CIS Apple OSX 10.9 Benchmark

Total Page:16

File Type:pdf, Size:1020Kb

CIS Apple OSX 10.9 Benchmark CIS Apple OSX 10.9 Benchmark v1.3.0 - 11-04-2016 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License. The link to the license terms can be found at https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode To further clarify the Creative Commons license related to CIS Benchmark content, you are authorized to copy and redistribute the content for use by you, within your organization and outside your organization for non-commercial purposes only, provided that (i) appropriate credit is given to CIS, (ii) a link to the license is provided. Additionally, if you remix, transform or build upon the CIS Benchmark(s), you may only distribute the modified materials if they are subject to the same license terms as the original Benchmark license and your derivative will no longer be a CIS Benchmark. Commercial use of CIS Benchmarks is subject to the prior approval of the Center for Internet Security. 1 | P a g e Table of Contents Overview .................................................................................................................................................................. 7 Intended Audience ........................................................................................................................................... 7 Consensus Guidance ........................................................................................................................................ 7 Typographical Conventions ......................................................................................................................... 8 Scoring Information ........................................................................................................................................ 8 Profile Definitions ............................................................................................................................................ 9 Acknowledgements ...................................................................................................................................... 10 Recommendations ............................................................................................................................................. 11 1 Install Updates, Patches and Additional Security Software ...................................................... 11 1.1 Verify all Apple provided software is current (Scored) ................................................ 11 1.2 Enable Auto Update Checks (Scored) ................................................................................... 13 1.3 Enable app update installs (Scored) ..................................................................................... 15 1.4 Enable system data files and security update installs (Scored) ................................. 17 2 System Preferences ................................................................................................................................... 18 2.1 Bluetooth .............................................................................................................................................. 19 2.1.1 Turn off Bluetooth, if no paired devices exist (Scored) ............................................. 19 2.1.2 Turn off Bluetooth "Discoverable" mode when not pairing devices (Scored) .. 21 2.1.3 Show Bluetooth status in menu bar (Scored) ................................................................ 22 2.2 Date & Time ......................................................................................................................................... 23 2.2.1 Enable "Set time and date automatically" (Not Scored) ............................................ 23 2.2.2 Ensure time set is within appropriate limits (Scored) ............................................... 25 2.2.3 Restrict NTP server to loopback interface (Scored) ................................................... 27 2.3 Desktop & Screen Saver .................................................................................................................. 29 2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver (Scored) . 29 2.3.2 Secure screen saver corners (Scored) .............................................................................. 31 2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver (Not Scored) ..................................................................................................................................................................... 32 2 | P a g e 2.3.4 Set a screen corner to Start Screen Saver (Scored) ..................................................... 34 2.4 Sharing................................................................................................................................................... 35 2.4.1 Disable Remote Apple Events (Scored) ............................................................................ 35 2.4.2 Disable Internet Sharing (Scored) ...................................................................................... 36 2.4.3 Disable Screen Sharing (Scored) ......................................................................................... 37 2.4.4 Disable Printer Sharing (Scored) ........................................................................................ 38 2.4.5 Disable Remote Login (Scored) ........................................................................................... 39 2.4.6 Disable DVD or CD Sharing (Scored) ................................................................................. 41 2.4.7 Disable Bluetooth Sharing (Scored) .................................................................................. 42 2.4.8 Disable File Sharing (Scored) ............................................................................................... 43 2.4.9 Disable Remote Management (Scored) ............................................................................ 45 2.5 Energy Saver ....................................................................................................................................... 47 2.5.1 Disable "Wake for network access" (Scored) ................................................................ 47 2.5.2 Disable sleeping the computer when connected to power (Scored) .................... 49 2.6 Security & Privacy ............................................................................................................................. 51 2.6.1 Enable FileVault (Scored) ...................................................................................................... 51 2.6.2 Enable Gatekeeper (Scored) ................................................................................................. 52 2.6.3 Enable Firewall (Scored) ....................................................................................................... 53 2.6.4 Enable Firewall Stealth Mode (Scored) ............................................................................ 55 2.6.5 Review Application Firewall Rules (Scored).................................................................. 57 2.6.6 Enable Location Services (Not Scored) ............................................................................ 59 2.6.7 Monitor Location Services Access (Not Scored) ........................................................... 61 2.7 iCloud ..................................................................................................................................................... 63 2.7.1 iCloud configuration (Not Scored) ..................................................................................... 63 2.7.2 iCloud keychain (Not Scored) .............................................................................................. 65 2.8 Time Machine ..................................................................................................................................... 66 2.8.1 Time Machine Auto-Backup (Scored) ............................................................................... 66 2.8.2 Time Machine Volumes Are Encrypted (Not Scored) ................................................. 69 2.9 Pair the remote control infrared receiver if enabled (Scored) ................................... 71 2.10 Enable Secure Keyboard Entry in terminal.app (Scored) .......................................... 73 3 | P a g e 2.11 Java 6 is not the default Java runtime (Scored) .............................................................. 74 2.12 Configure Secure Empty Trash (Scored) .......................................................................... 75 3 Logging and Auditing ............................................................................................................................... 76 3.1 Configure asl.conf .............................................................................................................................. 77 3.1.1 Retain system.log for 90 or more days (Scored) .......................................................... 77 3.1.2 Retain appfirewall.log for 90 or more days (Scored) ................................................. 79 3.1.3 Retain authd.log for 90 or more days (Scored) ............................................................. 81 3.2 Enable security auditing (Scored) ......................................................................................... 83 3.3 Configure Security Auditing Flags (Scored) ......................................................................
Recommended publications
  • CIS Apple Macos 10.12 Benchmark
    CIS Apple macOS 10.12 Benchmark v1.1.0 - 09-06-2018 Terms of Use Please see the below link for our current terms of use: https://www.cisecurity.org/cis-securesuite/cis-securesuite-membership-terms-of-use/ 1 | P a g e Table of Contents Terms of Use ........................................................................................................................................................... 1 Overview .................................................................................................................................................................. 7 Intended Audience ........................................................................................................................................... 7 Consensus Guidance ........................................................................................................................................ 7 Typographical Conventions ......................................................................................................................... 8 Scoring Information ........................................................................................................................................ 8 Profile Definitions ............................................................................................................................................ 9 Acknowledgements ...................................................................................................................................... 10 Recommendations ............................................................................................................................................
    [Show full text]
  • Mac OS X Desktop.Pdf
    Apple Training Series Mac OS X Support Essentials v10.6 Kevin M. White Apple Training Series: Mac OS X Support Essentials v10.6 Kevin M. White Copyright © 2010 by Apple Inc. Published by Peachpit Press. For information on Peachpit Press books, contact: Peachpit Press 1249 Eighth Street Berkeley, CA 94710 510/524-2178 510/524-2221 (fax) www.peachpit.com To report errors, please send a note to [email protected]. Peachpit Press is a division of Pearson Education. Apple Training Series Editor: Rebecca Freed Production Editors: Danielle Foster, Becky Winter Copyeditor: Peggy Nauts Tech Editor: Gordon Davisson Apple Editor: Shane Ross Proofreader: Suzie Nasol Compositor: Danielle Foster Indexer: Valerie Perry Cover design: Mimi Heft Cover illustrator: Kent Oberheu Notice of Rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. For infor- mation on getting permission for reprints and excerpts, contact [email protected]. Notice of Liability The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been taken in the preparation of the book, neither the author nor Peachpit shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the computer software and hardware products described in it. Trademarks Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.
    [Show full text]
  • CIS Mac OS X Leopard (10.5.X) Benchmark
    Mac OS X 10.5 Leopard Level 1 & 2 Benchmark Version 1.0 May 2008 Copyright ©2008, The Center for Internet Security http://www.cisecurity.org Editor: Allan Marcus [email protected] CIS Mac OS X Leopard (10.5.x) Benchmark Table of Contents Terms of Use Agreement ........................................................................................................................... 3 1) Introduction ........................................................................................................................................ 6 1.1) Document Layout ....................................................................................................................... 6 1.2) Intended Audience ..................................................................................................................... 6 1.3) Practical Application .................................................................................................................. 7 1.4) Security Levels Explained ......................................................................................................... 7 1.5) Precursor Technical Information ............................................................................................... 7 1.6) Basic Security Principles: .......................................................................................................... 8 2) Benchmark Elements ......................................................................................................................... 9 2.1) Installation
    [Show full text]
  • CIS Apple OSX 10.11 Benchmark
    CIS Apple OSX 10.11 Benchmark v1.1.0 - 11-04-2016 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International Public License. The link to the license terms can be found at https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode To further clarify the Creative Commons license related to CIS Benchmark content, you are authorized to copy and redistribute the content for use by you, within your organization and outside your organization for non-commercial purposes only, provided that (i) appropriate credit is given to CIS, (ii) a link to the license is provided. Additionally, if you remix, transform or build upon the CIS Benchmark(s), you may only distribute the modified materials if they are subject to the same license terms as the original Benchmark license and your derivative will no longer be a CIS Benchmark. Commercial use of CIS Benchmarks is subject to the prior approval of the Center for Internet Security. 1 | P a g e Table of Contents Overview .................................................................................................................................................................. 7 Intended Audience ........................................................................................................................................... 7 Consensus Guidance ........................................................................................................................................ 7 Typographical Conventions ........................................................................................................................
    [Show full text]
  • Maccompanion February 2007
    © MPN, LLC 2007 macCompanion Page 2 February 2007, Volume 5 Issue 2 Publisher Robert L. Pritchett from MPN, LLC Editor-in-Chief Robert L. Pritchett Editor Mike Hubbartt macCompanion Assistant Editor Harry (doc) Babad February 2007 Consultant Ted Bade Advertising and Marketing Wayne Lefevre Web Administrator James Meister This issue we talk about MacWorld Expo Desktop Publishing Mike Hubbartt 2007. We will review many of new or Graphics Design Michele Patterson, James Meister Contacts Webmaster at macCompanion dot com updated products - from Apple and third Feedback at macCompanion dot com party vendors - announced at the show in rpritchett at macCompanion dot com the upcoming issues of macCompanion. Correspondence macCompanion 1952 Thayer, Drive One of macCompanion’s staff writers - Richland, WA 99352 USA Eddie Hargreaves - attended the show and Telephone: 1-509-210-0217 gives his perspective of MacWorld Expo. 1-888-684-2161 We think you’ll enjoy Rick Sutcliffe’s macCompanion Contributors Harry {doc} Babad regular monthly column, which focuses Ted Bade on the show, and a couple of our columns Matt Brewer (MacFanatic) also focus on the keynote topics. Richard Campbell Ken Crockett (Apple News Now) During Steve Jobs much anticipated key- Kale Feelhaver (AppleMacPunk) note speech, he did reveal several items Dr. Eric Flescher of interest: tv, the iPhone and a new Eddie Hargreaves company name - Apple, Inc. Jonathan Hoyle III Mike Hubbartt What we didn’t hear about at MacWorld Daphne Kalfon (I Love My Mac) Expo were things we’ve come to expect: Wayne Lefevre new or updated hardware and software. Daniel MacKenzie We’re sure Apple has a few surprises Derek Meier planned for the immediate future, like the Michele Patterson new iPod shuffles (now in blue, green, Robert Pritchett orange and pink) announced 1/30/07.
    [Show full text]
  • CIS Apple Macos 10.13 Benchmark
    CIS Apple macOS 10.13 Benchmark v1.0.0 - 08-31-2018 Terms of Use Please see the below link for our current terms of use: https://www.cisecurity.org/cis-securesuite/cis-securesuite-membership-terms-of-use/ 1 | P a g e Table of Contents Terms of Use ........................................................................................................................................................... 1 Overview .................................................................................................................................................................. 7 Intended Audience ........................................................................................................................................... 7 Consensus Guidance ........................................................................................................................................ 7 Typographical Conventions ......................................................................................................................... 8 Scoring Information ........................................................................................................................................ 8 Profile Definitions ............................................................................................................................................ 9 Acknowledgements ...................................................................................................................................... 10 Recommendations ............................................................................................................................................
    [Show full text]
  • Tinkertool System Release 2 Reference Manual Ii
    Documentation 0381-1137/2 TinkerTool System Release 2 Reference Manual ii Version 3.7, June 25, 2018. US-English edition. MBS Documentation 0381-1137/2 © Copyright 2003 – 2018 by Marcel Bresink Software-Systeme Marcel Bresink Software-Systeme Ringstr. 21 56630 Kretz Germany All rights reserved. No part of this publication may be redistributed, translated in other languages, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written permission of the publisher. This publication may contain examples of data used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. The publisher may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Make sure that you are using the correct edition of the publication for the level of the product. The version number can be found at the top of this page. Apple, Mac OS X and FireWire are registered trademarks of Apple Inc. Microsoft is a registered trademark of Microsoft Corporation. Firefox and Camino are registered trade- marks of Mozilla Foundation. OmniWeb is a trademark of The Omni Group. Opera is a trademark of Opera Software ASA.
    [Show full text]
  • MCC Users Manual
    Mojave Cache Cleaner macOS Maintenance Software © 2002 - 2018 by Northern Softworks. All rights reserved. Introduction Mojave Cache Cleaner (MCC) is a utility designed to provide easy access to numerous macOS maintenance and utility options. When used in combination with macOS's disk repair tools, it can be very effective in curing many system problems. Mojave Cache Cleaner helps simplify system maintenance chores with an easy point and click interface to many macOS functions. MCC Documents and the MCC Engine can help maintain system health by providing set and forget automation of common maintenance chores. Used as directed, Mojave Cache Cleaner can be a powerful tool to keep macOS running smoothly. System Requirements Mojave Cache Cleaner requires Mac OS X 10.4 through 10.14. Installation Mojave Cache Cleaner (MCC) has no extensions or control panels to install, so it is very system friendly. Installation is simple. MCC is distributed on a macOS disk image which can be opened with Disk Utility by simply double clicking the dmg file in the Finder. Mojave Cache Cleaner is an intel only application optimized for OS X 10.9 or higher and is recommended for most users. If needed, the Legacy edition is a universal binary compiled to run on intel or ppc hardware running OS X 10.4 or higher. It is available to users who have a specific need to run Mojave Cache Cleaner on older systems. We recommend keeping Mojave Cache Cleaner in your Applications folder, however, you may drag it anywhere on your hard drive(s) that you like. To get full use of MCC’s capabilities, we recommend installing the Single User Mode Script and the ClamAV package.
    [Show full text]
  • Mergers & Acquisitions
    Mergers & Acquisitions........................1 Letter to the Editor.................................2 Radioshift-TiVos Internet Radio ..........4 Download of the Month .......................5 AT&T DSL Email Changes ....................6 Peter’s Hometown Computing Corner 8 Special User Group Offers....................9 Meetings and Club News ...................11 NEWSLETTER OF CONNECTICUT MACINTOSH CONNECTION, INC.JANUARY 2008 Mergers & Acquisitions companies – fully embraced the digital music evolution. By Chris Hart, CMC President Netscape wasn’t helped one bit by I’ve always known that I would the diversion of AOL’s attention and never make it in the business of high they did very little during this finance. The reason? This world of “browser war” to maintain their top big money requires that you be ruth- dog position. As the use of their pri- less and focus solely on what it mary product declined, the takes to fatten that bottom line and company’s fortunes waned. This line your pockets. That’s not me. In resulted in AOL dropping the hatch- fact, I believe such approaches to et in 2003; drastically downsizing business are ultimately self-destruc- Netscape and laying off a majority tive and a hindrance to a healthy of the employees. consumer marketplace. Lack of innovation always spells What’s prompted me to discuss this death for companies whose founda- subject? Well, in the month of tion is built upon the Internet. And December, there were two signifi- the pressure on Netscape was even cant announcements from tech greater, because they were a found- companies who have been around ing father of the modern World for years. Netscape declared that Wide Web.
    [Show full text]
  • Mac OS X Security Configuration for Mac OS X Version 10.6 Snow Leopard
    Mac OS X Security Configuration For Mac OS X Version 10.6 Snow Leopard K Apple Inc. Adobe and PostScript are trademarks or registered © 2010 Apple Inc. All rights reserved. trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. The owner or authorized user of a valid copy of Mac OS X software may reproduce this publication for The Bluetooth word mark and logos are registered the purpose of learning to use such software. No part of trademarks owned by Bluetooth SIG, Inc. and any use of this publication may be reproduced or transmitted for such marks by Apple is under license. commercial purposes, such as selling copies of this publication or for providing paid-for support services. Intel, Intel Core, and Xeon are trademarks of Intel Corp. in the U.S. and other countries. Every effort has been made to ensure that the information in this manual is accurate. Apple is not Java and all Java-based trademarks and logos are responsible for printing or clerical errors. trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Apple 1 Infinite Loop UNIX® is a registered trademark of The Open Group. Cupertino, CA 95014 X Window System is a trademark of the Massachusetts 408-996-1010 Institute of Technology. www.apple.com This product includes software developed by the The Apple logo is a trademark of Apple Inc., registered University of California, Berkeley, FreeBSD, Inc., The in the U.S. and other countries. Use of the “keyboard” NetBSD Foundation, Inc., and their respective Apple logo (Option-Shift-K) for commercial purposes contributors.
    [Show full text]
  • Tinkertool System 4 Reference Manual Ii
    Documentation 0355-1849/2 TinkerTool System 4 Reference Manual ii Version 4.97, April 11, 2018. US-English edition. MBS Documentation 0355-1849/2 © Copyright 2003 – 2018 by Marcel Bresink Software-Systeme Marcel Bresink Software-Systeme Ringstr. 21 56630 Kretz Germany All rights reserved. No part of this publication may be redistributed, translated in other languages, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written permission of the publisher. This publication may contain examples of data used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. The publisher may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Make sure that you are using the correct edition of the publication for the level of the product. The version number can be found at the top of this page. Apple, OS X, iCloud, and FireWire are registered trademarks of Apple Inc. Intel, Pentium and Xeon are registered trademarks of Intel Corporation. ARM is a registered trademark of ARM Limited or its subsidiaries. PowerPC is a registered trademark of IBM Corporation. UNIX is a registered trademark of The Open Group.
    [Show full text]
  • Download Free Sample
    EBOOK EXTRAS: v3.1 Downloads, Updates, Feedback TAKE CONTROL OF MAINTAINING YOUR MAC by JOE KISSELL $14.99 3rd Click here to buy the full 116-page “Take Control of Maintaining Your Mac” for only $14.99! EDITION Table of Contents Read Me First ............................................................... 5 Updates and More ............................................................. 5 Basics .............................................................................. 6 What’s New in Version 3.1 .................................................. 6 What Was New in the Third Edition ...................................... 7 Introduction ................................................................ 9 Quick Start ................................................................ 11 Start on the Right Foot .............................................. 12 Install the Latest Version of macOS .................................... 12 Turn On Automatic App Store and macOS Updates ............... 13 Update Third-Party Software ............................................. 19 Clean Out Accumulated Cruft ............................................ 20 Turn Off Unneeded Login Items ......................................... 28 Set Up a Backup System .................................................. 30 Test Your Hardware .......................................................... 32 Run Disk Utility ............................................................... 35 Use a Surge Protector or UPS ............................................ 38 Update
    [Show full text]