Securing Leopard Checklist
This checklist is a summary based on the article on Securing Leopard (http://bit.ly/securing-leopard/).
Thanks for reading! If you enjoyed this article please share it, or post a comment.
 Accounts and Parental Controls |
|
Create Standard User account for day-to-day use. |
|
Login Options |
|
Set Automatic Login to “Off” |
|
Display login window as: Name and Password |
|
Uncheck “Show restart, sleep and shutdown buttons” |
|
Uncheck “Show password hints” |
|
Uncheck “Show fast user switching menu…” |
|
Parental Controls to restrict certain Users |
|
Uncheck “Can administer printers” |
|
Uncheck “Can burn CDs” (unless needed) |
|
Limit access to required applications |
|
Log activity if necessary |
|
Security |
|
Check “Require password immediately after sleep or screen saver begins” |
|
Check “Disable Automatic Login” |
|
Check “Require Password to unlock each System Preferences Pane” |
|
Check “Use Secure Virtual Memory” |
|
Check “Disable Location Services” |
|
Check “Disable remote control infrared receive” or Pair your remote. |
|
On FileVault Tab: Set Master Password |
|
Turn On FileVault (if you wish to use this feature) |
|
On Firewall Tab (Advanced): “Block all incoming connections”, unless certain services are required, then set permissions accordingly. If unsure leave “Block all incoming connections” unchecked. Check “Enable stealth mode”. |
|
Network, Bluetooth, Sharing and Software Update |
|
Deactivate unused services (click on gear icon at bottom of interface list) |
|
In AirPort Advanced settings: Check “Disconnect from wireless networks when logging out” |
|
Check “Require admin password to control Airport” |
|
Uncheck “Remember any network this computer has joined” (manually add frequently-used networks) |
|
Always use WPA2 for wireless networks |
|
Turn off Airport when not in use, or in untrusted environments |
|
Turn IPv6 off for Ethernet (in Advanced settings) |
|
Bluetooth |
|
Uncheck “Discoverable” |
|
Uncheck “On” (unless Bluetooth devices are used) |
|
Sharing |
|
Set custom non-descriptive name in “Computer Name” |
|
Keep all services off if possible |
|
Limit access to necessary users |
|
Software Update |
|
Check “Check for updates” and select “Daily” from dropdown |
|
Check “Download important updates automatically” |
|
Privacy Settings (Spotlight, Quicktime, Dock) |
|
Create an encrypted Disk Image (using Disk Utility) to store sensitive documents |
|
Secure Empty Trash when deleting sensitive files |
|
“Erase Free Space” in Erase tab of Disk Utility to remove ‘ghosts’ of sensitive files on hard drive |
|
Spotlight |
|
Prevent spotlight from serching certain folders or disks, by dragging those disks into the area in the Privacy tab. |
|
Appearance (optional) |
|
Set all dropdowns to “None” |
|
Dock (optional) |
|
Check “Automatically hide dock” to hide running programs |
|
Securing Applications |
|
Keychain Access |
|
In Edit Menu select: “Change Keychain Settings” and Check “Lock when sleeping” and “Lock after x mins inactivity” |
|
In Edit Menu select: “Change Keychain Password” and set a new keychain password |
|
Use Secure Notes to store sensitive text data (bank details etc) |
|
Safari |
|
In Safari Preferences: Uncheck “Open safe files after downloading” |
|
Use “Private Browsing” in Safari menu to prevent Safari from storing cache, browsing history, etc |
|
Terminal |
|
In Terminal Menu: Activate “Secure Keyboard Entry” (if you use the Terminal. Note this can sometimes cause problems with applications that rely on capturing keystrokes) |
Loading ...
