Using the Mac Security Preference Pane

1
Mac Security - Using the Mac Security Preference Pane

Security preference pane
The Security preference pane allows you to control the security level of the user accounts on your Mac. Computer: iStock

The Security preference pane allows you to control the security level of the user accounts on your Mac. In addition, the Security preference pane is where you configure your Mac's firewall, as well as turn data encryption on or off for your user account.

The Security preference pane is divided into three sections.

General: Controls password usage, specifically, whether passwords are required for certain activities. Controls automatic log-out of a user account. Lets you specify whether location-based services have access to your Mac's location data.

FileVault: Controls data encryption for your home folder, and all of your user data.

Firewall: Allows you to enable or disable your Mac's built-in firewall, as well as configure the various firewall settings.

Let's get started with configuring the security settings for your Mac.

Launch the Security Preference Pane

Click the System Preferences icon in the Dock or select 'System Preferences' from the Apple menu.

Click the Security icon in the Personal section of the System Preferences window.

Proceed to the next page to learn about the General configuration options.

2
Using the Mac Security Preference Pane - General Mac Security Settings

Using the Mac Security Preference Pane - General Mac Security Settings
The General section of the Security preference pane controls a number of basic but important security settings for your Mac.

The Mac Security preference pane has three tabs along the top of the window. Select the General tab to get started with configuring your Mac's general security settings.

The General section of the Security preference pane controls a number of basic but important security settings for your Mac. In this guide, we will show you what each setting does, and how to make changes to the settings. You can then decide if you need the security enhancements available from the Security preference pane.

If you share your Mac with others, or your Mac is located in a place where others can easily gain access to it, you may wish to make some changes to these settings.

General Mac Security Settings

Before you can begin making changes, you must first authenticate your identity with your Mac.

Click the lock icon in the bottom left-hand corner of the Security preference pane.

You will be prompted for an administrator username and password. Provide the requested information, and then click OK.

The lock icon will change to an unlocked state. You're now ready to make any changes you wish.

Require password: If you place a check mark here, then you (or anyone who attempts to use your Mac) will be required to provide the password for the currently account in order to exit sleep or an active screen saver. This is a good basic security measure that can keep prying eyes from seeing what you're currently working on, or accessing your user account data.

If you select this option, you can then use the dropdown menu to select a time interval before the password is required. I suggest selecting an interval long enough that you can exit a sleep or screen saver session that starts unexpectedly, without needing to provide a password. Five seconds or 1 minute are good choices.

Disable automatic login: This option requires users to authenticate their identity with their password any time they log on.

Require a password to unlock each System Preferences pane: With this option selected, users must provide their account ID and password any time they attempt to make a change to any secure system preference. Normally, the first authentication unlocks all secure system preferences.

Log out after xx minutes of inactivity: This option lets you select a set amount of idle time after which the currently logged-in account will be automatically logged out.

Use secure virtual memory: Selecting this option will force any RAM data written to your hard drive to be first encrypted. This applies to both virtual memory usage and Sleep mode, when the contents of RAM are written to your hard drive.

Disable Location Services: Selecting this option will prevent your Mac from providing location data to any application that requests the information.

Click the Reset Warnings button to remove location data already in use by applications.

Disable remote control infrared receiver: If your Mac is equipped with an IR receiver, this option will turn the receiver off, preventing any IR device from sending commands to your Mac.

3
Using the Mac Security Preference Pane - FileVault Settings

Using the Mac Security Preference Pane - FileVault Settings
FileVault can be very handy for those with portable Macs who are concerned about loss or theft.

FileVault uses a 128-bit (AES-128) encryption scheme to protect your user data from prying eyes. Encrypting your home folder makes it nearly impossible for anyone to access any user data on your Mac without your account name and password.

FileVault can be very handy for those with portable Macs who are concerned about loss or theft. When FileVault is enabled, your home folder becomes an encrypted disk image that is mounted for access after you log in. When you log off, shut down, or sleep, the home folder image is unmounted and is no longer available.

When you first enable FileVault, you may find the encryption process can take a very long time. Your Mac is converting all of your home folder data into the encrypted disk image. Once the encryption process is complete, your Mac will encrypt and decrypt individual files as needed, on the fly. This results in only a very slight performance penalty, one that you will rarely notice except when accessing very large files.

To change FileVault's settings, select the FileVault tab in the Security Preferences pane.

Configuring FileVault

Before you can begin making changes, you must first authenticate your identity with your Mac.

Click the lock icon in the bottom left-hand corner of the Security preference pane.

You will be prompted for an administrator username and password. Provide the requested information, and then click OK.

The lock icon will change to an unlocked state. You're now ready to make any changes you wish.

Set Master Password: The master password is a fail-safe. It allows you to reset your user password in the event you forget your login information. However, if you forget both your user account password and the master password, you will not be able to access your user data.

Turn On FileVault: This will enable the FileVault encryption system for your user account. You will be asked for your account password and then given the following options:

Use secure erase: This option overwrites the data when you empty the trash. This ensures that the trashed data is not easily recoverable.

Use secure virtual memory: Selecting this option will force any RAM data written to your hard drive to be first encrypted.

When you turn FileVault on, you will be logged out while your Mac encrypts your home folder's data. This can take quite a while, depending on the size of your home folder.

Once the encryption process is complete, your Mac will display the login screen, where you can provide your account password to log in.

4
Using the Mac Security Preference Pane - Configuring Your Mac's Firewall

Using the Mac Security Preference Pane - Configuring Your Mac's Firewall
The application firewall makes it easier to configure the firewall settings. Instead of needing to know which ports and protocols are necessary, you can just specify which applications have the right to make incoming or outgoing connection.

Your Mac includes a personal firewall you can use to prevent network or Internet connections. The Mac's firewall is based on a standard UNIX firewall called ipfw. This is a good, though basic, packet-filtering firewall. To this basic firewall Apple adds a socket-filtering system, also known as an application firewall. The application firewall makes it easier to configure the firewall settings. Instead of needing to know which ports and protocols are necessary, you can just specify which applications have the right to make incoming or outgoing connections.

To begin, select the Firewall tab in the Security preference pane.

Configuring the Mac's Firewall

Before you can begin making changes, you must first authenticate your identity with your Mac.

Click the lock icon in the bottom left-hand corner of the Security preference pane.

You will be prompted for an administrator username and password. Provide the requested information, and then click OK.

The lock icon will change to an unlocked state. You're now ready to make any changes you wish.

Start: This button will start the Mac's firewall. Once the firewall has been started, the Start button will change to a Stop button.

Advanced: Clicking this button will allow you to set the options for the Mac's firewall. The Advanced button is only enabled when the firewall is turned on.

Advanced Options

Block all incoming connections: Selecting this option will cause the firewall to prevent any incoming connections to non-essential services. Essential services as defined by Apple are:

Configd: Allows DHCP and other network configuration services to occur.

mDNSResponder: Allows the Bonjour protocol to function.

raccoon: Allows IPSec (Internet Protocol Security) to function.

If you choose to block all incoming connections, then most file, screen, and print sharing services will no longer function.

Automatically allow signed software to receive incoming connections: When selected, this option will automatically add securely signed software applications to the list of applications that are allowed to accept connections from an external network, including the Internet.

You can manually add applications to the firewall's application filter list using the plus (+) button. Likewise, you can remove applications from the list using the minus (-) button.

Enable stealth mode: When enabled, this setting will prevent your Mac from responding to traffic queries from the network. This will make your Mac appear to be non-existent on a network.