Web U-M ITSS only
ITSS: Information Technology Security Services - Keeping IT Safe at U-M
Events
Training
Services
Tools & Tips
Resources
Report an IT Security Incident
About ITSS
Contact Us


ITSS Home IT Security Tools and Tips Personal Computer Security Macintosh OS X Computers

Securing Computers Running Macintosh OS X

To secure computers that are running Macintosh OS X, install the latest patches and enable a firewall.

Installing Patches

You can set up your system to install patches automatically, or you can install them manually. Follow these steps to install patches:

  1. Click the Apple menu in the upper-left corner of your desktop, and select System Preferences.
  2. Select the System subtab, and click Software Update.
  3. Use one of the following methods for patch installation:
    • To install patches automatically, enable Check for updates and select Weekly or a more frequent period. Your system will check the Apple Web site for updates automatically according to the frequency you select, and it will prompt you if there are updates to install.
    • To install patches manually, click Check Now or Update Now (depending on your version of OS X).



  4. If there are updates to install, click Install.



  5. Enter your Administrator password when prompted to do so, and reboot your computer if requested.

Enabling Firewall Software

Follow these steps to enable a firewall:

  1. Click the Apple menu in the upper-left corner of your desktop, and select System Preferences.
  2. Select the Internet & Network subtab, and click Sharing.
  3. Select the Firewall tab, and check that Firewall On is displayed. If it is not, click the Start button.
  4. From the Allowed ports list, ensure that only the services you absolutely need are allowed.

Macintosh OS X Logs

Logs help you to reconstruct a timeline of events or system activity -- important information for responding to security incidents. To generate logs, you can run programs such as ssh and sendmail, and a mechanism called syslog can store these logs on your OS X computer. When storing these logs, the syslog daemon applies rules that are specified in the file /etc/syslog.conf. Typically, the system stores sequential logs in a set of files located in the /var/log directory. Because OS X systems rotate logs to save space, you must decide how long you want to retain your logs and adjust the /etc/syslog.conf file accordingly. Consult your system documentation for further information about how it handles logs.

Related Macintosh OS X Security Links
Last modified September 06, 2007