As president of local Des Moines Macintosh Users Group, I took detailed notes at last night's meeting on Mac OS X Security and think they are worth reading for more than just MUG members, so are excerpted here. The full version is accessible at the DMMUG site :
Mac OS X is no more secure than any other OS, and it too needs to have protective steps taken to prevent theft, breakage, hacking and the like. The test of how paranoid you need to be and how secure you should be is: how and where is your data stored and how could someone use it against you? If your on line banking records are on your computer, they're not safe if you don't take steps to protect them. If your personal family information, health history, etc., is on your computer, it's not safe if you don't take steps to protect it. If your business records are there, you have obligations to those clients or businesses to protect them from access by others. If you have written the Great American Novel, the Greatest Piece of Music, its special nature is compromised if it's not secured. In other words, it's NOT paranoia, it's a necessity to be concerned about security whether you're a home user or someone with other needs as well.
The whole issue of Physical Security is forgotten, but it's really the first and primary barrier: you need to make sure no one has access to your computer/data through theft, hacking, etc. Once someone gains entry to your computer and its data, they can take information and use it to hurt you or others. So you need to prevent thefts, stolen laptops or harddrives or USB Flash sticks, and the Q is how to do that. There are plenty of good software resources for that [more information will be on the website of DMMUG, www.DMMUG.org].
Use a Lock: cables with keys or combinations lock to the computer thru its locking port and you attach it then to some immoveable object [don't tie it to a chair or pillow and expect it not to wander away]. If some determined thief comes across it, he/she will turn and steal someone else's unlocked laptop and yours will probably be safe. There are alert systems, tracking down systems and the like which also deter theft or, if it happens, finds the culprit and lets you rip them limb from limb. [There are more advanced technical steps within OS X such as setting up the open firmware or EFI to require passwords before booting and the like, which may be worth exploring]
Reset the various OSX defaults: there is a tradeoff between Security and Useability and Apple's defaults err toward the latter. So, if you want a more secure machine you will have to jump through some hoops to use it, but it'll be more protected, your data will be more protected, and the hoops won't be that difficult to handle given the pay back. (1) in System Preferences, set the machine to go to sleep regularly and require a password to wake it from sleep, (2) disable the IR [infrared], (3) use an encrypted Disk Image created by Disk Utility [free program, part of Utilities in OSX] to store things that you want protected especially and use AES-128 security to encrypt, (4) reset your Account preferences to keep the Administrative user only for limited purposes and use only a Standard account for yourself, (5) limit the number of Log In items to those you really need and recognize.
Have a good way to generate passwords and use it. Passwords should have: uppercase and lower case letters, numbers and punctuation. They can be created in and stored in Keychain Access [an encrypted file reachable thru a special password you better remember, again a free program in the Mac OS X Utilities]. There're also programs such as 1Password and Password Wallet that leverage the keychain and allow for all sorts of things to be secured, remembered and accessed beyond the main computer [such as thru syncing with Treos, iPhones, .Mac etc.] [shameless plug, I have a Password Algorithum article I wrote on my website for download ]
Use your Firewall: You need to prevent easy access to your computer by those who would come into it thru wifi or landline or whatever and get your data. If you don't both set up your software OS X Firewall [Sharing pane in System Preferences] AND have a hardware firewall between the cable or DSL modem and your computer, you are asking for trouble.
QuickTime is a major security hole - apply all updates and security patches, disable Auto Play and Instant On in the preferences.
Get a Virus Program - Macs can have viruses and, more to the point, pass them on if they are received. Be good to yourself and your data and protect it from viruses. I use VirusBarrier, there are programs from Symantec, Virex [a bit old], Sophos, and free programs ClamAV and ClamXAV. And be sure to update your definitions regularly, and run it.
Wireless is like Radio - it not only receives data, it sends it. You need to make it difficult for people to steal or obtain your wireless signal or use it to access your comptuer. Use encryption of messages and material over wireless, set up your Airport Utility to use WPA security.
Practice Safe Computing: don't click on links in emails - enter the URL directly in the browser instead; if you can, use cable not wireless, in public hotspots [coffee cafes, city libraries, other general access points] do NOT do any banking or handling of extremely confidential information. The old saw about 'you're not paranoid, they really are out to get you' holds true -- maybe no one is targeting you, but they will target your data and use it for their own purposes [and hurt you in the process]. Make it hard to do so.
Your banks, brokerage accounts and other such are all interested in security. Don't pay attention to emails from them [probably spoofs or phishing] but go to your bank's or credit card or brokerage sites and check their information on security. Lots of good tips there too.
