Virus & Security Information

Required steps for all Macintosh computers

• Make sure your OSX software updates are current. You should receive alerts about new updates every month or so. If you have disabled "Software Update", after you register you should re-enable "Software Update" from the Apple menu to check for new updates
• Don't set your Mac to automatically log into your account on startup. In the "Accounts" System Preferences pane, click on the "Lock" icon and then click on "Login Options" (above the "Lock" icon). Make sure that the "Automatic login:" setting is set to "Disabled". Also, make sure "Display login window as"is set to "Name and password".
• Enable your screen saver and have it set to ask for a password to wake from sleep and from screensaver. In the "Security" System Preferences pane put a check in front of "Require password to wake this computer from sleep or screen saver". You can also set a "hot corner" in the "Screen Saver" so that you can activate your screen saver immediately by moving your cursor to one of the corners of your screen. This is useful when you have confidential information on your screen that you don't want others to see or if you're leaving your desk for a while and want your computer secured immediately.
• Sharing settings. OSX 10.4 Users: In the "Sharing" System Preferences pane, click on the "Services" tab and make sure make sure that nothing is checked. Under the Firewall tab, turn the firewall "on" and have only "Network Time" checked under the "Internet" tab, make sure that nothing is checked.
     OSX 10.5 Users: In the "Sharing" System Preferences Pane make sure that nothing is checked. Then, click on the "Security" System Preference pane, and the "General" tab. Make sure that there's a check in front of "Require password to wake from sleep" and also "Disable automatic login".
• Install and/or update Symantec Anti-Virus.
• Make your KeyChain password different from your login account password (Applications:Utilities:KeyChain Access/Utility). From the Edit menu, select "Change password for keychain "login:. This may cause you to be asked for your KeyChain password more frequently In the the "Filevault" tab of the Security System Preferences pane you probably don't need to turn on "FileFault", but you might need to turn it on if you have files that require additional securing (more information on Filevault in "Additional Stets", below).

Additional steps if your computer stores or accesses private data

• In the Bluetooth System Preference pane, click on "Turn Bluetooth Off". If you need to use Bluetooth for wireless mice or keyboards then keep Bluetooth "On", but do not check "Discoverable"
• Use the "Secure Empty Trash" option from the Finder's File menu to delete confidential data.
• Enter a "master password" for FileVault in the "Security" System Preferences (this is under the FileVAult tab in OSX 10.5). This password is used to unlock any account encrypted with FileVault if the password is forgotten. Note: FileVault encrypts your home directory when you log out. We do not recommend enabling FileVault unless you have private data on your computer. The Filevault function can slow down using your computer and creates some potential of making your data unavailable. Rather than using FileVault we recommend using Disk Utility to create a secure disk image. This is a disk image file that requires a password to mount the disk on the Desktop. ITSS can help you create secure disk images.
• Set a firmware password: If someone has physical access to your Mac they can access your files by starting the Mac from an CD and change any of the passwords on your Mac. If you have private data on your computer you should set a firmware password. This will prevent others from starting your Mac from an external device and changing your passwords. Keep in mind that even the Open Firmware password can be disabled if someone has access to the inside of your Mac. Most Macintoshes have a locking mechanism that would prevent someone from opening up your Macintosh computer's case. ITSS can help you set an Open Firmware password and physically secure your Mac.
• Set a secure password for the disabled "root" account. The high-level "root" account in OSX is disabled by default, but does not have a password set for it. You want it to be disabled, but it's more secure if it has a password set.
  
  OSX 10.4 users • Run the Netinfo Manager utility located in Applications/Utilities. From the Security menu, choose "Authenticate" and then enter your password. From the Security menu, choose "Enable Root User". You'll be asked to enter a password (twice) for the root account. Enter a secure (not easy to guess) password that's different from your other passwords. Then from the Security menu choose "Disable Root User" (you'll be asked to authenticate). Then quit from Netinfo Manager.

  OSX 10.5 users • Run Directory Utility located in Applications/Utilities. Click the lock in the Directory Utility window and enter your administrator account name and password. From the Edit menu on the menu bar, choose Enable Root User. Enter a secure (not easy to guess) password that's different from your other passwords and click OK. Choose Disable Root User from the Edit menu and quit Directory Utility.

  .