mac security mac group presentation february 15, 2016 ... · 3. change the passwords for other...
TRANSCRIPT
MacSecurityMacGroupPresentationFebruary15,2016NonnieMarkesetHowtoSecureyourMacandiDevicesandAvoidCommonVulnerabilities
Whatarevulnerabilities?
1. Viruses2. Malware3. TrojanHorses4. WeakPasswords5. Sharingtoomuchpersonalinformationonpublicwebsites,likeFacebook6. Visitingsitesthatcontainyoursensitiveinformationonapubliccomputerorona
publicwebsite7. Visiting“badsites”.Onesthatofferfreemovies,music,cheapgoodsandservices.8. Clickingonlinksinemailsyoureceive9. Nothavingyourcomputer/iDevicespasswordorpasscodeprotectedand/orhaving
aweakpassword/passcodeforyourdevice.10. Havingthesamepasswordorsimilarforallsites.11. NotkeepingyourOS/iOSandappsuptodate12. Spillingcoffeeonyourkeyboard13. DroppingyourdeviceOfallthevulnerabilitieslistedabove,yourgreatestvulnerabilityisyourpasswords.
Howdoyoucreateastrongpassword?
Apasswordshouldbeatleast12characters.Itshouldcontainletters,numbersandsymbolsandpreferablynotcontainwordsfoundinadictionary.
Tocheckthestrengthofyourpassword:http://www.takecontrolbooks.com/resources/0148/zxcvbn/
EachsiteshouldhaveauniquepasswordHowdoyourememberallyourpasswords?
1. InSafari,turnonAutoFill(ThisIdonotrecommendasitistheleastsecureofalltheoptions.)
2. UseKeychainAccess(User➔Applications➔Utilities➔KeychainAccess)3. UseathirdpartyPasswordManager(Yourbestoption.)
• 1Password• LastPass
MacSecurityMacGroupPresentationFebruary15,2016NonnieMarkeset
Herearesomeexamplesofweakpasswords:•123456•jack0322•w0nd3r•pr1ncess•samkenmary•122940
Herearesomeexamplesofstrongpasswords:•wHx9vm5Gs7zR•vxqCIKypD7”
Youshouldalsosetup2-stepverificationforanysitethathasthisfeature.This,however,requiresyoutohaveamobiledeviceonwhichyoucanreceiveageneratedcodetocompletethesigninprocess.ThiscodewillbesenttoyouviaaspecialapponyouriDeviceorviaanSMSmessageifyouareusinganiPad.Howitworks:
1. Gotothesite.2. Enteryourpassword.3. Receivearandomlygeneratedcodeonyourphone.4. Enterthatasasecondpasswordonthesite.
Herearesomesitesthatoffer2-stepverification:Google/Gmail--https://www.google.com/landing/2step/Facebook--GotoSettings,SecurityandselectLoginApprovalsApple/iTunes/iCloud--https://support.apple.com/en-us/HT204152
ExampleofwhatyouwillseeontheAppleSign-InSite.
Stepstotakeifyouthinkyouhavebeencompromised.
1. Changethepasswordforthecompromisedsite.2. Changethequestionsandanswerstothesecurityquestionsforthatsite.3. Changethepasswordsforothersites.4. Setupaprioritizedlistofsitesthatneedtohavepasswordschanged
• Allyouremailaccountpasswords• Bankandinvestmentaccounts• Facebookandothersocialsites• Amazon,Netflix• eBay/PayPal• AppleID/iCloud
MacSecurityMacGroupPresentationFebruary15,2016NonnieMarkeset
Ialsorecommendthatyousetupascheduletochangepasswordseverysixmonths,atleastforyourmostimportantsites.Whattodoifyougetconstantpop-upsinyourwebbrowserwarningyouthatyourcomputerhasbeencompromised.DONOTCLICKONTHELINK.DONOTDOWNLOADTHESUGGESTEDAPPTHATCLAIMSITWILLCLEANYOURCOMPUTER.Instead:
1. InSafari(FirefoxandChromehavesimilarprocedures)“ClearHistory”intheSafaridropdownmenu
i.
2. InSafariPreferences,goto“Privacy”
MacSecurityMacGroupPresentationFebruary15,2016NonnieMarkeset
Malware,Viruses,TrojanHorsesandHackersThesearevulnerabilitiesthatcomefromexternalsources.Virusesareatypeofmalwarethatgetinstalledonacomputerwithoutpermissionandhavetheabilitytocreatehavocwithyourcomputer.Thistypeofmalwareisatthispoint“non-existent”onMacsbecauseofthesafeguardsApplesetsup.ThetypesofmalwarethatMacusersmustbeawareofarecalledTrojanhorses.Theyarepiecesofsoftwarethatcanpiggybackonothersoftwaretogetintoyourcomputer.Basicallyyougivethempermissionwithoutknowingit.DoyouneedAnti-Virussoftwaretoprotectyourselffromthese?MostMacpunditswillsayno.Insteadfollowthese4rules.
1. KeepyourMacupdateda. MakesureyouhavethelatestOSandwhenincrementalupdatescome
throughmakesuretoinstallthemb. Updatetheappsyouusewhenyouarenotifiedofupdates.c. TurnonAuto-Updateifyouwant,inSystemPreferences-AppStore
2. Downloadsoftwareonlyfromtrustedsites.Herearesomesafesites
MacAppStoreAdobe
MicrosoftAgilebits
Ifanofferistoogoodtobetrue,itisusuallytoogoodtobetrue!3. Stayinformedandresearchanunknownsitebeforeyoudownloadfromit.
Searchthewebtoseeifthereisanyinfoonthecompany.2goodsitestocheckandtokeepyouinformedare:MacRumors.comCultOfMac.com
4. Donotclickonlinkscontainedinemailsyoureceive.• Asfrustratingasthisisyouaresaferifyouopenyourwebbrowser
andmanuallyputintheaddress…notcopyit.• Gmailhastwonewsymbolstoinformyouifyouremailisbeingsent
encryptedandifthepersonyouarereceivingtheemailfromistheactualpersonsendingtheemail.Thefirstisrepresentedbyalockandthesecondbyaquestionmark.
ExtraProtection
1. InSafariPreferencesunderGeneralmakesure“OpenSafeFiles”isunchecked*2. InSystemPreferencesunderSecurityandPrivacy,chose“MacAppStoreand
IdentifiedDevelopers”.**FirewallThefirewallletsyoublockincomingtraffictoparticularprograms,meaningitisonlyusefulifthereareprogramsonyourcomputerthatyouwanttorestrictintermsofincominginformation.Ifthat’snotthecase,andifyouusetheInternetprimarilybehindasecurerouter,youprobablydon’tneedtoenableafirewallatall.
MacSecurityMacGroupPresentationFebruary15,2016NonnieMarkeset
*InSafariPreferencesunderGeneralmakesure“OpenSafeFiles”isunchecked.
**InSystemPreferencesunderSecurityandPrivacy,chose“MacAppStoreandIdentifiedDevelopers”.**