How to secure your Apple computer from unauthorized network access.

OSX by default has open network ports and user access that can allow unauthorized access to your data. Following these step can "lockdown" your Apple computer.

hiddenFrame
  • Open the System Preferences.
    • To get to System Preferences, click on the Apple in the upper left corner of the screen. Click on System Preferences from the list.
  • With the System Preferences open, find Security & Privacy and click on it.
  • In the Security & Privacy preferences panel there are four sub-tabs. We are going to cover each of them in turn.
  • Click Next to continue or click on the Online Service Request icon to create an Online Trouble Ticket.
  • In the General Tab these are the changes you will be making:
    • Check the check box for Require Password (then select immediately from the dropdown list) after sleep or screen saver begins
    • Check the box for disable automatic login
    • Check the box for Require an administrator password to access system preferences with lock icons
    • Check the box for Log out after 60 minutes of inactivity
    • Check the box for Automatically update safe downloads list
  • Here is an image of how your settings should look:
  • Click Next to continue or click Previous to go back.
  • The FileVault Tab
    • This tab is for FileVault which will be covered in a coming soon guide. For now unless you understand FileVault, do not turn it on.

  • Click Next to continue or click Previous to go back.
  • The Firewall Tab
    • By default the Firewall is turned off. Click on the Start button to turn on the Firewall.
    • Now click on the Advanced button so you can fine tune the Firewall
    • Advanced Firewall options are where you can add/limit which programs have access to the internet. By default the check box for Block all incoming connections is unchecked. You can check this if you really want to be secure and hide from the world. This would also limit your access to network resources, so turn on and then use the box to add programs and services. Most people will not change this and that is fine. By default the check box for Automatically allow signed software to receive incoming connections is checked, and this will work for most cases. The last check box is for Enable Stealth Mode and you should leave this unchecked.

  • Click Next to continue or click Previous to go back.
  • Now click on the Show All button to return to the main System Preferences window so you can change the sharing settings.
    • Click on Sharing under Internet & Wireless.
    • This is where you can change the services that your Mac is sharing. There should be NONE checked and if you have any that are checked, please uncheck them.
  • Click Next to continue or click Previous to go back.
  • The last step will be to turn off Guest access, we do this to stop unwanted access to your computer.
  • Return to the main System Preferences by clicking on Show All and click on Users & Groups under the System category.
    • Select Guest User from the list of users and uncheck the allow guests to log in to this computer and allow guests to connect to shared folders boxes.
    • Click on the Login Options and change the following:
        • Automatic Login: OFF
        • Display login windows as: Name and Password
        • Check the box for Show Sleep, Restart, and Shut Down buttons and Show Input menu in login window. If your Mac is connected to the AD.UNC.EDU domain you will want to have the Allow network users to log in at login window checked.
    • Click SOM Help Webpage to return to Help.Med.Unc.Edu or click Previous to go back.