Mac Security – How The NSA Hack-Proofs Its Macs

If you’re really concerned about online security on your Mac, you can find some high-impact tips in a factsheet from the National Security Agency designed for use by administrative users of Mac OS X 10.6 Snow Leopard.

Suggestions, ranked by the NSA in order of importance, include:

Don’t Surf or Read Mail Using Admin Account

Use Software Update or on systems not connected to the Internet retrieve updates regularly from:

Account Settings:
– Disable Automatic Login and User List
– Disable guest account and sharing

Security Pane Settings in the General tab, ensure that the following are checked:
– Require password “5 seconds” after sleep or screen saver begins
– Disable automatic login
– Use secure virtual memory
– Disable Location Services (if present)
– Disable remote control infrared receiver (if present)

In the FileVault tab, read the warnings and consider activating FileVault.

Secure Users’ Home Folder Permissions

Set A Firmware Password That Will Prevent Unauthorized Users From Changing The Boot Device Or Making Other Changes.

Disable IPv6 and AirPort when Not Needed

Disable Unnecessary Services

Disable Setuid and Setgid Binaries

Disable Integrated iSight and Sound Input

Safari Preferences
-Safari will automatically open some files by default. This behavior could be leveraged to perform attacks. To disable, uncheck “Open safe files after downloading” in the General tab.
-Unless specifically required, Safari’s Java should be disabled to reduce the browser’s attack surface. On the Security tab, uncheck “Enable Java.”

Au Revoir, Bonjour! – from the security perspective Bonjour! makes the computer unnecessarily visible and generates unwanted network traffic.

Configure and Use Both Firewalls

Disable Bluetooth and AirPort Devices

You can download the NSA factsheet at:

You can also find Apple’s official Security Guides for OS X 10.3 through 10.6 at:

See our price trackers for up-to-date Apple prices