Hardened Mac Configuration Tips & Recommendations

By Fortra's Digital Defense

Given the popularity of the Mac and the ever increasing number of users, we thought it would be good to share insight that everyone, regardless of what they use their Mac for, should do to protect their system and their data.

 

This list is not all inclusive; however, it does give most users much more control over the security and privacy of their data.

Under System Preferences >> Security & Privacy

General Tab

  1. Force the system to require a password immediately after sleep or after the screensaver starts.
  2. Disable automatic logins.
  3. Only Allow Apps from the Mac App Store and identified developers.
  4. Under Advanced, log out after 15 minutes of inactivity
  5. Require the administrator password to access system-wide preferences
  6. Disable remote control via infrared remote.

File Vault Tab

  1. Enable File Vault to encrypt the hard drive of your Mac
  2. Do not store your File Vault key in iCloud, instead print it and store it in a safe, secure place such as your wallet or purse.

Firewall Tab

  1. Turn on the Mac firewall
  2. Under Advanced, enable “Block all Incoming connections”.
  3. Under Advanced, enable Stealth Mode.

Privacy Tab

  1. Disable “ Send Diagnostic and Usage Data to Apple”
  2. Disable Location Services (Unless you plan on using Maps)
  3. Enable only those apps that you want to have access to your Contacts, Calendars, and Reminders.
  4. Disable “Share Crash Data With App Developers”.

Under System Preferences >> Users & Groups

  1. Ensure automatic login is off.
  2. Ensure the guest account is disabled.
  3. Set up a user with non-Admin privileges and use that user for daily use. Use your admin account for administrative functions only.
  4. Display the login as “Name and Password”

Under System Preferences >> Bluetooth

  1. Turn Bluetooth off unless you plan on using Bluetooth devices such as keyboards, track pads, and wireless mice.

Under System Preferences >> Sharing

  1. Unless you need it for business reasons, disable all types of sharing from your Mac by un-selecting the associated checkbox.

Under System Preferences >> App Store

  1. Make sure that your system is set to automatically check for updates.
  2. Allow your Mac to install app, OS X and system data and security updates.

Under System Preferences >> Dictation & Speech

  1. Disable dictation unless it is needed.

In The Finder >> Preferences

  1. Ensure that “Secure Empty Trash” is enabled.

Under System Preferences >> Spotlight

  1. Disable your system searches from being sent to Apple by unchecking “Spotlight Suggestions” and “Bing Web Searches”.
Share This