Os x security basics for keeping your mac safe final
•Download as PPT, PDF•
1 like•1,529 views
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Os x security basics for keeping your mac safe final
Similar to Os x security basics for keeping your mac safe final (20)
Os x security basics for keeping your mac safe final
- 1. OS X Security Basics Khürt L. Williams, CISSP, CRISC
- 2. Agenda Initial setup Privacy Firewalls Staying safe online Staying updated Questions
- 3. Macs don’t get viruses!
- 4. Macs are secure? Borrowing from MacDefender (2011) while applying important innovations of their own, the creators of the notorious Flashback botnet (aka, OSX/Flshplyr) infected more than 600,000 Macs in the spring of 2012. ... malware such as OSX/Morcut-A (aka Crisis), first discovered in late July 2012, presents greater risks. Windows malware hiding quietly on Macs. Java and Flash are deadly to Macs
- 5. LATEST SECURITY UPDATES 12/11 Google Closes Six Security Holes with Chrome Update 12/11 Adobe Flash Player Update Resolves Three Flaws 11/21Mozilla Patches 16 Vulnerabilities with Firefox 17 Upgrade 11/21 Opera Software Releases Opera 12.11, Fixes High Severity Flaw 11/16 Apple Updates XProtect Malware Definitions for Latest Imuler Variant 11/14 Microsoft Updates Office 2008 and 2011 for Excel Vulnerabilities 11/7 Opera Browser Upgrade Adds New Features for Mountain Lion, Patches Six Vulnerabilities
- 6. “Security is a not a product, but a process.” — Bruce Schneier
- 7. “Setup Assistant configures the first account on the computer as an administrator account. Administrator accounts should only be used for administration. Users should use standard user accounts for day-to-day computer use.” ~ Apple Security Configuration Guidelines
- 8. Users & Groups Create a standard account/disable administrator for all active users Use password assistant Disable Guest account Parental Controls Limit applications Limit web access Turn off automatic login Require a password to modify preferences
- 9. “Security is the enemy of convenience and convenience is the enemy of security.” ~ John Earl
- 10. Sharing Block all incoming connections Allow only essential services
- 11. Network Deactivate unused services Airport Disable when no in use Only use WPA/WPA2 on personal network Use VPN when using public Wi-Fi Bluetooth Ethernet FireWire
- 12. Security & Privacy Disable automatic login Require password after sleep Recommend 15 minutes Choose how apps can run (GateKeeper) Safe download list Choose how to share personal data
- 13. Security & Privacy Mac App Store – Only apps that came from the Mac App Store can open. Mac App Store and identified developers (default in OS X Mountain Lion) – Only allow apps that came from the Mac App Store and developers using Gatekeeper can open. Anywhere – Allow applications to run regardless of their source on the Internet
- 14. “The user's going to pick dancing pigs over security every time.” — Bruce Schneier
- 15. Wild Wild Web (WWW) Do no allow Safari to open safe files Uninstall/disable Flash Uninstall/disable Java Use a password manager — 1Password Block third part cookies Turn on “Do not Track” Be careful with extensions
- 16. Macs don’t get viruses?! ClamXav (Free) Symantec iAntivirus (Free) Kaspersky Virus Scanner Intego VirusBarrier (Free) Sophos Anti-Virus (Free)
- 17. Did you get your flu shot this year? Update Mac software regularly/daily App Store (Snow Leopard/Lion/Mountain Lion) Software Update (Leopard and prior) Built in app update AV Signatures
- 19. Our efforts must focus on protecting and empowering end users—no matter what platform, device, or operating system they choose. ~ Sophos
- 20. “Trust but verify.” — Ronald Reagan
- 21. Questions?
- 22. Links Umbrella (http://www.umbrella.com) OpenDNS (http://www.opendns.com) ClamXav (http://www.clamxav.com) VirusBarrier (http://www.intego.com) 1Password (https://agilebits.com/onepassword ) Apple Security Guides (http://www.apple.com/support/security/guide s/)
Editor's Notes
- So you just got a new Mac and are excited to start using it. Macs have a reputation for being easy to use and secure, so why not dive right in? Well... STOP! The truth is no computer system, including your shiny new Mac, is immune from attack. While there are no true viruses for OS X, that doesn't mean Macs are impenetrable. They're still vulnerable to malware, spyware, spam, trojans and user error. ensure that their systems are regularly patched to eliminate newly-discovered vulnerabilities, exercise common sense when visiting unknown web sites and installing unfamiliar software, and adopting appropriate security technology such as firewalls, scanners and security suites. Will not cover EFI/Firmware Password
- Sophos names 2012 The Year Of OS X Threats Threats like the Flashback virus are becoming more relevant as Macs continue to grow in the marketplace. In the week of August 1st to August 6th, 2012, Sophos found 4,900 different pieces of OS X malware floating around Mac computers. It’s worth noting that some pieces of OS X malware are cross-platform threats as the programs infect computers via Java .
- Flashback was disguised as fake antivirus. Designed for spying, Morcut can remotely monitor virtually every way a user communicates: mouse coordinates, IM, Skype call data, location information, the Mac’s webcam and microphone, clipboard contents, keystrokes, running apps, web URLs, screenshots, calendar and address book contents, alerts, device information, and even file system metadata. Is designed to target specific corporate or government users. Most malware found on a Mac is Windows malware. Users may think, “This is isn’t my problem.” However, the Windows partitions of dual-boot Macs can indeed be infected, as can virtualized Windows sessions running under Parallels, VMware, etc
- Opera released and update on 11/7 and then issued another update 2 week later.
- Default account is administrator -- full super user access. Can do anything to the computer. Bad idea to use this regularly for day to day tasks. Create a standard account. Can run apps, save documents etc but can’t make system changes or install software. Parental Controls -- great with kids. Blog unsavory content. Allow use of specific apps, printers etc. Setup Assistant configures the first account on the computer as an administrator account. Administrator accounts should only be used for administration. Users should use standard user accounts for day-to-day computer use. Do a walk through of setting up a standard account. Show how to configure parental controls. Disable guest account. Create a standard account/disable administrator for all active users Use password assistant
- You can choose from the following types of passwords:Manual: You enter a password and then Password Assistant gives you the quality level of your password. If the quality level is low, Password Assistant gives tips for increasing the quality level. Memorable: According to your password length requirements, Password Assistant generates a list of memorable passwords in the Suggestion menu. Letters & Numbers: According to your password length requirements, Password Assistant generates a list of passwords with a combination of letters and numbers. Numbers Only: According to your password length requirements, Password Assistant generates a list of passwords containing only numbers. Random: According to your password length requirements, Password Assistant generates a list of passwords containing random characters. FIPS-181 compliant: According to your password length requirements, Password Assistant generates a password that is FIPS-181 compliant (which includes mixed upper and lowercase, punctuation, and numbers).
- In April, more than 600,000 Mac users found themselves recruited into the global Flashback, or Flashplayer botnet, courtesy of a Java vulnerability left unpatched on OS X for far too long. Patch was issued. Oracle assumed direct responsibility for publishing Java for OS X in the future. Within days of the discovery of a new zero-day vulnerability affecting Java 7 on all platforms and operating systems, the flaw was already being exploited in targeted attacks, was integrated into the widely used Blackhole exploit kit, and had even shown up in a bogus Microsoft Services Agreement phishing email. Patch was issued by Oracle. But, within weeks, more major Java flaws surfaced. Security Explorations, the same researchers who discovered the first flaw, found another way to bypass Java’s secure application sandbox—this time, not just on Java 7, but also on Java 5 and 6, and in all leading browsers. The new exploit put 1 billion devices at risk.
- Here’s the basic definition for all the terms we’ll discuss here:Malware: This is a big catchall phrase that covers all sorts of software with nasty intent. Not buggy software, not programs you don’t like, but software which is specifically written with the intent to harm.Virus: This is a specific type of malware that spreads itself once it’s initially run. It’s different from other types of malware because it can either be like a parasite that attaches to good files on your machine, or it can be self-contained and search out other machines to infect.Worm: Think of inchworms rather than tapeworms. These are not parasitic worms, but the kind that move around on their own. In the malware sense, they’re viruses that are self-contained (they don’t attach themselves like a parasite) and go around searching out other machines to infect.Trojan: Do you remember that story you had to read in high school about the big wooden horse that turned out to be full of guys with spears? This is the computer equivalent. You run a file that is supposed to be something fun or important, but it turns out that it’s neither fun nor important, and it’s now doing nasty things to your machine.Vulnerability Funny thing about software: it’s written by humans. Humans are fallible and sometimes forget to cross t’s and dot i’s. Sometimes those mistakes create strange behavior in programs. And sometimes that strange behavior can be used to create a hole that malware or hackers could use to get into your machine more easily. That hole is otherwise known as a vulnerability.Exploit The strange behavior that can be used to create a hole for hackers or malware to get through generally requires someone to use a particular sequence of actions or text to cause the right (or is that wrong?) conditions. To be usable by malware (or on a larger scale by hackers), it needs to be put into code form, which is also called exploit code.
- Russian cybercriminals posted nearly 6.5 million encrypted (or hashed) LinkedIn passwords on the Internet. Teams of hackers rapidly went to work attacking those passwords, and cracked more than 60% within days. LastPass KeePass
- In September 2012, Sophos reported the widespread delivery of Twitter direct messages (DMs) from newly-compromised accounts . Purportedly from online friends, these DMs claim you have been captured in a video that has just been posted on Facebook . If you click the link in the DM, you’re taken to a website telling you to upgrade your “YouTube player” to view the video . If you go any further, you’ll be infected with the Troj/Mdrop-EML backdoor Trojan.