How to Secure Your Macbook
My biggest pet peeve with Mac users is the thought that just because you run OS X you are secure by default and we can have a religious debate on the benefits/drawbacks of different OS's for days. I am not going to go into anything like that in this post, what I am going to do is give you a few suggestions to make your Mac more secure.
Disable the Guest User
Again, sounds like a "no-brainer", but it needs to be done. Personally the idea someone can open my computer and use basic functionality is a little stressful to me.
Go to "System Preferences" -> "Users & Groups" -> Select "Guest User". Uncheck "Allow guests to log in to this computer".
Set a Password On Your Account
I know this sounds basic, but you would be surprised how many people do that in the world. Set a password on your account or even better enable a multi-factor authentication (more on that later). And always use a complex password that is at least over 8 characters.
Require Password Immediately After Sleep
Setting your Mac to lock when your computer sleeps or goes to a screen saver reduces the risk of accidental unauthorized access.
Go to: System Preferences -> Security & Privacy, select "Require Password" and set the drop down to"immediately".
Turn On Your Firewall
Always, Always, Always have your firewall on. I am unsure why this is off by default on OSX, but it needs to be on even on a trusted network.
Go to: System Preferences -> Security & Privacy, select the "Firewall" tab at the top. Click "Turn On Firewall".
Turn on Stealth Mode
Setting your firewall to Stealth Mode doesn't only sound cool, it will make you Mac less visible on networks and less likely to be a target for an attack.
Go to: System Preferences -> Security & Privacy, select "Firewall Tab" and click "Firewall Options". Click "Enable Stealth Mode" and then "OK"
Turn On Encryption With FileVault
One of your best defenses against theft of your computer or physical attacks is encrypting your hard drive. I know some people get scared with the words "encryption & laptop" but OS X does a great job to make it seamless and extremely easy to implement. Make sure you keep the encryption keys in a safe place, preferably on a flash drive secured somewhere, just in case you need to decrypt the drive temporarily.
Go to: System Preferences -> Security & Privacy, select the "FileVault" tab at the top. Click "Turn On FileVault" and a wizard will walk you through the process of turning on encryption. Apple has a great walk through of the process which you can find here.
Disable Remote Logins and Sharing
Disabling remote logins and sharing of resources (unless absolutely needed) is always a best practice. OS X makes it very easy to enable these if you need to temporarily, just remember to go back and disable what you shared.
Go to: System Preferences -> Sharing. Make sure everything is unchecked and "Screen Sharing" is OFF.
Enable Automatic Updates
Keeping your software up again is a basic way to keep your system safe and fix any OS level vulnerabilities. I believe this is a default configuration for OS X, but it's always a good idea to verify everything is set correctly.
Go to: System Preferences -> Software Update. Make sure "Automatically keep my Mac up to date" is checked. Click on "Advanced" and make sure every option is checked. Click "Ok"
Wish you had a script that would do all of this for you?
You are in luck! I have written one!
The script will complete the following tasks:
- Password immediately after screen saver or sleep
- Turns on your firewall and enables Stealth Mode
- Disables all remote logins
- Installs any available updates and enables automatic updates
- Enables Full Disk Encryption.
Just download it from my github here.
After you download it, open a terminal, and run the following commands:
chomd +x osx_script2019.sh
NOTE: As always with any script I write or provide, use at your own risk. I am human, I make mistakes (sometimes).