This site is brought to you by the Electrical and Computer Engineering department

Note:  Apple is no longer providing support for OS X 10.6 (Snow Leopard).  Please ensure a plan to upgrade your system(s) have been identified.

 

Antivirus-Malware-Spyware Protection

There are several applications available to end-users to download and install on their systems.

Cisco AMP - (only for UT systems).  Please email help@ece.utexas.edu and provide the UT asset tag number (silver sticker The Property of The University of Texas at Austin) for further details.  Your system will need to be verified it is property of the University.

Personal Computers

Sophos

For personally owned Mac computers, the free online Sophos anti-virus software is recommended.

Download Sophos at https://home.sophos.com/mac.


Apply Security Updates

  1. Select the Apple Menu
  2. Click About this Mac
  3. Select Software Updates

Automatic Updates:  OS System Configuration

  1. Open System Preferences via the Dock or Apple Menu
  2. Select the App Store
  3. Select Automatically check for updates
  4. Select Download newly available updates in the background
    1. Optional:  If you want available updates to automatically install after being downloaded, select the options below.
      1. Select Install app updates
      2. Select Install macOS updates
      3. Select Install system data files and security updates

Note:  If you decide not to have the updates automatically install, be sure to install them in a timely manner when prompted to do after the updates have automatically been updated (step 3 & 4).  Your device should continue to prompt you on a scheduled basis.

Enable and Configure Event Logging

By default, OS X "should" be enabled for logging.  To enable logging:

For OS X:

  1. You must temporarily log in as an administrator or your current account must have sudo access
  2. In spotlight (upper right-hand corner), search for terminal and select it
  3. Type sudo launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist
  4. Enter administrative credentials
  5. If the system was already enabled for logging, you should receive the notification Already loaded in the terminal window

Note:  the log files are rotated often by time of day, days indicated, and/or exceeding the maximum file size. 

For advanced or custom log retention schedules:

  1. You must temporarily log in as an administrator or your current account must have sudo access
  2. In spotlight (upper right-hand corner), search for terminal and select it
  3. type cd /etc
  4. type sudo vi newsyslog.conf

A list of various log files with their retention schedule are displayed.  Notice the count and size options available to change.  You have the option to increase these amounts if desired.

Example:  To change the count (amount of back up logs) for the system.log file.  Continuing in the terminal window with the newsyslog.conf file open for editing:

  1. manually (using down arrow key) navigate to the system.log file
  2. navigate using the arrow key to the current count number (e.g. 7)
  3. verify the number is highlighted and press x to delete the current the number
  4. type i for the insert command and enter the new count number
  5. press the ESC key, followed by :wq! and press enter.  This will save your entry.

A system restart will make the permanent changes.


Enable Firewall

  1. Open System Preferences via the Dock or Apple Menu
  2. Click Security & Privacy
  3. Click the Firewall tab and select Turn ON Firewall

Note: If the orange padlock icon in the lower left side of the window is closed, click it, and then authenticate with your Mac's administrator username and password.

Optional

To configure the firewall, click Firewall Options... (10.7 and later)

    1. In the options presented, select a suitable option


Encryption:  Enable FileVault

  1. Open System Preferences via the Dock or Apple Menu
  2. Select Security & Privacy
  3. Select the FileVault tab and select Turn ON FileVault
  4. Make note of the Recovery Key and store in a safe place.  Recommended option for UT personnel is STACHE


Operate with a standard OS X account

Running as an administrator?  Administrative accounts are granted the ability to virtually perform anything on the computer. Every computer has an administrative account, and many users have the tendency to operate their computer in an administrative mode on a daily basis.  This is against guidelines set forth by the Information Security Office.

With an administrative account, malware/viruses have an easier time:

  • Hiding itself in the system to install rootkits, backdoors, keyloggers.
  • Creating new administrative accounts
  • Accessing and running privileges services
  • Using an infected system to attack other vulnerable computers on the network

Yes, even Mac OS X systems are susceptible to keyloggers, rootkits, trojans, and other unauthorized malicious applications 

If your current account is now an administrative account, you should downgrade this account with only “user/standard” privileges, while also creating a new account for administrative purposes.


Create a new administrative user account

  1. Open System Preferences via the Dock or Apple Menu
  2. Go to Users & Groups
  3. Click on the "+" to add a new account
    1. If the security lock is closed (lower left corner), click it and authenticate
  4. Enter an account name and password, and click on Create User
  5. Select the recently created User Account & Check Allow user to administer the computer

Demote the original user account to a standard user

  1. Log out of your account and log in with your new administrator account created in the steps above. Return to Users and Groups (Steps 1 & 2 above).
  2. Select the administrator that you want to demote and Uncheck Allow user to administer the computer
  3. Restart the computer for changes to take effect
  4. Login with the primary, standard user account that was just demoted.

Note:  When privileged elevation is required (for example - installing a new application or updating OS X) you will be prompted to grant that elevation by logging in with your new administrator account and password that was just created.

Password Complexity

Secure unattended computers


There are two methods to choose from, but both require Step 5 in either option to be completed.

Turn display off after

  1. Open System Preferences via the Dock or Apple Menu
  2. Selct Energy Saver
  3. Configure the time to place the system in sleep mode.  At least 15 minutes or less.
  4. Navigate back to System Preferences home panel and select Security & Privacy
  5. In the General tab, set Check Require password for sleep or screen saver (immediately).

Set Screensaver

  1. Open System Preferences via the Dock or Apple Menu
  2. Select Desktop & Screen Saver
  3. Use the drop-down options to select 10 minutes (this is the minimum option)
  4. Navigate back to System Preferences home panel and select Security & Privacy
  5. In the General tab, setCheck Require password for sleep or screen saver (immediately).

Supported Operating System

Special note:  Apple does not publish an official support cycle for macOS.  However, in general based on patching for the past few versions of macOS the following seems to apply:

  1. The current version of OS X gets updates to address security issues and bugs
  2. The previous version of OS X also gets security updates and might get some bug fixes
  3. The previous - previous version also gets security updates and is unlikely to get bug fixes
  4. Older versions are unlikely to get security updates and will not get bug fixes (unsupported)

Since new versions are released every year, this roughly corresponds to a 3 year support cycle, but again there's no commitment on Apple's part. The only official supported release is the most recent one.

For example:  Mavericks (10.9 - October 2013) - > Yosemite (10.10 - October 2014) -> El Capitan (10.11 - September 2015) -> Sierra (10.12 - September 2016) -> High Sierra (10.13 - September 2017)

When High Sierra was released, everything before El Capitan could be considered unsupported. Though again it's not a conclusive statement, since an update for Yosemite was released in July 2017. This may have been due to the severity of the bug being fixed or the proximity of the patch to High Sierra's release. There is no way of knowing. However, given their past behavior it seems that any operating system older than El Capitan (10.11) would be considered unsupported.



  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility