Mac Security – How The NSA Hack-Proofs Its Macs

Charles Moore | Posted on September 9, 2013 |

If you’re really concerned about online security on your Mac, you can find some high-impact tips in a factsheet from the National Security Agency designed for use by administrative users of Mac OS X 10.6 Snow Leopard.

Suggestions, ranked by the NSA in order of importance, include:

Don’t Surf or Read Mail Using Admin Account

Use Software Update or on systems not connected to the Internet retrieve updates regularly from:
http://www.apple.com/support/downloads

Account Settings:
– Disable Automatic Login and User List
– Disable guest account and sharing

Security Pane Settings in the General tab, ensure that the following are checked:
– Require password “5 seconds” after sleep or screen saver begins
– Disable automatic login
– Use secure virtual memory
– Disable Location Services (if present)
– Disable remote control infrared receiver (if present)

In the FileVault tab, read the warnings and consider activating FileVault.

Secure Users’ Home Folder Permissions

Set A Firmware Password That Will Prevent Unauthorized Users From Changing The Boot Device Or Making Other Changes.

Disable IPv6 and AirPort when Not Needed

Disable Unnecessary Services

Disable Setuid and Setgid Binaries

Disable Integrated iSight and Sound Input

Safari Preferences
-Safari will automatically open some files by default. This behavior could be leveraged to perform attacks. To disable, uncheck “Open safe files after downloading” in the General tab.
-Unless specifically required, Safari’s Java should be disabled to reduce the browser’s attack surface. On the Security tab, uncheck “Enable Java.”

Au Revoir, Bonjour! – from the security perspective Bonjour! makes the computer unnecessarily visible and generates unwanted network traffic.

Configure and Use Both Firewalls

Disable Bluetooth and AirPort Devices

You can download the NSA factsheet at:
http://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf

You can also find Apple’s official Security Guides for OS X 10.3 through 10.6 at:
http://www.apple.com/support/security/guides/

Some of the links above are affiliate links to the retailer's site. That means we may earn a small commission from any sales (Thank you!).

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.