FDI – Securing your Macintosh Computer 1. Introduction Security

Document Sample
FDI – Securing your Macintosh Computer 1. Introduction Security Powered By Docstoc
					                   FDI – Securing your Macintosh Computer

1. Introduction / Security overview
       a. Why talk about IT Security? What is IT Security?
                i. Rise in Phishing/Scamming/Social Engineering
               ii. Availability of confidential information due to internet
              iii. Physical security vs. “software” security
2. Hands On
       a. Patches – Importance of patching your computer and applications
                i. Demo Mac Auto patcher and settings
               ii. Briefly talk about patching other applications (Web Browsers,
                   Anti-virus, etc.)
       b. Firewalls – What is a firewall and why do I need it?
                i. Turning on Mac Firewall
               ii. Using DShield to see if you have been attacked -
                   http://dshield.cirt.vt.edu/
       c. Anti-Virus Software – Which ones, where do I get it, and how should I use
          it?
                i. Show Norton Download from VT
               ii. Go through Norton settings
                       1. Show anti-virus updates
                       2. Schedule Regular scans
       d. CIS Tools/Scanners
                i. Cisecurity.org - http://www.cisecurity.org/
               ii. Safetynet - https://safetynet.w2k.vt.edu/login.php
3. Discussions
       a. Password Policies
                i. Password Exercise – create passwords with participants
               ii. Password statistics
              iii. Good Passwords vs. Bad
       b. Data Protection
                i. FERPA Guidelines for grades
               ii. Confidential Information
              iii. Medical Studies / Human Subjects
              iv. Credit Card Information
               v. Scanning your machine for SSN’s -
                   http://filebox.vt.edu/users/rtilley/public/find_ssns/index.html
MAC

Mac Update:
  1. Open System Preferences and click Software Update
  2. Choose the Updates to install
  3. Click Software Update and select Preferences
  4. Set the update for the time period that serves you best, Daily, Weekly, Monthly



Firewall:


   1. Open System Preferences and click Sharing.
   2. Click Firewall, and then click Start.

       To block incoming traffic on ports used by one of the sharing services, disable
       that service in the Services pane.


Anti-virus:

   1. Go to the Symantec AntiVirus Downloads page
      (http://www.antivirus.vt.edu/download/).

       Important: This Symantec AntiVirus download is available at no charge for
       current Virginia Tech students, faculty, staff, and retirees only.

   2. Download the Norton installer.
        • In Safari:
               A. Under Macintosh, click the new Download link.
               B. In the Name text box, type your Virginia Tech PID.
               C. In the Password text box, type your PID password.
               D. Click the Log In button.
        • In Firefox/Netscape:
               A. Under Macintosh, click the new Download link.
               B. In the User Name text box, type your Virginia Tech PID.
               C. In the Password text box, type your PID password.
               D. Click OK.
               E. Select the Save to Disk option.
               F. Click OK.
               G. Save the installer to your desktop.
               H. On your desktop, double-click the navm10.0corp.dmg icon.
        • In Internet Explorer:
                A. Press and hold the Control key, click the new Download link, and
                    then select Download Link to Disk.
                B. Save the installer to your desktop.
                C. In the User ID text box, type your Virginia Tech PID.
                D. In the Password text box, type your PID password.
                E. Click OK.
                F. On your desktop, double-click the navm10.0corp.dmg icon.
3. Double-click the Norton AntiVirus Installer icon.
4. Click the Continue button.
5. In the Important Information window, click the Continue button.
6. In the Software License Agreement window, click the Continue button.
7. Click the Agree button.
8. Select where you want to install Norton AntiVirus.
9. Click the Continue button.
10. Click the Install or the Upgrade button.
11. An authenticate window will open. In the Name text box, type the name of an
    account on your computer that holds administrator privileges.

   Note: If you are unsure about these instructions, or if you do not have an account
   with computer administrator privileges, contact your computer's manufacturer,
   your departmental network liaison, or contact 4Help by using the Help Request
   Form (http://4help.vt.edu/) or by calling (540) 231-HELP (4357).

12. In the Password or Phrase text box, type your password.
13. Click OK.
14. Click the Continue Installation button.
15. Click the Logout button. Your computer will restart.

   Notes:

       •    After the restart, if you receive a "Norton AutoProtect" error message,
            click OK. The error will fix itself when you run LiveUpdate again.
        • If you receive a "SymEvent.kext" error message, click the Don't Use
            button. The error will fix itself when you run LiveUpdate again.
16. From the Go menu, select Applications.
17. Double-click the Norton AntiVirus icon.
18. Click the LiveUpdate button.
19. Click the Update Everything Now button. Your computer will download any
    available updates.
20. Click OK.
21. Click the Symantec Scheduler button.
22. Click the New button.
23. Click the AntiVirus Scan button.
24. In the Enter a Name for the Task text box, type a name for the scan.
25. Click the Browse button.
26. Select your hard drive.
   27. Click the Select button.
   28. From the Set a Frequency drop-down list, select Daily.
   29. In the Set the Time text box, type a time of day you know your computer will be
       running.
   30. Click the Save button.
   31. Close the Symantec Scheduler window.
   32. From the LiveUpdate menu, select Quit LiveUpdate.
   33. From the Norton AntiVirus menu, select Quit Norton AntiVirus.
   34. Close the Applications window.

Mac OS X – Security Checklist

This document is hosted at the University of Minnesota and is a good reference guide for
the steps you should take to secure your Macintosh computer.

Introduction

This document was prepared as a guideline for securing Mac OS X desktops. "Basic"
and "Level-2" Security settings are required for all workstations that work with private
data. "Basic" is required and "Level-2" is recommended for all other workstations on the
University network. Consult with your local technical support staff.

“Basic” Security Settings for Macintosh Computers

This is required for all workstations on the University network, including those that work
with private data.

System Preferences             Expected
                               Update Daily and Download important updates in the
Software Updates
                               background
                               Personal File Sharing Off (All services listed are NOT
Sharing-Services Tab
                               checked)
Sharing- Internet Tab          Internet Sharing Off
Sharing-Firewall Tab           Firewall On & only Allow (checked) Network Time


Symantec AntiVirus
                               Expected
Settings
Norton Auto-
                               Installed
Protect/Symantec*
Live Update                    Enabled
Virus Definition File Age      7 days or less
File System RealTime Protect Enabled
* Recommend installing SAV 10.X

“Level-2” Security Settings for Macintosh Computers

These additional settings are required for workstations that work with private data and are
recommended for all other workstations on the University network.

Settings                       Expected
Accounts- Auto-Login           Disable (uncheck Automatically log in as: )
Accounts- Display login
                               Check Name and password
window as


                               Bluetooth Power: Off (If required, Turn Bluetooth on and
Bluetooth
                               do not check Discoverable)


Network-IPv6                   IPv6 Off


                               FileVault protection is on. Recommended on desktops and
Security-FileVault
                               required on laptops.
Security-Master password       Master password is set
Security-Require password to
                             Check Require password to wake this computer
wake
Security-Automatic login       Check Disable automatic login
Security-Unlock secure         Check Require password to unlock each secure system
system preference              preference