Advertising
Advertising

10 Ways To Prevent Your Mac From Being Hacked

10 Ways To Prevent Your Mac From Being Hacked

Information protection is now scrutinized in all commercial and government industries. Theft of information has crippled many organizations and businesses. One of the main reasons information is lost, corrupt, or stolen is because many industries have not fully adopted it as a risk, and have yet to implement strong quality assurance policies and programs.

Some of the most common risks are because of unattended computers, weak passwords, and poor information management practices. Hackers look for the weakest target and tunnel into a business from easy sources, like tablets or cell phones.Using smart encryption software can remediate this threat and vulnerability, making it difficult for competitors or rookie hackers to penetrate your device. However, software alone is not enough to prevent Macs from being hacked. It is the Mac user who has the authority and resources to save it from potential penetration. The top 10 ways to prevent your Mac from being hacked is discussed below. Following all these tips will surely make your Mac hack-resistant. As a word of caution, before starting on the below processes, be sure to back-up your system first.

1. Don’t Surf or Read Mail Using the Administrator Account

Create a non-administrator user in the Accounts pane of System Preferences and use this account for everyday tasks. Only log in with an administrator account when you need to perform system administration tasks.

2. Use Software Update

Regularly applying system updates is extremely important.

For Internet-connected systems: Open the Software Update pane in System Preferences. Ensure that “Check for Updates” is enabled, and set it to “Daily” (or the most frequent setting). There is a command line version available as well, called Software Update. Read its main-page for more details.

Apple-Download-Page

    For systems not connected to the Internet: Retrieve updates regularly from www.apple.com/support/downloads. Be sure to verify that the SHA-1 digest of any download matches the digest published there, using the following command: /usr/bin/openssl sha1 download.dmg

    Advertising

    3. Account Settings

    You want to disable Automatic Login. To do this, open the Accounts pane in System Preferences. Click on “Login Options.” Set “Automatic login” to “Off.” Set “Display login window as” to “Name and password.”

    To disable Guest Account and Sharing, select the Guest Account and then disable it by unchecking “Allow Guest to log in to this computer.” Also, uncheck “Allow guests to connect to shared folders.”

    4. Secure Users’ Home Folder Permissions

    To prevent users and guests from perusing other users’ home folders, run the following command for each home folder: sudo chmod go-rx /Users/username

    5. Firmware Password

    Set a firmware password that will prevent unauthorized users from changing the boot device or making other changes. Apple provides detailed instructions for Leopard (which apply to Snow Leopard) here:
    http://support.apple.com/kb/ht1352

    6. Disable IPv6 and AirPort when Not Needed

    Open the Network pane in System Preferences. For every network interface listed:

    • If it is an AirPort interface but AirPort is not required, click “Turn AirPort off.”
    • Click “Advanced.” Click on the TCP/IP tab and set “Configure IPv6:” to “Off” if not needed. If it is an AirPort interface, click on the AirPort tab and enable “Disconnect when logging out.”

    7. Disable Unnecessary Services

    The following services can be found in /System/Library/LaunchDaemons. Unless needed for the purpose shown in the second column, disable each service using the command below, which needs the full path specified: sudo launchctl unload -w System/Library/LaunchDaemons/com.apple.blued.plist

    • com.apple.blued.plist – Bluetooth
    • com.apple.IIDCAssistant.plist – iSight
    • com.apple.nis.ypbind.plist – NIS
    • com.apple.racoon.plist – VPN
    • com.apple.RemoteDesktop.PrivilegeProxy.plist – ARD
    • com.apple.RFBEventHelper.plist – ARD
    • com.apple.UserNotificationCenter.plist – User notifications –
    • com.apple.webdavfs_load_kext.plist – WebDAV –
    • org.postfix.master – email server

    Other Services Can be found here: /System/Library/LaunchAgents and can be disabled the same exact way as the items listed above.

    Advertising

    8. Disable Setuid and Setgid Binaries

    Setuid programs run with the privileges of the file’s owner (which is often root), no matter which user executes them. Bugs in these programs can allow privilege escalation attacks.

    To find setuid and setgid programs, use the commands:

    • find / -perm -04000 -ls
    • find / -perm -02000 -ls

    After identifying setuid and setgid binaries, disable setuid and setgid bits (using chmod ug-s programname) on those that are not needed for system or mission operations. The following files should have their setuid or setgid bits disabled unless required. The programs can always have their setuid or setgid bits re-enabled later, if necessary.

    • /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent – Apple Remote Desktop
    • /System/Library/Printers/IOMs/LPRIOM.plugin/Contents/MacOS/LPRIOMHelper – Printing
    • /sbin/mount_nfs – NFS
    • /usr/bin/at – Job Scheduler
    • /usr/bin/atq- Job Scheduler
    • /usr/bin/atrm – Job Scheduler
    • /usr/bin/chpass – Change user info
    • /usr/bin/crontab – Job Scheduler
    • /usr/bin/ipcs – IPC statistics
    • /usr/bin/newgrp – Change Group
    • /usr/bin/postdrop – Postfix Mail
    • /usr/bin/postqueue – Postfix Mail
    • /usr/bin/procmail – Mail Processor
    • /usr/bin/wall – User Messaging
    • /usr/bin/write – User Messaging
    • /bin/rcp – Remote Access (Insecure)
    • /usr/bin/rlogin – /usr/bin/rsh
    • /usr/lib/sa/sadc – System Activity Reporting
    • /usr/sbin/scselect – User-selectable Network Location
    • /usr/sbin/traceroute – Trace Network
    • /usr/sbin/traceroute6 – Trace Network

    9. Configure and Use Both Firewalls

    The Mac system includes two firewalls: the IPFW Packet-Filtering Firewall, and the new Application Firewall. The Application Firewall limits which programs are allowed to receive incoming connections. It is quite easy to configure the Application Firewall. Below, I mention how to configure Mac’s Application firewall. Configuring the IPFW Firewall requires more technical expertise and cannot be fully described here. It involves creating a file with manually written rules (traditionally, /etc/ipfw.conf), and also adding a plist file to /Library/LaunchDaemons to make the system read those rules at boot. These rules depend heavily on the network environment and the system’s role in it.

    How to Configure Application Firewall in Mac

    In only Four steps you can easily configure the Application Firewall in Mac.

    1. Select System Preferences from the Apple Menu

    Advertising

    how to prevent mac from being hacked

      2. From the System Preferences Pane select Security. Then click on the Firewall Tab. Ignore the other Tabs (General and Firevault ).
      3. On the Firewall tab, you may need to unlock the pane, if it is locked. To unlock, click on the small pad lock on lower left corner and enter your Administrator Username and Password.

      how to prevent mac from being hacked

        4. Click Start to enable Mac’s Application Firewall. The green light beside Firewall Status and the ON notification will ensure that the Firewall is running smoothly.

        You can further customize the Firewall configuration by clicking on the Advance button on the right side.

        There are three Advance option in the Firewall Tab

        1. Block All Incoming Connections: Blocking all incoming connections will disable most of the sharing services like File Sharing, Screen Sharing and others. It will only allow basic internet service. Keeping it checked or unchecked depends with on the user.

        how to prevent mac from being hacked

          2. Automatically allow signed software to receive incoming connections:I prefer to keep this option unchecked. This will automatically add software signed by “any” valid authority to the allowed list of Software rather than prompting the users to authorize them.

          3. Enable stealth mode: I always keep this option checked. This prevent your Mac from responding to ping requests and port scans

          Advertising

          10. Safari Preferences

          Safari will automatically open some files by default. This behavior could be leveraged to perform attacks. To disable, uncheck “Open safe files after downloading” in the General tab. Unless specifically required, Safari’s Java should be disabled to reduce the browser’s attack surface. On the Security tab, uncheck “Enable Java.”Also, private browsing in Safari is a great way to stop hackers from picking up bread crumbs and using them against you later.

          Bonus Tip: Disable Bluetooth and Airport

          The best way to disable Bluetooth hardware is to have an Apple-certified technician remove it.If this is not possible, disable it at the software level by removing the following files from /System/Library/Extensions:

          IOBluetoothFamily.kext

          IOBluetoothHIDDriver.kext

          The best way to disable AirPort is to have the AirPort card physically removed from the system.If this is not possible, disable it at the software level by removing the following file from /System/Library/Extensions:

          IO80211Family.kext

          If followed carefully, the above mentioned tips can outdo a hacker’s technology to compromise your Mac. However, as technology advances, hacker use ever-more innovative ways to penetrate your Mac. If you know other ways to hack into a Mac, please share with us in the comments below!

          More by this author

          how to prevent mac from being hacked 10 Ways To Prevent Your Mac From Being Hacked

          Trending in Mac

          1 15 Mac Hacks You’ve Probably Never Heard Of 2 10 Ways To Prevent Your Mac From Being Hacked 3 6 Tips To Stay Secure While Shopping Online 4 5 Best HDR Software For Mac Users to Try in 2017 5 9 Basic Mac Hacks To Make Your Life Super Easy

          Read Next

          Advertising
          Advertising
          Advertising

          Published on September 25, 2020

          10 Best VPNs to Browse the Internet More Securely

          10 Best VPNs to Browse the Internet More Securely

          When it comes to digital security, public Wi-Fi networks aren’t safe enough, making it much easier for hackers to access your personal data. Whether you are studying in a library or scrolling through Facebook in a coffeehouse, it is vital to have a VPN installed on your device.

          VPNs work wonders when it comes to securing your internet connection. By creating an encrypted tunnel between a remote server run by the VPN service, they protect your personal data from prying eyes. There is a variety of VPNs available on the web, and we have collated a list of the best VPNs that stand out from the rest.

          How to Choose a VPN

          • Free trial period – Free trials allow you to try the product risk-free. The same idea technically applies to those with 30-day full refunds as well.
          • Speed – You want your VPN to be just as fast as the internet speed at home. Good quality VPNs are ones where you see little difference between those speeds.
          • Device connection – Of course, the more devices that can connect to VPNs, the better. It increases the customers’ coverage and the product’s value. You also want to consider compatibility since fewer VPNs may work for Mac or Windows only.
          • Number of servers – The number of servers determines how much capacity a VPN can handle while you are connected. The more servers there are, the more users it can handle without running into potential disconnections or slow speeds.
          • Kill switch feature – Having this feature means that your IP address isn’t exposed if the VPN disconnects for some reason. A lack of this feature is a big deal since the whole reason why you’re paying for a VPN is to hide your IP address, among other things. (Find out how to avoid getting tracked online here: Big Brother Is Watching You Online: How To Avoid Being Tracked)

          Why You Should Trust Us

          Our hand-picked VPNs are incredibly efficient and offer such distinctive features that grant you safe browsing. They outperform many VPNs in terms of both speed and security. Their primary aim is to provide you the utmost security, thus enabling you to surf the web safely and prevent any potential threat from causing harm.

          Among the best VPNs’ many unique features include split tunneling, strict logging policies, high encryption level, and availability of international servers. We have gathered them in this article to enlighten our readers and offer the best pieces of advice before you get one. Therefore, take our word for it, and if you go for a VPN mentioned below, you’d be fully appeased.

          1. NordVPN

          The most popular VPN on the market these days is NordVPN, and it’s easy to see why. It has widespread coverage, offering a selection of over 5,000 servers spanning across 59 countries.[1] Due to the high number of servers, its speed is similar to your Wi-Fi at home.

          Lifehack’s CEO, Leon, has been using NordVPN for many years and wants to recommend it for its remarkable server count in different locations with no-logs policy. The VPN perfectly works with Netflix and Fire TV stick, too.

          NordVPN is also compatible with Mac, Windows, and Linux. You can download the app onto Chrome, Firefox, Android, and Mac OS. Thanks to its massive coverage, it’s easy to connect multiple devices onto these servers.

          In terms of pricing, while NordVPN doesn’t have a free trial period, they argue that their plans are considerably cheaper than those of their competitors. For example, a one-year plan for ExpressVPN costs $8.32 per month, but NordVPN only charges $6.99 monthly.

          NordVPN has a new protocol called NordLynx that is based on WireGuard with speed benefits, though it’s still under development.[2] If you’re looking for general quality and affordability, this is one of the best VPNs around.

          Buy this VPN.

          Advertising

          2. ExpressVPN

          ExpressVPN is the second-best option out there for keeping your privacy while browsing the internet. Like many other VPNs here, they will encrypt your IP address, offer vast coverage, and can have multiple devices connected to their servers.

          Compared to NordVPN, while the pricing point is higher, ExpressVPN’s biggest selling point is the number of countries that their connection covers. Depending on where you are in the world, this may be the only option you have. They have fewer servers — 160, to be precise — but they make up for the low server count by covering 94 countries.[3]

          Cost-wise, your best bet is to go with the yearly plan where they charge $8.32 a month. They also have one- and six-month plans.

          Buy this VPN.

          3. Surf Shark

          With regards to Surf Shark, you can connect multiple devices to its servers, and it’s compatible with Windows, Linux, and Mac. It is also available on Android, iOS, Chrome, Firefox, and FireTV.

          Furthermore, Surf Shark can whitelist apps and sites, letting them bypass the VPN. This, along with the lines of split-tunneling, is another feature that many VPNs offer. The difference is that Surf Shark allows you to whitelist specific apps or any website, while most VPNs will whitelist all sites or none at all.

          The other consideration for this app is the price. While lower-tier plans are more expensive compared to others, Surf Shark’s 24-month plan is priced at $2.69 a month, so it’s cheaper than even NordVPN’s equivalent plan!

          Buy this VPN.

          4. CyberGhost

          Another top-reviewed VPN is CyberGhost. They’ve been around for 15 years and have fine-tuned their offers and features to stay competitive. They provide the standard package of browsing the web and logging into accounts safely and give you access to regionally blocked content.

          The network also maintains security from hackers, malware, and phishing. Aside from that, you can connect multiple devices, and it’s compatible with all kinds of platforms.

          Advertising

          What separates CyberGhost from the others is their extensive coverage. They have multiple servers, and the pricing point is still very low. It covers over 88 countries and has roughly 6200 servers for you to choose from, all while charging $2.75 for their 18-month plan.

          Buy this VPN.

          5. IPVanish

          IPVanish’s prime purpose is to give users online freedom by providing fast speeds and private connections. It’s clear that they can meet that promise as they provide many of the features that have been listed previously from their competitors.

          IPVanish is a part of SugarSync now. What is that, you may ask? It’s a cloud-based service that syncs files across devices and computers for sharing, backup, and many more. What this means is that other devices can access various files and videos so long as they are connected to your specific VPN. Furthermore, it can serve as a backup plan if you get hacked or lose your device for some reason.

          Buy this VPN.

          6. Private Internet Access

          Private Internet Access (PIA) is a remarkably generous company in many ways. Aside from the obvious features, they offer great incentives and discounts for people to try out their products. They claim to be the most trustworthy and reliable VPN around, and we believe that.

          One notable thing is that PIA offers a free two-month trial. Compared to other VPNs to this point, none have provided free trials (though all come with a 30-day money-back guarantee). On top of that, small businesses can avail of their VPN at a discounted rate. There is also the fact that their pricing plans go as low as $2.69 a month for two years, and they let you pay with gift cards.

          In terms of specs, PIA has over 2695 servers that cover 47 countries right now.

          These particular aspects make PIA unique and one of the best VPNs to consider.

          Buy this VPN.

          Advertising

          7. Hotspot Shield

          Hotspot Shield is all about offering protection while you’re browsing the internet or using streaming services like Netflix. The encryption is military-grade, and its speed is ultra-fast. In truth, it is even marketed as one of the fastest VPNs.

          Hotspot Shield offers a plan that only costs  $7.99 a month; however, it’s one of the few in this list to provide its services for free. Like other Freemium apps, the free version comes with limited features. That said, it gives you a much better feel for the VPN.

          Also, take note that the encryption feature is still there, though the limitations in the free plan include connecting to one location in the US and having limited streaming options and speed.

          Buy this VPN.

          8. TunnelBear

          As unusual as a name choice for an online security protection service can be, TunnelBear is nothing short of incredible. It makes our list of the best VPNs for various reasons.

          The biggest one is that the company goes through a yearly security audit. This is notable because many VPNs don’t bother about independent audits to ensure their systems are secure and safe from any issues. This is critical as VPNs have gotten some bad reputation over the years, as TunnelBear has noted in their post about their security audit.[4] The fact that they are doing this annually ensures that nothing is being compromised.

          Furthermore, TunnelBear offers limited services for free, but even their paid plans are pretty cheap. For individuals, you’re merely paying $3.33 per month. The only catch is that you can connect five devices regardless of which paid plan you pick.

          Buy this VPN.

          9. Norton

          Norton has been on the security scene for some time, and it’s actually one of the founders of the internet security industry. It started with virus and malware protection in 1991 and has since branched off to other sectors as the industry has shifted.

          As you might expect from a company that’s been around for a long time, Norton provides excellent services, and a few of their other services have gone into the VPN package. In reality, Norton is the only one thus far to offer a password manager with their VPN services. They provide 50GB of cloud storage as well.

          Advertising

          Norton has one of the cheapest VPNs, considering you can get their deluxe plan at $49.99 per year. That comes up to roughly $4.17 a month. It might be slightly higher than other equivalent plans, but you get a lot of extra value that makes it worth the price.

          Buy this VPN.

          10. StrongVPN

          The final VPN we want to cover is StrongVPN. Like many others, it’s great at blocking unnecessary web traffic and providing a fast and simple solution to navigating the internet without any hindrance.

          StrongVPN has over 900 servers. It is available in more than 30 countries and compatible with all devices. Beyond that, the only notable selling point it has compared to others is that it also offers Sugarsync services and 250GB of storage, irrespective of your chosen plan.

          As for the pricing, their year-long plan costs $5.83 a month, while their month-long one is $10.

          Buy this VPN.

          Bottom Line

          Getting online protection is important these days, and companies recognize this.

          With more hacks and breaches occurring every single day, the best VPNs can provide an excellent haven for many people who value their security and privacy.

          We hope that by putting together this list, you’ll be able to find the best VPN that you can trust and enjoy using. As you can see, there are several great options with no real wrong one out there. Pick the VPN that’s best for you.

          Featured photo credit: Petter Lagson via unsplash.com

          Reference

          Read Next