In the last articles wee talked about keeping the home network secure on the windows platform In this articles we will discuss on that when the platform is Mac OS.
Apple Host OS
1. Maintain an Up-to-Date OS
Configure any Mac OS X system to automatically check for updates. When notified of an available update, provide privileged credentials in order to install the update. The Apple iPad should be kept up-to-date as well and requires a physical connection (e.g., USB) to a host running iTunes in order to receive its updates. A good practice is to connect the iPad to an iTunes host at least once a month or just prior to any travel where the iPad will be used.
2. Keep Third Party Application Software Up-to-Date
Periodically check key applications for updates. Several of these third party applications may have options to automatically check for updates. Legacy applications may require some research to determine their status.
3. Limit Use of the Privileged (Administrator Account)
The first account that is typically created when configuring a Mac host for the first time is the local administrator account. A non-privileged “user” account should be created and used for the bulk of activities conducted on the host to include web browsing, email access, and document creation/editing. The privileged administrator account should only be used to install updates or software, and reconfigure the host as needed. Browsing the web or reading email as an administrator provides an effective means for an adversary to gain persistence on your host.
4. Enable Data Protection on the iPad
The data protection feature on the iPad enhances hardware encryption by protecting the hardware encryption keys with a pass code. The pass code can be enabled by selecting “Settings,” then “General”, and finally “Passcode.” After the pass code is set, the “Data protection is enabled” icon should be visible at the bottom of the screen. For iPads that have been upgraded from iOS 3, follow the instructions at: http://support.apple.com/kb/HT4175.
5. Implement FileVault on Mac OS Laptops
In the event that a Mac laptop is lost or stolen, FileVault (available in Mac OS X, v10.3 and later) can be used to encrypt the contents of a user’s home directory to prevent data loss.
No comments:
Post a Comment