  Accounts and Parental Controls
|
  Create Standard User account for day-to-day use.
|
  Login Options
|
  Set Automatic Login to “Off”
|
  Display login window as: Name and Password
|
  Uncheck “Show restart, sleep and shutdown buttons”
|
  Uncheck “Show password hints”
|
  Uncheck “Show fast user switching menu…”
|
 Parental Controls to restrict certain Users
|
  Uncheck “Can administer printers”
|
  Uncheck “Can burn CDs” (unless needed)
|
  Limit access to required applications
|
  Log activity if necessary
|
  Security
|
  Check “Require password immediately after sleep or screen saver begins”
|
  Check “Disable Automatic Login”
|
  Check “Require Password to unlock each System Preferences Pane”
|
  Check “Use Secure Virtual Memory”
|
  Check “Disable Location Services”
|
  Check “Disable remote control infrared receive” or Pair your remote.
|
  On FileVault Tab: Set Master Password
|
  Turn On FileVault (if you wish to use this feature)
|
  On Firewall Tab (Advanced): “Block all incoming connections”, unless certain services are required, then set permissions accordingly. If unsure leave “Block all incoming connections” unchecked. Check “Enable stealth mode”.
|
|
  Network, Bluetooth, Sharing and Software Update
|
  Deactivate unused services (click on gear icon at bottom of interface list)
|
  In AirPort Advanced settings: Check “Disconnect from wireless networks when logging out”
|
  Check “Require admin password to control Airport”
|
  Uncheck “Remember any network this computer has joined” (manually add frequently-used networks)
|
  Always use WPA2 for wireless networks
|
  Turn off Airport when not in use, or in untrusted environments
|
  Turn IPv6 off for Ethernet (in Advanced settings)
|
  Bluetooth
|
  Uncheck “Discoverable”
|
  Uncheck “On” (unless Bluetooth devices are used)
|
  Sharing
|
  Set custom non-descriptive name in “Computer Name”
|
  Keep all services off if possible
|
  Limit access to necessary users
|
  Software Update
|
  Check “Check for updates” and select “Daily” from dropdown
|
  Check “Download important updates automatically”
|
  Privacy Settings (Spotlight, Quicktime, Dock)
|
  Create an encrypted Disk Image (using Disk Utility) to store sensitive documents
|
  Secure Empty Trash when deleting sensitive files
|
  “Erase Free Space” in Erase tab of Disk Utility to remove ‘ghosts’ of sensitive files on hard drive
|
  Spotlight
|
  Prevent spotlight from serching certain folders or disks, by dragging those disks into the area in the Privacy tab.
|
  Appearance (optional)
|
  Set all dropdowns to “None”
|
  Dock (optional)
|
  Check “Automatically hide dock” to hide running programs
|
  Securing Applications
|
  Keychain Access
|
  In Edit Menu select: “Change Keychain Settings” and Check “Lock when sleeping” and “Lock after x mins inactivity”
|
  In Edit Menu select: “Change Keychain Password” and set a new keychain password
|
  Use Secure Notes to store sensitive text data (bank details etc)
|
  Safari
|
  In Safari Preferences: Uncheck “Open safe files after downloading”
|
  Use “Private Browsing” in Safari menu to prevent Safari from storing cache, browsing history, etc
|
  Terminal
|
  In Terminal Menu: Activate “Secure Keyboard Entry” (if you use the Terminal. Note this can sometimes cause problems with applications that rely on capturing keystrokes)
|