Skip to content

Securing Leopard Checklist

This checklist is a summary based on the article on Securing Leopard (http://bit.ly/securing-leopard/).

Thanks for reading! If you enjoyed this article please share it, or post a comment.

wedge Accounts and Parental Controls
* Create Standard User account for day-to-day use.
wedge Login Options
* Set Automatic Login to “Off”
* Display login window as: Name and Password
* Uncheck “Show restart, sleep and shutdown buttons”
* Uncheck “Show password hints”
* Uncheck “Show fast user switching menu…”
wedge Parental Controls to restrict certain Users
* Uncheck “Can administer printers”
* Uncheck “Can burn CDs” (unless needed)
* Limit access to required applications
* Log activity if necessary
wedge Security
* Check “Require password immediately after sleep or screen saver begins”
* Check “Disable Automatic Login”
* Check “Require Password to unlock each System Preferences Pane”
* Check “Use Secure Virtual Memory”
* Check “Disable Location Services”
* Check “Disable remote control infrared receive” or Pair your remote.
* On FileVault Tab: Set Master Password
* Turn On FileVault (if you wish to use this feature)
* On Firewall Tab (Advanced): “Block all incoming connections”, unless certain services are required, then set permissions accordingly. If unsure leave “Block all incoming connections” unchecked. Check “Enable stealth mode”.
wedge Network, Bluetooth, Sharing and Software Update
* Deactivate unused services (click on gear icon at bottom of interface list)
* In AirPort Advanced settings: Check “Disconnect from wireless networks when logging out”
* Check “Require admin password to control Airport”
* Uncheck “Remember any network this computer has joined” (manually add frequently-used networks)
* Always use WPA2 for wireless networks
* Turn off Airport when not in use, or in untrusted environments
* Turn IPv6 off for Ethernet (in Advanced settings)
wedge Bluetooth
* Uncheck “Discoverable”
* Uncheck “On” (unless Bluetooth devices are used)
wedge Sharing
* Set custom non-descriptive name in “Computer Name”
* Keep all services off if possible
* Limit access to necessary users
wedge Software Update
* Check “Check for updates” and select “Daily” from dropdown
* Check “Download important updates automatically”
wedge Privacy Settings (Spotlight, Quicktime, Dock)
* Create an encrypted Disk Image (using Disk Utility) to store sensitive documents
* Secure Empty Trash when deleting sensitive files
* “Erase Free Space” in Erase tab of Disk Utility to remove ‘ghosts’ of sensitive files on hard drive
wedge Spotlight
* Prevent spotlight from serching certain folders or disks, by dragging those disks into the area in the Privacy tab.
wedge Appearance (optional)
* Set all dropdowns to “None”
wedge Dock (optional)
* Check “Automatically hide dock” to hide running programs
wedge Securing Applications
wedge Keychain Access
* In Edit Menu select: “Change Keychain Settings” and Check “Lock when sleeping” and “Lock after x mins inactivity”
* In Edit Menu select: “Change Keychain Password” and set a new keychain password
* Use Secure Notes to store sensitive text data (bank details etc)
wedge Safari
* In Safari Preferences: Uncheck “Open safe files after downloading”
* Use “Private Browsing” in Safari menu to prevent Safari from storing cache, browsing history, etc
wedge Terminal
* In Terminal Menu: Activate “Secure Keyboard Entry” (if you use the Terminal. Note this can sometimes cause problems with applications that rely on capturing keystrokes)

css.php