Mac Encryption : An extensive guide to security

0
1123
Mac encryption

Apple products, like the rest, are not protected from the target of hackers. Apple is not bulletproof when it comes to vulnerabilities. Extensive Mac Encryption guide.

Earlier this year reported by Palo Alto at CNBC,  a major ransomware, named “KeRanger,” hit mac users demanding 1 bitcoin (equivalent $400) and was able to bypass Apple’s security check as it was signed with a valid Mac app development system, installed through compromised BitTorrent client “Transmission.” Although, Apple is fast in its security update and patches, but hacks like these work silently and attacks without even noticing unless it is too late for the users.

Some of the common risks arise because of unattended mac, weak passwords, outdated security updates, poor information security practices. Hackers look for weak target and attack individuals and business who has the weak security system on their Mac.  Using smart encryption programs and security checks can re-mediate against these attacks. Few best practices are discussed below to make your Mac secure against hacker attacks:

Avoid using Administrator account

Advertisement

bluehost® helps big brands scale WordPress.

BlueHost: Get Professional Website Hosting For 3.95/Month

Try BlueHost Now

Using an administrator account gives you root access to drive to perform crucial system management tasks. It makes it easier for the hackers to log-in to your root system to manipulate your data. Make a non-administrator account for daily tasks, use your administrator account only when you need to perform system changes.

How to create non-admin account on Mac OS X: https://support.apple.com/kb/PH18891?locale=en_US

Update Apple software

Apple updates its software regularly, it keeps on patching current and potential vulnerabilities and enhancing software usability on every update. It keeps your system healthy and secure, make sure to frequently update your Mac OSX. To do this follow these steps:

  1. Click on “Apple” menu.
  2. Select “System Preferences” to access its menu.
  3. Select “Software Update” tab.
  4. Check mark “Check for update” option.
  5. Select frequency to Daily (recommended).

For the manual system update: visit Apple’s support page to check for updates of your Mac OSX version. After downloading your desired update. Check SHA-1 of that file and the checksum SHA-1 written on the support page. To verify SHA-1 follow these steps:

  1. Open Terminal application.
  2. Type in /usr/bin/openssl sha1 filename.dmg
  3. You’ll see output like this:
  4. SHA1(filename.dmg)= f31bc2bbcde84fdfaed5cced8e3f57f609dcdbd2

This SHA-1 checksum should match with checksum provide by the apple support page. If not then there might be a problem, contact Apple for the issue.

Strong encrypted login password

It is an encrypted password of your Mac OS X user account. Every program asks for login password before installing any software application. If you do not setup login password it would be easier for hackers to manipulate your user account. Make sure to select strong characters password to ensure your mac encryption. Follow these steps to change or setup login password:

  1. Click on “Apple” menu.
  2. Select “System Preferences” to access its menu.
  3. Select “User & Groups” to access its menu.
  4. Select your username from the list of users.
  5. Click the “Change Password” button, then follow the on-screen instructions.

How to setup login password on Mac: https://support.apple.com/en-us/HT202860

Setup Firmware password

An encrypted firmware password on your mac prevents from starting up from any unauthorized device other than your start-up disk, for mac encryption. To setup firmware password perform these steps:

  1. Shut down your Mac system.
  2. Start it again and hold “Command + R key” after you hear the start-up sound to access OS X recovery.
  3. When Recovery window appears, select “Firmware Password Utility” from the utility menu.
  4. In Firmware Utility window, click on “Turn On Firmware Password.”
  5. Enter your new password twice.
  6. Select “Set Password.”
  7. Click on “Quit Firmware Utility” to close it.
  8. Click on “Apple” menu and select restart, upon restart, your firmware password will be active.

Warning! Don’t forget to save or write your password somewhere safe. If you forget the password, then you’ll have to take your Mac system to the Apple retail store for hard reset.

How to setup firmware password on Mac: https://support.apple.com/en-us/HT204455

How to encrypt files on Mac

People ask for how to encrypt files on mac? for that, you can use “FileVault” to Mac file encryption so that unauthorized users can’t access your stored data.

FileVault 2 full-disk encryption, uses an XTS-AES 128-bit mac file encryption (Note: available on OS X Lion or later). To turn on this feature:

  1. Choose “Apple’ menu.
  2. Select “System Preferences” to access its menu.
  3. Select “Security & Privacy”.
  4. Click the FileVault tab to access its menu.
  5. Click on the Lock Button below the windows and enter the administrator username and password if it asks.
  6. Click on “Turn On” FileVault.

When FileVault is active, your Mac will always ask for OS X account password to login the encrypt Mac files.

How to encrypt files on Mac: https://support.apple.com/en-us/HT204837

Disable automatic login and Guest account

When your Mac user account is setup to automatic login, you Mac automatically log-in to that account without asking to enter login password. It would make your Mac vulnerable to hacking attempts.   

To disable automatic login, go to:

  1. Click on “Apple” menu
  2. Select “System Preferences” to access its menu.
  3. Select “User & Groups” tab.
  4. Click on Lock button icon, it might ask your administrator password.
  5. Click on “Login Options”
  6. Select “Off” from “Automatic Login” pop-up window.
  7. Select “Name and Password” from “Display login window as” pop-up window.

On this window, you’ll see “Guest User” tab for guest accounts. If it is active, then go to its menu and uncheck “Allow guests to connect to shared folders” and “Allow guests to log-in to this computer.”

How to disable Automatic login on Mac: https://support.apple.com/en-us/HT201476

Secure Home Folder permissions

Mac OS X has the option to set permissions for file access to ensure mac encryption. Permissions can restricts guests and other users to access your startup disk home folder. You should set strict permissions to prevent modifications to your home folder, to do this follow these steps:

  1. Open the Terminal application
  2. Type in sudo chmod go-rx /Users/username

How to change home folder permission on mac: http://www.macinstruct.com/node/415

Use VPN for Mac Encryption

Today, it is a common practice of hackers to gain access to your network through your original IP and trace it back to its provenance. A VPN can hide your original location with make-over IP to provide privacy and anonymity online if you don’t know much about networks. Use best VPN for Mac available to ensure mac encryption.

Disable IPv6 and Airport

IPv6 is a new internet protocol to provide easy connectivity. But it also makes easy target for hackers to infiltrate. It is recommended to disable AirPort and IPv6 when not in use. To configure changes in IPv6 and AirPort, follow these steps:

  1. Click on “Apple” menu.
  2. Click on “System Preferences” to access its menu.
  3. Click on “Network Pane” tab.
  4. You will have to make changes on each network interface available depending on your device connectivity.
  5. Select a network interface.
  6. Select “AirPort Off,” or “Disconnect when logging out” option, when it is in use frequently.
  7. Select “Advance”. Head over to “TCP/IP” tab, under “Configure IPv6” option set it to OFF, if not necessary.

How to configure IPv6 on Mac: https://support.apple.com/en-us/HT202237

Two-walls Firewall security

Mac system security has two firewalls: Application Firewall and IPFW Packet-Filtering Firewall.

  • Application Firewall

Application firewall set limits to receive incoming connection of programs from other computers on the network. To configure the application firewall follow these steps:

For Mac OS X v10.5.1 or later

  1. Click “Apple” menu
  2. Choose “System Preferences” to access its menu.
  3. Click on ‘Security” tab.
  4. Choose “Firewall” from the menu
  5. Choose modes according to your needs.

For Mac OS X v10.6 and later

  1. Click “Apple” menu
  2. Choose “System Preferences” to access its menu.
  3. Click on ‘Security” or “Security & Privacy.”
  4. Choose “Firewall” from the menu.
  5. Click on the lock button icon and enter administrator login credentials.
  6. Click “Turn On Firewall” or “Start” to activate the firewall for mac encryption.
  7. Click on Advance to customize firewall according to your needs.

For advance settings of Firewall: https://support.apple.com/en-us/HT201642

  • IPFW Packet-Filtering Firewall

Setting up the IPFW Firewall requires more expertise and modification in the files. Visit blog page of University of North Carolina for “how to” configuration guide.

Change Safari Preferences

Safari, default web-browser of Mac, open few files automatically. This could lead to potential attacks. Disable few options for better Safari web-browser experience:

  1. Disable “Open safe files after downloading” from General tab.
  2. Disable Java, if not necessary. Go to “Security tab” and untick “Enable Java.”
  3. Use private browsing when surfing the internet to prevent cookies and history.
Advertisement

bluehost® helps big brands scale WordPress.

BlueHost: Get Professional Website Hosting For 3.95/Month

Try BlueHost Now
SHARE
Previous articleHow VPN Encrypt Linux Operating System
Next articleHow to place widget on desktop in OSX Snow Leopard and Lion
Peter Buttler an Infosec Journalist and Tech Reporter, Member of IDG Network. In 2011, he completed Masters in Cybersecurity and technology. He worked for leading security and tech giants as Staff Writer. Currently, he contributes to a number of online publications, including The Next Web, CSO Online, Infosecurity Mag, SC Magazine, Tripwire, GlobalSign CSO Australia, etc. His favorite areas Online Privacy, AI, IoT, VR, Blockchain, Big Data, ML, Fintech, etc. You can follow him on twitter.

LEAVE A REPLY

Please enter your comment!
Please enter your name here