Security Configuration Guidelines for Apple’s Mac OS X 10.5 (Leopard) by The National Security Agency
The National Security Agency developed a configuration guide for default installations of Leopard. According to Information Week, it’s not a completely comprehensive guide but it’s a good start — While the agency’s advice may not be sufficient to stop a government agency like, say, the NSA, from accessing one’s Mac, it should significantly improve one’s security posture against less capable hackers.
The National Security Agency Security Configuration Guidelines
-
Don’t Surf or Read Mail using Admin Account
-
Use Software Update: Regularly applying system updates is extremely important
-
Disable Automatic Login and User List and Disable guest account and sharing.
-
In the System Preferences Security Pane, set Require Password when waking the computer from sleep or a screensaver. Also, disable automatic login, use secure virtual memory, and disable remote control infrared receiver if present. Consider activating FileVault, particularly for portable systems
-
In the Firewall tab, select "Allow only essential services." Click the Advanced button and enable Firewall Logging and Stealth Mode.
-
The NSA recommendations also cover securing users’ home folder permissions, physical security, disabling IPv6, AirPort and other unnecessary services when not needed, disabling Setuid and Setgid binaries, configuring and using both firewalls, among other suggestions.
