusting software that isn't signed with a Developer ID certificate.

You can choose to set this option to 'Allow applications downloaded from the Mac App Store'.

This may be a good setting for simple functionality systems such as those we set up for our relatives using Safari, Mail and other standard applications. When this configuration is set, however, you may find that commonly used applications aren't usable anymore.

The second mode, 'Mac App Store and identified developers', is the default mode set for Mountain Lion. Any application installed that isn't signed with an Apple Developer ID will prompt the user to accept running the application. From that point on that particular application is trusted for execution.

Always be wary of applications asking you to authenticate as an administrator. You never know what they're actually doing behind the scenes.

The final option permits trusting applications downloaded from anywhere. We're not sure what the value in choosing this is other than if you download a lot of random applications and grow tired of accepting the dialogue box for running them. Maybe using the internet isn't for you if you think this option is useful.

We'd recommend sticking with the 'Mac App Store and identified developers' setting. This will allow you to manually allow applications (via Control-click/ right-click and Open) as required.

FILEVAULT

In recovery. Keep a copy of your Mac's recovery key, in the event that you forget the FileVault password.

The next security feature we'll have a look at is the FileVault whole disk encryption functionality introduced in OS X Lion. Technically, FileVault in Lion and Mountain Lion is different to the data encryption mechanism unveiled as FileVault in OS X Panther in 2003. The older technology called FileVault was useful for encrypting individual users' home directories (and its concepts are still employed when you use Disk Utility to create encrypted volumes).

FileVault in Mountain Lion provides the ability to protect data on your Mac's storage device from unauthorised access using 'disk target mode' or even when removed from your Mac. It does this by encrypting the data and utilising your account password as a passphrase for the encryption key(s) used to encrypt your Mac's storage.

Once you've selected 'Turn On FileVault', you'll be presented with a screen asking you to select users permitted to provide the FileVault password at boot up (and in some cases at waking your Mac).

 

Previous Page  1  2  3  4  5  6  Next Page 

Sign up for Computerworld eNewsletters.