15 easy fixes for Mac security risks

How safe is your Mac? Maybe not as safe as you think. Here are some quick ways to beef up its security.

1 2 3 4 5 6 7 8 9 Page 6
Page 6 of 9

Use Keychains wisely

The Mac OS X Keychain is a feature that securely collects passwords for a vast number of functions -- including e-mail and instant messaging accounts, Web services, Wi-Fi networks and file servers. The Keychain stores this information in encrypted format and is decrypted only when you provide a master password.

Keychains can also contain encrypted notes (such as bank account information) and security certificates, all of which can be accessed and managed from the Keychain Access application in the Utilities folder on your Mac. In the Keychain Access window, right-click or control-click on an available Keychain to change the password, lock the keychain or alter settings that will cause the keychain to lock automatically. You can also create or delete Keychains here.

Use Keychains for passwords, certificates and encrypted notes

Use Keychains for passwords, certificates and encrypted notes. Click to view larger image.

By default, each user account has a Keychain associated with it that is unlocked with the user's password at log-in. If a user's password is reset through a method other than the Accounts pane in System Preferences (such as by an administrator account or from the Mac OS X Install DVD), the account and Keychain passwords will become out of sync. You can fix this by manually changing the Keychain password to match your log-in password, or you can reset the Keychain using Apple's Keychain First Aid feature, which can also help troubleshoot other types of Keychain problems.

Keychains offer both security and convenience. You can improve security by using multiple Keychains (each of which contains different information) with different passwords or by simply changing your account's Keychain password. This ensures that even if your user account password is compromised, the data in your Keychain(s) -- including passwords to other services -- will remain securely encrypted. As with a firmware password, if you forget a Keychain's password, its contents will be irretrievable.

Get the most out of Leopard's firewall

Mac OS X has included an optional firewall for some time, traditionally based on the open-source Unix ipfw firewall. Leopard introduced a newer, dynamic firewall option. This new firewall (click the Firewall tab in the Security pane in System Preferences) is straightforward, which is helpful for users who simply want their computers protected without having to create and manage complex firewall rules.

Allow incoming traffic for specific apps and processes

You can allow incoming traffic for specific apps and processes. Click to view larger image.

You can choose to block all incoming traffic, which prevents your Mac from accepting any data that it didn't explicitly request, such as a Web page. You can also allow only core system services to accept incoming data or allow access based on specific applications or system processes.

This last option is the most commonly used, and it will cause Leopard to alert you any time an application wants to accept nonrequested incoming data. If you allow incoming data for an application, it gets added to the list of allowed applications. Applications such as iChat require incoming connections to function properly.

You can use the list in System Preferences to selectively remove applications from the allowed list or even just as a quick way of verifying which applications are on the list. You can also change an allow rule into a block rule, which will prevent an application from receiving incoming data or asking you to allow access.

Two other options -- enable logging and enable stealth mode -- are available via the Advanced button. Logging, as you might guess, logs all traffic that is received by your Mac and how that traffic is filtered. Stealth mode will cause your Mac to ignore ping requests from other computers and prevent outside users from easily detecting your Mac on a network. This increases security but can also limit the effectiveness of remote troubleshooting of network problems.

1 2 3 4 5 6 7 8 9 Page 6
Page 6 of 9
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon