Updated on February 23, 2016 by UpGuard
It goes without saying that you should always be on top of required updates—we're a couple months into 2016 and Apple has already issued major security updates for OS X and iOS. In some cases, however, users may be partial or restricted to their particular flavor of Apple's flagship OS. Whether you're running Snow Leopard, Yosemite, or El Capitan, the following are 10 tips for fine tuning your OS X instance for a better security posture.
9. Uninstall the Adobe Flash player.
Flash has no doubt seen better days; however, even with a waning future, the plugin is still a constant source of exploitable vulnerabilities. It's therefore highly recommended that you uninstall the player/plugin—most websites have already eliminated Flash interactivity and videos on their pages.
8. Enable full disk encryption.
By encrypting critical data files and folders, you can prevent unauthorized access to private data in the event that the machine is lost. Various 3rd party encryption utilities can be had but Apple's FileVault full disk encryption is perhaps the easiest route to go. FileVault encrypts entire hard drives using a secure encryption algorithm called XTS-AES 128.
7. Use the OS X firewall.
The OS X firewall allows you to specify which programs and services can connect to your machine—filtering by either application or service. To ensure that the OS X firewall is being used and configured correctly, go to the Security & Privacy system preferences and click on the Firewall tab.
6. Turn off Java in Safari and other browsers.
Like Flash, the much-maligned Java is a favorite technology to exploit by cyberattackers. It's therefore highly recommended that the Java plugin be turned off—it can be turned on again later if needed.
5. Adjust your privacy system preferences accordingly
Do you know which apps have access to your location and iCloud data? To find out, go to the Security & Privacy system preferences and select the Privacy tab. From here you can refine data access on an application-by-application basis or in bulk.
4. If you must, use a 3rd-party password manager instead of Keychain.
Passwords are a pain—but refrain from use Keychain for retaining browser data. Password managers such as LastPass or 1Password are better, as they require a master password beyond the login password to use.
3. Disable OS X Spotlight suggestions.
Spotlight leaks private user information back to Apple and other 3rd parties like Microsoft Bing and Google; subsequently, it should be turned off to prevent this. This can be accomplished by going to System Preferences, choosing Spotlight, and deselecting the options in question. Similarly,"Include Spotlight Suggestions" should be disabled under Safari's search preferences as well.
2. Specify where Spotlight can search for files.
Anyone with physical access to your machine can hit Command + Space and search for files and contents within files. To specify which folders Spotlight indexes and/or displays search results for, go to System Preferences, Spotlight, and uncheck any undesired options.
1. Disable Bluetooth if not in use.
Clearly, this is not an option if you're using peripherals like a Bluetooth mouse or keyboard. But if not, Bluetooth should be turned off in System Preferences to prevent attacks like Bluesnarfing and Bluejacking.
Apple offers a set of guides and resources for hardening OS X and has a dedicated section on its website for OS X security. Once you've determined your desired secure OS X configurations, validate your whole environment automatically with UpGuard's platform for digital resilience. With UpGuard, critical OS X vulnerabilities and security gaps that commonly lead to data breaches are never left unchecked.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.