Advertising
Advertising

10 Ways To Prevent Your Mac From Being Hacked

10 Ways To Prevent Your Mac From Being Hacked

Information protection is now scrutinized in all commercial and government industries. Theft of information has crippled many organizations and businesses. One of the main reasons information is lost, corrupt, or stolen is because many industries have not fully adopted it as a risk, and have yet to implement strong quality assurance policies and programs.

Some of the most common risks are because of unattended computers, weak passwords, and poor information management practices. Hackers look for the weakest target and tunnel into a business from easy sources, like tablets or cell phones.Using smart encryption software can remediate this threat and vulnerability, making it difficult for competitors or rookie hackers to penetrate your device. However, software alone is not enough to prevent Macs from being hacked. It is the Mac user who has the authority and resources to save it from potential penetration. The top 10 ways to prevent your Mac from being hacked is discussed below. Following all these tips will surely make your Mac hack-resistant. As a word of caution, before starting on the below processes, be sure to back-up your system first.

1. Don’t Surf or Read Mail Using the Administrator Account

Create a non-administrator user in the Accounts pane of System Preferences and use this account for everyday tasks. Only log in with an administrator account when you need to perform system administration tasks.

2. Use Software Update

Regularly applying system updates is extremely important.

For Internet-connected systems: Open the Software Update pane in System Preferences. Ensure that “Check for Updates” is enabled, and set it to “Daily” (or the most frequent setting). There is a command line version available as well, called Software Update. Read its main-page for more details.

Apple-Download-Page

    For systems not connected to the Internet: Retrieve updates regularly from www.apple.com/support/downloads. Be sure to verify that the SHA-1 digest of any download matches the digest published there, using the following command: /usr/bin/openssl sha1 download.dmg

    Advertising

    3. Account Settings

    You want to disable Automatic Login. To do this, open the Accounts pane in System Preferences. Click on “Login Options.” Set “Automatic login” to “Off.” Set “Display login window as” to “Name and password.”

    To disable Guest Account and Sharing, select the Guest Account and then disable it by unchecking “Allow Guest to log in to this computer.” Also, uncheck “Allow guests to connect to shared folders.”

    4. Secure Users’ Home Folder Permissions

    To prevent users and guests from perusing other users’ home folders, run the following command for each home folder: sudo chmod go-rx /Users/username

    5. Firmware Password

    Set a firmware password that will prevent unauthorized users from changing the boot device or making other changes. Apple provides detailed instructions for Leopard (which apply to Snow Leopard) here:
    http://support.apple.com/kb/ht1352

    6. Disable IPv6 and AirPort when Not Needed

    Open the Network pane in System Preferences. For every network interface listed:

    • If it is an AirPort interface but AirPort is not required, click “Turn AirPort off.”
    • Click “Advanced.” Click on the TCP/IP tab and set “Configure IPv6:” to “Off” if not needed. If it is an AirPort interface, click on the AirPort tab and enable “Disconnect when logging out.”

    7. Disable Unnecessary Services

    The following services can be found in /System/Library/LaunchDaemons. Unless needed for the purpose shown in the second column, disable each service using the command below, which needs the full path specified: sudo launchctl unload -w System/Library/LaunchDaemons/com.apple.blued.plist

    • com.apple.blued.plist – Bluetooth
    • com.apple.IIDCAssistant.plist – iSight
    • com.apple.nis.ypbind.plist – NIS
    • com.apple.racoon.plist – VPN
    • com.apple.RemoteDesktop.PrivilegeProxy.plist – ARD
    • com.apple.RFBEventHelper.plist – ARD
    • com.apple.UserNotificationCenter.plist – User notifications –
    • com.apple.webdavfs_load_kext.plist – WebDAV –
    • org.postfix.master – email server

    Other Services Can be found here: /System/Library/LaunchAgents and can be disabled the same exact way as the items listed above.

    Advertising

    8. Disable Setuid and Setgid Binaries

    Setuid programs run with the privileges of the file’s owner (which is often root), no matter which user executes them. Bugs in these programs can allow privilege escalation attacks.

    To find setuid and setgid programs, use the commands:

    • find / -perm -04000 -ls
    • find / -perm -02000 -ls

    After identifying setuid and setgid binaries, disable setuid and setgid bits (using chmod ug-s programname) on those that are not needed for system or mission operations. The following files should have their setuid or setgid bits disabled unless required. The programs can always have their setuid or setgid bits re-enabled later, if necessary.

    • /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent – Apple Remote Desktop
    • /System/Library/Printers/IOMs/LPRIOM.plugin/Contents/MacOS/LPRIOMHelper – Printing
    • /sbin/mount_nfs – NFS
    • /usr/bin/at – Job Scheduler
    • /usr/bin/atq- Job Scheduler
    • /usr/bin/atrm – Job Scheduler
    • /usr/bin/chpass – Change user info
    • /usr/bin/crontab – Job Scheduler
    • /usr/bin/ipcs – IPC statistics
    • /usr/bin/newgrp – Change Group
    • /usr/bin/postdrop – Postfix Mail
    • /usr/bin/postqueue – Postfix Mail
    • /usr/bin/procmail – Mail Processor
    • /usr/bin/wall – User Messaging
    • /usr/bin/write – User Messaging
    • /bin/rcp – Remote Access (Insecure)
    • /usr/bin/rlogin – /usr/bin/rsh
    • /usr/lib/sa/sadc – System Activity Reporting
    • /usr/sbin/scselect – User-selectable Network Location
    • /usr/sbin/traceroute – Trace Network
    • /usr/sbin/traceroute6 – Trace Network

    9. Configure and Use Both Firewalls

    The Mac system includes two firewalls: the IPFW Packet-Filtering Firewall, and the new Application Firewall. The Application Firewall limits which programs are allowed to receive incoming connections. It is quite easy to configure the Application Firewall. Below, I mention how to configure Mac’s Application firewall. Configuring the IPFW Firewall requires more technical expertise and cannot be fully described here. It involves creating a file with manually written rules (traditionally, /etc/ipfw.conf), and also adding a plist file to /Library/LaunchDaemons to make the system read those rules at boot. These rules depend heavily on the network environment and the system’s role in it.

    How to Configure Application Firewall in Mac

    In only Four steps you can easily configure the Application Firewall in Mac.

    1. Select System Preferences from the Apple Menu

    Advertising

    how to prevent mac from being hacked

      2. From the System Preferences Pane select Security. Then click on the Firewall Tab. Ignore the other Tabs (General and Firevault ).
      3. On the Firewall tab, you may need to unlock the pane, if it is locked. To unlock, click on the small pad lock on lower left corner and enter your Administrator Username and Password.

      how to prevent mac from being hacked

        4. Click Start to enable Mac’s Application Firewall. The green light beside Firewall Status and the ON notification will ensure that the Firewall is running smoothly.

        You can further customize the Firewall configuration by clicking on the Advance button on the right side.

        There are three Advance option in the Firewall Tab

        1. Block All Incoming Connections: Blocking all incoming connections will disable most of the sharing services like File Sharing, Screen Sharing and others. It will only allow basic internet service. Keeping it checked or unchecked depends with on the user.

        how to prevent mac from being hacked

          2. Automatically allow signed software to receive incoming connections:I prefer to keep this option unchecked. This will automatically add software signed by “any” valid authority to the allowed list of Software rather than prompting the users to authorize them.

          3. Enable stealth mode: I always keep this option checked. This prevent your Mac from responding to ping requests and port scans

          Advertising

          10. Safari Preferences

          Safari will automatically open some files by default. This behavior could be leveraged to perform attacks. To disable, uncheck “Open safe files after downloading” in the General tab. Unless specifically required, Safari’s Java should be disabled to reduce the browser’s attack surface. On the Security tab, uncheck “Enable Java.”Also, private browsing in Safari is a great way to stop hackers from picking up bread crumbs and using them against you later.

          Bonus Tip: Disable Bluetooth and Airport

          The best way to disable Bluetooth hardware is to have an Apple-certified technician remove it.If this is not possible, disable it at the software level by removing the following files from /System/Library/Extensions:

          IOBluetoothFamily.kext

          IOBluetoothHIDDriver.kext

          The best way to disable AirPort is to have the AirPort card physically removed from the system.If this is not possible, disable it at the software level by removing the following file from /System/Library/Extensions:

          IO80211Family.kext

          If followed carefully, the above mentioned tips can outdo a hacker’s technology to compromise your Mac. However, as technology advances, hacker use ever-more innovative ways to penetrate your Mac. If you know other ways to hack into a Mac, please share with us in the comments below!

          More by this author

          how to prevent mac from being hacked 10 Ways To Prevent Your Mac From Being Hacked

          Trending in Mac

          1 20 Best Productivity Apps for Mac You Should Have in 2019 2 15 Mac Hacks You’ve Probably Never Heard Of 3 10 Ways To Prevent Your Mac From Being Hacked 4 3 Things to Consider When Uploading Videos to YouTube 5 Top 5 Reliable Backup Apps for Data on Mac

          Read Next

          Advertising
          Advertising
          Advertising

          Last Updated on February 15, 2019

          7 Tools to Help Keep Track of Goals and Habits Effectively

          7 Tools to Help Keep Track of Goals and Habits Effectively

          Now that 2011 is well underway and most people have fallen off the bandwagon when it comes to their New Year’s resolutions (myself included), it’s a good time to step back and take an honest look at our habits and the goals that we want to achieve.

          Something that I have learned over the past few years is that if you track something, be it your eating habits, exercise, writing time, work time, etc. you become aware of the reality of the situation. This is why most diet gurus tell you to track what you eat for a week so you have an awareness of the of how you really eat before you start your diet and exercise regimen.

          Tracking daily habits and progress towards goals is another way to see reality and create a way for you clearly review what you have accomplished over a set period of time. Tracking helps motivate you too; if I can make a change in my life and do it once a day for a period of time it makes me more apt to keep doing it.

          So, if you have some goals and habits in mind that need tracked, all you need is a tracking tool. Today we’ll look at 7 different tools to help you keep track of your habits and goals.

          Joe’s Goals

          Advertising

             

            Joe’s Goals is a web-based tool that allows users to track their habits and goals in an easy to use interface. Users can add as many goals/habits as they want and also check multiple times per day for those “extra productive days”. Something that is unique about Joe’s Goals is the way that you can keep track of negative habits such as eating out, smoking, etc. This can help you visualize the good things that you are doing as well as the negative things that you are doing in your life.

            Joe’s Goals is free with a subscription version giving you no ads and the “latest version” for $12 a year.

            Daytum

              Daytum

              is an in depth way of counting things that you do during the day and then presenting them to you in many different reports and groups. With Daytum you can add several different items to different custom categories such as work, school, home, etc. to keep track of your habits in each focus area of your life.

              Advertising

              Daytum is extremely in depth and there are a ton of settings for users to tweak. There is a free version that is pretty standard, but if you want more features and unlimited items and categories you’ll need Daytum Plus which is $4 a month.

              Excel or Numbers

                If you are the spreadsheet number cruncher type and the thought of using someone else’s idea of how you should track your habits turns you off, then creating your own Excel/Numbers/Google spreadsheet is the way to go. Not only do you have pretty much limitless ways to view, enter, and manipulate your goal and habit data, but you have complete control over your stuff and can make it private.

                What’s nice about spreadsheets is you can create reports and can customize your views in any way you see fit. Also, by using Dropbox, you can keep your tracker sheets anywhere you have a connection.

                Evernote

                Advertising

                  I must admit, I am an Evernote junky, mostly because this tool is so ubiquitous. There are several ways you can implement habit/goal tracking with Evernote. You won’t be able to get nifty reports and graphs and such, but you will be able to access your goal tracking anywhere your are, be it iPhone, Android, Mac, PC, or web. With Evernote you pretty much have no excuse for not entering your daily habit and goal information as it is available anywhere.

                  Evernote is free with a premium version available.

                  Access or Bento

                    If you like the idea of creating your own tracker via Excel or Numbers, you may be compelled to get even more creative with database tools like Access for Windows or Bento for Mac. These tools allow you to set up relational databases and even give you the option of setting up custom interfaces to interact with your data. Access is pretty powerful for personal database applications, and using it with other MS products, you can come up with some pretty awesome, in depth analysis and tracking of your habits and goals.

                    Bento is extremely powerful and user friendly. Also with Bento you can get the iPhone and iPad app to keep your data anywhere you go.

                    Advertising

                    You can check out Access and the Office Suite here and Bento here.

                    Analog Bonus: Pen and Paper

                    All these digital tools are pretty nifty and have all sorts of bells and whistles, but there are some people out there that still swear by a notebook and pen. Just like using spreadsheets or personal databases, pen and paper gives you ultimate freedom and control when it comes to your set up. It also doesn’t lock you into anyone else’s idea of just how you should track your habits.

                    Conclusion

                    I can’t necessarily recommend which tool is the best for tracking your personal habits and goals, as all of them have their quirks. What I can do however (yes, it’s a bit of a cop-out) is tell you that the tool to use is whatever works best for you. I personally keep track of my daily habits and personal goals with a combo Evernote for input and then a Google spreadsheet for long-term tracking.

                    What this all comes down to is not how or what tool you use, but finding what you are comfortable with and then getting busy with creating lasting habits and accomplishing short- and long-term goals.

                    Read Next