British Flag
British Apple Users Info & Support
LOGIN
The next event is:
Internet Retailing Conference 2017

On 5 May 2017
More events…

macOS 10.12 Sierra
FREE
Amazon UK Mac Software Affiliate Link Discounted Shopping via QuidCo
10% Off at Maclocks.com CODE:LL10
I love Quidco

Mac Security Article #1 - Physical

Article ID = 81
Article Title = Mac Security Article #1 - Physical
Article Author(s) = Graham Needham (BH)
Article Created On = 22nd May 2012
Article Last Updated = 26th July 2016
Article URL = http://www.macstrategy.com/article.php?81

Article Brief Description:
Physical security recommendations for your Mac computer

Physical Security

Regardless of many of the security measures you may put in place one of the most overlooked aspects is physical security. This article has the following sections:
  1. Physical Access
  2. Physical Removal Of Components
  3. Physical Removal Of Computer
It is number one in a series of MacStrategy security articles.

Physical Access

Someone can either sit at your computer when you are not there or your computer/laptop can easily be lost or stolen. Other than setting up specific secure access procedures such as those used for server environments (e.g. cages, locked rooms, logged physical access, security alarms) there are some basic things that anyone can do to help protect your computer and data:
Password Protection And Disable Automatic Login (OS X 10.7 or later)
  1. Go to Apple Menu > System Preferences > Users & Groups
  2. If the padlock icon in the bottom left is locked click on it to unlock it (enter your administrator user name and password)
  3. Click "Login Options" in the bottom left
  4. Set the 'Automatic Login' pop-up menu to "Off"
  5. Set 'Display Login Window' as "Name and password"
  6. Untick "Show fast user switching menu as"
  7. Click the "Show All" button in the top left
  8. Click the "Security & Privacy" icon
  9. Tick "Require password for sleep and screen saver" (we recommend "immediately" or "after 5 seconds")
  10. Tick "Disable automatic login"
  11. Click the "Advanced" button in the bottom right
  12. Tick "Log out after xx minutes of inactivity" (where xx is your required inactivity timeframe)
  13. Tick "Require an administrator password to access locked preferences"
  14. Tick "Automatically update safe downloads list"
  15. Tick "Disable restarting Safari when screen is locked"
  16. Tick "Disable remote control infrared receiver"
  17. Click the "OK" button
  18. Click the "Show All" button in the top left
  19. Click the "Desktop And Screen Saver" icon
  20. Click the "Screen Saver" tab
  21. Select a screen saver on the left side of the window
  22. Set 'Start Screen Saver' to anything other than "Never" (5 minutes is usually a good choice)
  23. NOTE: If you want to, you can click on the "Hot Corners" button and set one of the corners of the screen to "Start Screen Saver". This allows you to move the mouse pointer to the corner of the desktop specified to launch the screen saver immediately
  24. Click the padlock icon in the bottom left to lock it
Password Protection And Disable Automatic Login (Mac OS X 10.4, 10.5 And 10.6)
  1. Go to Apple Menu > System Preferences > Accounts
  2. If the padlock icon in the bottom left is locked click on it to unlock it (enter your administrator user name and password)
  3. Click "Login Options" in the bottom left
  4. Set the 'Automatic Login' pop-up menu to "Disabled"
  5. Set 'Display Login Window' as "Name and password"
  6. Untick "Enable Fast User Switching"
  7. Click the "Show All" button in the top left
  8. Click the "Security" icon
  9. Tick "Require password to wake this computer from sleep or screen saver"
  10. Tick "Disable automatic login"
  11. Tick "Require password to unlock each System Preference pane"
  12. Tick "Log out after xx minutes of inactivity" (where xx is your required inactivity timeframe)
  13. Tick "Use secure virtual memory"
  14. Click the "Show All" button in the top left
  15. Click the "Desktop And Screen Saver" icon
  16. Click the "Screen Saver" tab
  17. Select a screen saver on the left side of the window
  18. Set 'Start Screen Saver' to anything other than "Never" (5 minutes is usually a good choice)
  19. NOTE: If you want to, you can click on the "Hot Corners" button and set one of the corners of the screen to "Start Screen Saver". This allows you to move the mouse pointer to the corner of the desktop specified to launch the screen saver immediately
  20. Click the padlock icon in the bottom left to lock the Preferences
Set A Strong User Account Password (All Versions Of OS X)
  1. Go to Apple Menu > System Preferences > Accounts or Users & Groups
  2. If the padlock icon in the bottom left is locked click on it to unlock it (enter your administrator user name and password)
  3. Select your user account on the left side of the window
  4. Click the "Password" tab on the right
  5. Click the "Change Password" button in the top left
  6. Enter the details as required setting a strong password for "New password" (remember you can use the Password Assistant here by clicking on the key icon)
  7. Click the "Change Password" button
  8. Click the padlock icon in the bottom left to lock the Preferences
Set An Open Firmware Password (Modern Mac Computers Only)
Follow Apple's instructions to set an open firmware password.
Multiple Users On One Computer
Create user accounts for each individual person. Most people will only need a "standard" account.
  1. Go to Apple Menu > System Preferences > Accounts or Users & Groups
  2. If the padlock icon in the bottom left is locked click on it to unlock it (enter your administrator user name and password)
  3. Click the "+" button in the bottom left corner
  4. Select the required user type from the 'New Account' pop-up menu (usually "Standard")
  5. Enter the details as required setting a strong password for "New password" (remember you can use the Password Assistant here by clicking on the key icon)
  6. Click the "Create User" button
  7. Click the padlock icon in the bottom left to lock the Preferences
Child/Managed Accounts (Parental Controls)
  1. Go to Apple Menu > System Preferences > Accounts or Users & Groups
  2. If the padlock icon in the bottom left is locked click on it to unlock it (enter your administrator user name and password)
  3. Click the "+" button in the bottom left corner
  4. Select "Managed with Parental Controls" from the 'New Account' pop-up menu
  5. Enter the details as required setting a strong password for "New password" (remember you can use the Password Assistant here by clicking on the key icon)
  6. Click the "Create User" button
  7. Click the "Show All" button in the top left
  8. Click the "Parental Controls" icon
  9. Configure Parental Controls as required
  10. Click the padlock icon in the bottom left to lock the Preferences
For more information on Parental Controls see Apple's Parental Controls video.
Guests
If someone just wants to "jump on your computer to check their webmail" consider setting up a specific guest account for them to use (Mac OS X 10.5 or later):
  1. Go to Apple Menu > System Preferences > Accounts or Users & Groups
  2. If the padlock icon in the bottom left is locked click on it to unlock it (enter your administrator user name and password)
  3. Select the "Guest Account" or "Guest User" account on the left side of the window
  4. Tick "Allow guests " tab on the right
  5. Configure Parental Controls if required by ticking "Enable parental controls" and clicking "Open Parental Controls"
  6. It is probably best to untick "Allow guests to connect to shared folders" if it is not required
  7. Click the padlock icon in the bottom left to lock the Preferences
If you are using Mac OS X 10.4 or earlier just create a new managed account called "Guest Access" or something similar, with parental controls enabled as required (see "Child/Managed Accounts" above).
Cameras
Most Macs have a built-in (iSight) camera. Although it is generally only on when a software application specifically requests access to it some people may want to switch it off. Although there are scripts for this to be honest the best way of disabling the camera is simply to tape something over it.

Physical Removal Of Components

You can help protect the components inside your computer such as the hard disk/SSD with your data on it on some Apple computers. Although some Mac computers make it hard to get at the internal components if your data is sensitive you may still want to consider encrypting it.
Mac computers that are easy to get into but you can enhance their protection
  • Mac Pro (all models)
  • Power Macintosh G5 (all models)
  • Power Macintosh G4 (all models)
  • Power Macintosh G3 (Blue & White)
The G3 and G4 models have a latch on the back at the top that can be pulled out and secured using a padlock. The G5 and Mac Pro (Silver) models have a (door) latch on the back with a locking mechanism that can be flicked down and then secured using a padlock. The Mac Pro (Black) models have the option of a security lock adapter.
Mac computers that are relatively hard to get into
  • MacBook Pro (all models prior to the Unibody models - prior to 2009)
  • MacBook Pro (Retina Display models)
  • MacBook Air
  • Mac mini
  • iMac (all models except G5 model)
  • eMac
  • iBook (all models)
  • PowerBook G4 (all models)
Mac computers that are easy to get into:
Encrypting your data is highly recommended on these models.

NOTE: Although the Xserve had easy access to some components one would assume that as it is a server you have physical access security procedures already in place for it.

Physical Removal Of Computer

NOTE: Although these recommendations will help against physical removal of your computer if your data is sensitive you may still want to consider encrypting it.
Macs And Kensington Lock Slots
The following Mac computers have a Kensington lock slot:
  • iMac (all models)
  • MacBook Pro (all models)
  • MacBook (all models)
  • Mac mini (white models only)
  • Power Macintosh G4 (all models)
  • Power Macintosh G3 (Blue & White)
  • Cube
  • eMac
  • iBook (all models)
  • PowerBook G4 (all models)
  • PowerBook G3 (all models)
The following Mac computers do not have a Kensington lock slot but can be secured using the computer's metal frame:
  • Mac Pro (Silver)
  • Power Macintosh G5 (all models)
The following Mac computers do not have a Kensington lock slot:
  • Mac Pro (Black) - however, there is an optional security lock adapter from Apple
  • MacBook Air (all models)
  • MacBook Pro (Retina Display models)
  • Mac mini (Aluminium/silver models)
Securing physical Access and encrypting your data is highly recommended on these models.

NOTE: Although the Xserve does not have a Kensington lock slot one would assume that as it is a server you have physical access security procedures already in place for it.
Locks And Cables
Computer Cages And Specialist Locks
Additional Solutions
  • iAlertU software motion sensor alarm for modern Mac laptops
  • SecuriKey an ignition key for your computer

Article Keywords: Macintosh Mac OS X OSX macOS Security

This article is © MacStrategy » a trading name of Burning Helix. Apple, the Apple logo, and Mac are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc.


If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.
If this information helped you or saved you time and/or money why not donate a little to us via PayPal?
All proceeds go directly to MacStrategy / Burning Helix Limited to help fund this web site.

Go to this
web page
to donate to us.