Secure your Snow Leopard

Similar documents
Secure your Snow Leopard. Mac OS X Structure

9L0-412 Q&As. OS X Support Essentials 10.8 Exam. Pass Apple 9L0-412 Exam with 100% Guarantee

macos Security Checklist:

Additional Resources

Mac Integration Basics Participant Guide

How To Remove Virus From Windows OS

macos Security Checklist:

Apple EXAM - 9L OS X Support Essentials 10.9 Exam.

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Apple 9L OS X Support Essentials

Apple 9L Apple Certified Technical Coordinator v10.4 Update.

Apple Exam 9L0-412 OS X Support Essentials 10.8 Exam Version: 6.3 [ Total Questions: 86 ]

Cyber Essentials Questionnaire Guidance

osx Yosemite the missing manual The book that should have been in the box' David Pogue O'REILLY Farnham Koln Sebastopol Tokyo Beijing Cambridge

Vendor: Apple. Exam Code: 9L Exam Name: OS X v10.8 Troubleshooting Exam. Version: Demo

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Course Outline (version 2)

Mac Integration Basics Adding a Mac to a Windows or Other Standards-Based Network Course Guide

NetSupport Manager v11

User Guide. NetScaler Gateway Access

Contents. mac os x basics for new mac users

Mac OS X (10.8.2) Mt. Lion

You will save an Auto Server Setup file and use it in the next exercise.

New to Mac. Viewing Options in Finder:

TIBCO LiveView Web Getting Started Guide

osx Mavericks the missing manual9 The book that should have been in the box' David Pogue O'REILLY* Kbln Beijing Cambridge Farnham

Manual Removal Norton Internet Security Won't Open Or

QuickStart Guide for Managing Computers. Version 9.73

QuickStart Guide for Managing Computers. Version

VMware Workspace ONE UEM Apple tvos Device Management. VMware Workspace ONE UEM 1811 VMware AirWatch

QuickStart Guide for Managing Computers. Version 9.32

TIBCO LiveView Web Getting Started Guide

PGP(R) Desktop Version 10.1 for Mac OS X Release Notes

QuickStart Guide for Managing Computers. Version

Mac OS X v10.7 Troubleshooting Exam 9L0-063

IHAnywhere Installation and Usage Guide for Mac INFORMATION MANAGEMENT & INFORMATION TECHNOLOGY

ZuluDesk Management System is a powerful Mobile Device Management (MDM) solution designed for schools to manage their Apple devices over WiFi.

Aqua Connect Terminal Server 3.5 Advanced User Manual

How To Turn On Screensaver Immediately Mac Os X Mountain Lion

JCCC Virtual Labs. Click the link for more information on installing on that device type. Windows PC/laptop Apple imac or MacBook ipad Android Linux

Systems Deployment with Blast Image Config 3.0

Introducing Mountain Lion 7

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Adding Groups to Groups

Welcome to Mac OS X, the world s most advanced operating system. This book helps you start using Mac OS X. First install the software, then discover h

Apple Pro Training Series: OS X Support Essentials Updates & Errata

Apple OS Deployment Guide for the Enterprise

Using VMware View Client for Mac

Technology Services Group Procedures. IH Anywhere guide. 0 P a g e

Salesforce1 Mobile Security White Paper. Revised: April 2014

The University of Toledo Intune End-User Enrollment Guide:

Systems Deployment with Blast Image Config. May 22, 2013 Justin Elliott Penn State University

TechTalk: Implementing Citrix Receiver from Windows to iphone. Stacy Scott Architect, Worldwide Technical Readiness

OS 10.9 Mavericks. ApplePickers November 13, 2013

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Intro to the Apple Macintosh Operating System, OSX

Sophos Mobile Control Administrator guide. Product version: 5.1

MAC BASICS For MacBooks & imacs MacOS Mojave Part 5: WEB BROWSERS

Parallels Toolbox User's Guide

Select Icons p. 75 Work with Aliases p. 78 Open Files, Folders, and Applications p. 80 Move Files and Folders p. 82 Copy Files and Folders p.

Vision Exchange TM Frequently asked questions

Installing Firefox on Mac

A workshop on Appleʼs Latest Operating System OX 10.9 (Mavericks) Facilitated by Burt Stephens

DSS User Guide. End User Guide. - i -

Filesharing. Jason Healy, Director of Networks and Systems

Workspace ONE Chrome OS Platform Guide. VMware Workspace ONE UEM 1811


Macintosh OS X 10.3 Tips

Macintosh OS X 10.4 Tips

If your Mac keeps asking for the login keychain password

Getting to know your IPad. Question: How many of you own or have spent time with an IPhone, IPod touch, or IPad?

VMware Workspace ONE UEM Integration with Apple School Manager

Using Mavericks Mac OS X 10.9 part 2

Apple Exam 9L0-402 Support Essentials 10.5 Version: 5.0 [ Total Questions: 100 ]

22 August 2018 NETOP REMOTE CONTROL PORTAL USER S GUIDE

Sophos SafeGuard File Encryption for Mac Quick startup guide. Product version: 7

IRONKEY D300S SECURE USB 3.0 FLASH DRIVE

Manual Sync Contacts On My Iphone To Gmail Account Without Itunes

VMware AirWatch tvos Platform Guide Deploying and managing tvos devices

Data Management CS 4720 Mobile Application Development

PNY DUO-LINK On-The-Go Flash Drive for iphone and ipad. User Manual

PassGuide.9L0-422_82,QA

Getting Started GateManager5 PREMIUM Domain Administration

Recipient USER GUIDE

Manually Clear Chrome Cache Mac Os X Mountain Lion

MAC BASICS. 125 S. Prospect Avenue, Elmhurst, IL (630) elmhurstpubliclibrary.org. Start Using Computers, Tablets, and Internet

The images shown below were taken on computers running Windows 8, but the general process should work on both Windows 7 and Windows 8 computers.

Xton Access Manager GETTING STARTED GUIDE

Adobe Updater Manually Startup Utility Mac

1 WiPG-1600 User s Manual. WiPG User's Manual. version: 2.01

The more of these optional processes you remove, the more you'll improve Yosemite s performance.

Acronis and Acronis Secure Zone are registered trademarks of Acronis International GmbH.

Colligo Briefcase. for Good Technology. Administrator Guide

STREAM Integrated Risk Manager Multi-user Deployment Options

Chromebooks boot in seconds, and resume instantly. When you turn on a Chromebook and sign in, you can get online fast.

What s New for Enterprise and Education ios 11, macos High Sierra 10.13, tvos 11, and deployment tools and services

Use the Apple menu to change settings, get Mac OS X software, open recent items, and restart or shut down your computer.

GETTING STARTED WITH STUDENT LEARNING SPACE Instructions for Students

Tuesday 6th October Agenda

1Password for Mac. by Marcia Bolsinga for AshMUG 1/12/2019

Transcription:

Secure your Snow Leopard Benjamin Stanley apple Certified Trainer Structure of OS Safer Browsing System Prefs that help with security Managed prefs from server Keychain Hardware security AV and a little about mobile 1

Mac OS X Structure User Experience Aqua Dashboard Spotlight Accessibility Application Frameworks Cocoa Carbon Java Graphics and Media Core Animation Core Image Core Video QuickTime OpenGL Quartz Core Audio Darwin It helps to understand a little how the system is structured Darwin Open Source kernel with user layers on top. Some separation between core OS and application space give us some security 2

Mac OS X Structure In the file system users stuff and system stuff are separate users only have access to their things - administrator needed for /Library and /System 3

Mac OS X Structure There are actually more items than shown. MacOS X has two ways to hide files Start the name with a full stop. or set an extended attribute called hidden - done via the terminal and the chflags command DS_Store Desktop Services Store holds folder settings.trashes holds trashed items! 4

Mac OS X Structure System Administrator (root) Administrator sudo Standard Guest Sharing Root cannot login by default Directory Utility to enable and disable root user. sudo for an admin user to be root for a bit (5 mins) standard users see stuff locked guest login must be enabled - home folder deleted at logout sharing users only for remote access - no home so no login 5

Mac OS X Structure Look at Login Options 1. Auto Login 2. Login Window display 3. Join a directory 6

Mac OS X Structure Directory Local Connected OD AD edirectory Need to think about where our users are located Always a Local Datastore for local users Open Directory is our name for all directory stuff We can connect to an other directory: AD, OD, edirectory, any LDAP datasource 7

Mac OS X Structure Binding to AD Where is home? Local is good sync at logout If we are binding to AD for Authentication... We use Directory Utility or Accounts System Preference where is the home located? mobile account can cause sync issues best to keep things local and sync at logout 8

Mac OS X Structure Users on AD Permissions managed via OD Ideal set up is to leave users on AD and manage through OD Today we will focus on local stuff - things are very similar when connected to OD 9

Safer Browsing Safari 5 - ultra modern web browser HTML5 CSS3 uses WebKit (apple invented) used by Google Android, Nokia Series 60, Palm WebOS, Google Chrome Antiphishing and malware technology 10

Safer Browsing Lets have a look at Safari Preferences Open Safe files after downloading - turn off? Supports the Windows Attachment Monitor to notify AV software that a file has been downloaded and can prompt a scan of the downloaded file! 11

Safer Browsing All downloads are tagged so Mac OS X knows where the files were obtained from. The website time and date, just get info on a downloaded file to see this. Phishing websites are detected and a warning displayed. 12

Safer Browsing Cookies should be set to only be accepted from the current domain. Some people object to being tracked so will disable cookies completely. Setting this to never may cause issues with VLE or school management tools. 13

Safer Browsing You may be surprised to see how many sites use cookies to store user information and how long they will be kept as a record of your browsing history. Of course the remove button will tidy this list up. Cookies are stored in the Users Library folder in a folder called Cookies as a Property list file. ~/Library/Cookies/Cookies.plist 14

Safer Browsing Cookies and other browsing information can be cleared by choosing to Reset Safari from the Safari application menu. Choose what to reset then click Reset 15

System Preferences We are going to look at Security Parental Controls (local managed prefs) Sharing Spotlight Hiding System Preferences 16

Security Lock Screen Parental Controls Managed Preferences Security Preferences Require password Disable auto login Log out after x minutes, problem with unsaved docs - demo on next slide 17

Security Bit of an issue if documents are not saved/closed User education is needed. 18

Security Lock Screen Parental Controls Managed Preferences FileVault is for securing home folders Strong 256-bit AES (Advanced Encryption Standard) encryption Master password must be set as a safety net in case user forgets password 19

Security Firewall - application level - easy for users, a fairly automatic process. When opening an app that needs net access user is asked to allow or deny. Enabling Stealth Mode stops ICMP (Internet Control Message Protocol) responses. 20

Parental Controls Parental Controls - Think of these as Local managed preferences We can choose what applications and access to hardware the user has. Simple Finder is useful and secure, but will quickly get in the way for advanced users. 21

Parental Controls Parental Controls - Think of these as Local managed preferences Content filtering, dictionary and web Websites can be specified on an allow and deny list 22

Sharing Mac OS X can share all sorts of things, hardware, connections, files, services, host. It is a good idea to turn off what isn t required. Restrict access to certain users or groups for services you do enable. 23

Sharing for example With remote login which gives command line access to the machine over the network using SSH we should restrict this to admin users only. 24

Sharing Selecting file sharing turns on AFP. Notice all public folders for local users are shared as read only (a drop box inside allows write only) To share via SMB, turn it on and enter password! stores as NTLMv2 for windows users 25

Spotlight Privacy Spotlight is our searching and indexing service Indexes everything, file names, contents, all metadata Choose what is shown in the results list Control what isn t included in the Spotlight index Might be worth adding USB sticks with confidential data to the privacy list so they are never indexed. Index is stored in.spotlight-v100 at the root. 26

Software Update Software updates from Apple for the OS and Apple software You may want to disable auto checking and deploy manually All updates now delivered with a certificate. Run your own software update server to mirror the updates Security updates delivered as required, no release schedule (patching Tuesday) 27

Network Good idea to disable network ports that are not needed. Just select the port and choose Make service inactive from the Action menu 28

Hide System Prefs Can lock Grey icon if managed Move to hide /System/Library/PreferencePanes We know can lock system prefs Through managed preferences we can deny access but it may be better to hide them? 29

Hide System Prefs take accounts for example 30

Hide System Prefs if we trash it 31

Hide System Prefs Remove rather than hide /System/Library/PreferencePanes it disappears! Not the best way 32

Hide System Prefs Accounts.prefPane Bit silly to do that, so... Would be better to move to /Users/LocalAdminUser/Library/PreferencePanes so only that user can access 33

Managing Preferences Talk about server side preference management More control over who can do what Control from a central location - a Mac OS X server 34

Managing Preferences Here s what we have Lots of things to control and at various levels user, workgroup, computer and computer group 35

Managing Preferences managed Finder preferences control what users can access and what is show on the desktop Simple Finder gives minimal access 36

Managing Preferences managed Finder commands Commands to access other stuff can be de-activated 37

Managing Preferences managed Media Access preferences Select what physical and virtual storage can be used. Block USB stick access or set to require authentication. 38

Managing Preferences managed System Preferences preferences Hide system prefs from view - sensible 39

Keychain 40

Keychain Stores passwords and other information securely Login.keychain is locked with the same password as the users account, unlocks on login Keychain Access is the program to look after the keychain Any time the user clicks Remember password is stored in keychain 41

Keychain Keychain Access preferences allow us to Lock the screen. Like turning on a screen saver and asking for password on wake 42

Secure Erase & Format Empty trash from finder menu Secure empty trash like a 7 pass erase Can use Disk Utility to erase free space, 7 pass or 35 pass! 43

Securing the Hardware Firmware Password utility on the Snow Leopard DVD via Deploy Studio script through Apple Remote Desktop Knowledge Base article HT1352 Firmware password - set from a utility on the DVD Requests password if any keys held at startup DeployStudio post image task 44 http://support.apple.com/kb/ht1352 http://developer.apple.com/samplecode/applyfirmwarepassword/

Securing the Hardware All macs (except macbook air and new mini) have a Kensington compatible lock slot MacPro has a side panel lock to restrict internal access 45

Anti-virus or not? With any virus a glass of whisky or lemon and honey often help! 46

Anti-virus or not? Malware, Trojan or Virus RSPlug-F iworks-a Leap-A Current level of risk is minimal, arguably negligible, but real. Malware is in existence, and can do some nasty stuff. Remember system/user are separate - anything that asks for admin rights should be treated with respect. RSPlug-F - changes DNS settings Leap-A OompaLoompa! application dressed as an image (no effect on standard user account) We should be nice to other computer users on our network - our mac could be a gateway in from a USB stick. 47

Anti-virus or not? Solutions available Intego Virus Barrier McAfee VirusScan for Mac Norton for Mac 11 ClamXav - free open source solution Sophos Whatever you choose keep it up to date 48

Anti-virus or not? Sophos have an iphone app to show current threats, free from App Store Anti-virus conclusion... minimal threat, run something just in case to protect your network - good idea to run something server side. 49

Mobile Security Snow Leopard has been our main topic today But think about security on mobile devices as their use becomes more widespread 50

Mobile Security ipod and ipad can be secured. Restrictions can be put in place for all ios devices, restrictions hidden behind a passcode. Virus even less of an issue as all apps checked. 51

Training apple Authorised Training Centre RM have a national training provider with NTI Authorised Apple Training Centre delivering accredited, certified Apple courses Snow 101 for client, Snow 201 for server, 301, 302, 303 for Deployment, Directory and Security & Mobility 52

Thank you Any questions? Benjamin Stanley ben@trilby.co.uk We ve covered a lot today Structure of OS, Safer Browsing, System Prefs that help with security Managed prefs from server, Keychain, Hardware security, AV and a little about mobile Any questions? 53

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback