I’ve found myself doing a fair bit of work for a number of clients, concentrating on client security (e.g. security of user’s Macs). After some thought, I’ve decided to do another mini-series regarding simple methods to ‘harden’ your Mac computer.
Now this is geared a bit more to end users, rather then IT administrators but the points made are valid for both your home users, end users and the Mac IT Administrators, so by all means, read on!
Before getting started:
A lot of the items recommended in this series involve making your Mac more secure. A secondary result of this is that your data will be harder to recover if things should go wrong. Please ensure you have a full, all encompassing and tested (!) backup of your data before attempting these recommendations or you could find yourself locked out of your data!
Right, lets get to it.
Lock screen
Any Windows users in a corporate department will tell you that when they step away from their computers they hit a few keys and the screen is locked. Now this requirement is typically true for Mac users but they don’t have the nice easy keyboard shortcut to carry this out. An alternative requirement is demonstrated by the typical ‘Facebook hack’ wherein you leave your Mac logged in to go carry out a task and a friend or family member jumps on and modifies your Facebook profile to some amusing status.
Both of these situations can be resolved with the use of a hot corner and a screensaver lock.
A what-now?
No idea what these are? Fair enough, it could well be the names I’ve used are not the correct or popular names for these features and for that I apologise. Let me try to explain.
Screensaver lock – This feature, if enabled (as shown in Russ’s blog), requires the logged in user’s password to wake the computer from ‘sleep’ or screensaver.
Hot corner – This feature, introduced in 10.4/10.5, allows you to move your mouse curser into a particular area to initiate an action. For example, I could set the lower right corner to show my desktop. Each time I move my mouse into this corner, all the windows move out of the way and I can see my desktop.
Sounds like fun, how do I make it go?
How about some step-by-step instructions, complete with screenshots?
1. Log into your Mac and launch System Preferences. This is typically located in the default Dock (pictured) but can also be accessed from the Apple Menu (click the apple in the top left, then “System Preferences”) or from the Applications folder.
2. Once you have System Preferences open, click the “Security & Privacy” pane
3. Once in the Security & Privacy are of System Preferences, ensure you are in the default “General” tab and set the “Require Password [x] after sleep or screen saver begins” to “immediately”.
4. Click the “Show All” button at the top, and select the “Desktop & Screen Saver” pane.
5. Select the “Screen Saver” tab at the top of this window.
6. Select the drop down menu labelled “Start after [x]” and set this to the required time. I’d recommend 10 minutes.
7. Click the “Hot Corners…” button in the lower right corner.
8. In here select the corner you want to trigger your screen saver and use the drop down menu to set it to “Start Screen Saver” or “Put the display to Sleep”. I’d recommend the lower left corner as this will interfere less with the general use of the machine. You wouldn’t want to keep enabling your screen saver as you try to work would you?
9. And you’re done! Whenever you walk away from your machine, remember to move your mouse curser to the lower left corner of your Mac screen and the machine will be locked until you use your password to unlock it.
Summary
I hope that little setting change will help out any security conscious users out there, or at least prevents some Facebook ‘Hacking’!
In the future I’m thinking of looking at enabling and using FileVault 2 and remote wiping your device. Any other recommendations are welcome! Let us know in the comments below and I’ll try to respond to and delve into as many as I can.
Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.
If you require help with securing OS X or iOS devices within your organisation please get in touch, or check out our range of support & consultancy services here.