Mac security hardening tips from the NSA

Summary:The National Security Agency (NSA) offers "Hardening Tips for Mac OS X 10.6 'Snow Leopard,' a tri-fold security brochure for the agency's Information Assurance Mission. It's packed with useful tips.

The National Security Agency (NSA) offers "Hardening Tips for Mac OS X 10.6 'Snow Leopard,' a tri-fold security brochure for the agency's Information Assurance Mission. It's packed with useful tips.

While taking aim at Snow Leopard, most of the tips can apply to plain old Leopard as well as Lion. Some are simple and practical but would require a security-conscious workflow.

For example, the guide suggests creating a user account specifically for surfing and reading e-mail. Many single-user machines read mail and surf in the primary account, which is likely the Admin Account for the machine.

There's also a list of LaunchDaemon and LaunchAgent services that may, or may not, be necessary for every user in an organization and certainly not in many buttoned-down federal shops. If you're not using a VPN, maybe shuting it down could be an idea.

The difference between the government shop and the rest of us can be seen in the section on Bluetooth and Airport security.

The best way to disable Bluetooth hardware is to have an Apple- certified technician remove it. If this is not possible, disable it at the software level by removing the following files from /System/Library/Extensions:

IOBluetoothFamily.kext IOBluetoothHIDDriver.kext

The best way to disable AirPort is to have the AirPort card physically removed from the system. If this is not possible, disable it at the software level by removing the following file from /System/Library/Extensions:

IO80211Family.kext

If the service and hardware offends you, take it out!

Topics: Security, Apple, Hardware, Mobility, Wi-Fi

About

David Morgenstern has covered the Mac market and other technology segments for 20 years. In the recent past, he founded Ziff-Davis' Storage Supersite, served as news editor for Ziff Davis Internet and held several executive editorial positions at eWEEK. In the 1990s, David was editor of Ziff Davis' award-winning MacWEEK news publication a... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.