How to help keep your Mac secure

Keep up with Software Updates for the MacOS as well as browser updates if you use a third-party web browser such as Firefox. These updates often include security patches to protect you.

If you don't use services such as remote login, file sharing or remote desktop then keep them turned off.

Keep your date and time current in the 'Data & Time' System Preference pane, preferably using the 'Set date & time automatically' feature. If your date and time are wrong you can get warnings from good, secure websites due to the date and time mismatch. The problem with this is that if you get too many false alarms because of this issue you might accidentally ignore a real warning.

When you log into web based email, always try and use an https link instead of http.

Firefox's secure website notification is located in the bottom right of the window If you use a wireless network at home make sure that it is secured, especially if you check email, shop or bank online wirelessly. Do not rely on hiding your wireless network's name or mac address filtering. Those will help but using encryption technology like WPA2 is much more secure. The Apple Airport software makes encryption easy to setup. Also, make sure you update the firmware for whatever network hardware you use.

Safari's secure website notification is located on the top right of the window When shopping online always check for the secure icons in your browser.

Think of buying something over the internet as if you were buying something from a street vendor while you're across the street getting coffee, yelling your credit card information across the street. Someone could be listening and get that information. A better way would be to scramble your credit card information so that even if someone was listening they wouldnt' know what the information meant. That's what a secure web site does automatically for you. All you need to do is make sure that the site is secure, as shown by the small locks in the screen shots for Safari and Firefox.

If you find a 'secure' website and your browser gives you a warning that says that it 'could not verify the identity of the website' (or text along those lines) avoid the site until they have the issue fixed and the message goes away. Send them an email but regardless of what they tell you, don't send them secure information until the message goes away.

When you're away from your machine be extremely cautious about logging into secure web applications and always make sure that you log out when you're finished.

If you use wireless networks other than your own, avoid shopping, banking and checking your email. Email passwords can be especially vulnerable since may are transmitted in clear text, which means someone capture them. Your email accounts are extremely important since many banks and online services are tied to them now.

Don't download applications you receive in email. Just don't. And don't send anyone applications, pictures or videos in email. Send them a link instead! There are many free hosting solutions available. Download Mac software from reputible sources only. That means avoid things like torrent and 'file sharing' applications.

Don't click on links in emails for anything, even if they're from your bank. Use your own bookmarks or type them directly into your browser. This is good practice to have in the event you're having a busy day and accidentally click on a bogus link in an email that looks like it's your bank.

Save your passwords in a password protected application, such as Data Guardian. That way you only have to remember one good password. And since you store your passwords in an application and don't have to remember them, use the auto generate password feature since these are often very good passwords. Then copy and paste from the password application whenever you need to login to a web application. If you must set your own passwords then use letters and numbers and do not use the same password for different sites.

Unfortunately these applications don't automatically expire passwords for you so you should regularly reset them yourself.

Data Guardian
http://www.koingosw.com/products/dataguardian.php

If your Mac is not in a physically secure location and other users could access it you should always logout when you're done using the machine as well as use a password protected screen saver.

These will help but keep in mind that anyone could reboot your Mac, insert a MacOS X installation cd, hold down the 'c' key to boot from the CD-ROM and then do things like reset passwords, erase your drive, etc.

A good solution to protect data in this case would be to utilize Apple's 'FileVault' software that encrypts data on your hard drive, or purchase a third party equivalent. That won't save the data if someone erases your hard drive but they certainly won't be able to get at your important information.

The 'Firewall' System Preference in Leopard. Protect your Mac from incoming intrusions:

Make sure your Firewall is turned on. On MacOS X Leopard, click on the 'Security' System Preference and then click the 'Firewall' tab. Either check 'Block all incoming connections' or 'Set access for specific services and applications' if you use services like Apple Remote Desktop, ssh, Web Sharing, etc. and want to allow them but block everything else.

Even better, if you don't mind spending some money for the additional security, use DoorStop and "Who's There". DoorStop is an enhanced firewall that works in tandem with "Who's There," which provides detailed information on anyone who may have tried to access your system while the software is in use.

With these two pieces of software installed on your Mac, it will be much more difficult for your system to become compromised.

DoorStop and Who's There
http://www.opendoor.com/

The DoorStop interface Protect your Mac from outgoing intrusions:

Applications like 'Little Snitch' make sure that nothing on your Mac transmits information outbound without your knowledge. You need to train this application so that it knows which applications can transmit to who (and how, based on a port number) but it makes this process easy. Any time anything on your Mac wants to send anything outbound, 'Little Snitch' steps in, pauses that communication and gives you the opportunity to allow or deny it.

Little Snitch
http://www.obdev.at/products/littlesnitch/index.html