Kad sam nedavno bio u zračnoj luci Frankfurt , vidio sam poslovnog čovjeka kako ostavlja svoj vrlo skupi MacBook Air laptop na stolu da ode na kavu. Nije ga bilo pet minuta, ali u tih pet minuta netko je mogao ukrasti računalo ili ga hakirati radi vrijednih podataka.

Danas, međutim, hakeri ne trebaju fizički pristup stroju. Koristeći mrežne njuškare, mogu pretraživati ​​javna wifi mjesta^{(wifi spots)} tražeći slabosti ili ulaziti u privatna wifi mjesta koja nemaju lozinke.

Dakle, od samog početka morate zaštititi svoje macOS računalo od ovih "loših aktera". Međutim, prije nego što nastavimo, morate imati na umu da nikada nećete imati 100% željeznu sigurnost, a ako se suočite s vladinom agencijom, ovi osnovni koraci ni izbliza neće pomoći.

Ali zaustaviti slučajnog oportunista? Nastavi čitati.

Dodajte šifru na svoje računalo^{(Add a Passcode To Your Computer)}

Ovo je apsolutno nezamislivo, ali sam zapanjen brojem ljudi koji se time ne zamaraju. Ovo je kao da idete na godišnji odmor i ostavljate svoja ulazna vrata otključana i pitate se kada ste se vratili zašto su vas provalili.

Dodavanje šifre je jednostavno. Idite na Postavke sustava – Sigurnost i privatnost^{(System Preferences – Security & Privacy)} . Na kartici Općenito^{(General )} možete postaviti lozinku, kao i odrediti koliko dugo je potrebna lozinka nakon što je računalo u stanju mirovanja. Očito je odmah^{(immediately)} najbolja opcija.

Također možete dodati nagovještaj lozinke u slučaju da zaboravite lozinku, ali osim ako nagovještaj ne učinite krajnje nejasnim za bilo koga tko ga čita, ne bih preporučio da to učinite. Samo neka lozinka bude nešto što ćete sigurno zapamtiti.

Uključite FileVault^{(Turn On FileVault)}

Jedna od sjajnih stvari kod MacOS uređaja je da kada ga potpuno isključite, datoteke na tvrdom disku su potpuno nedostupne. Ali da biste to iskoristili, morate uključiti FileVault .

Smješten u Postavke sustava – Sigurnost i privatnost^{( System Preferences – Security & Privacy)} , FileVault šifrira tvrdi disk, ali šifriranje se pokreće samo ako se računalo u potpunosti isključi. Stoga pokušajte ne koristiti način mirovanja prečesto, pogotovo ako ste vani s prijenosnim računalom u torbi.

Kada ga uključite, bit će potrebno nekoliko sati da se cijeli tvrdi disk šifrira, ali se potpuno isplati radi mira. Ako postoji samo jedna stvar koju biste trebali učiniti iz ovog članka, to je FileVault . Ostalo je samo šlag na tortu.

Provjerite je li lokot uključen u postavkama sustava^{(Make Sure The Padlock Is On In System Preferences)}

Neovlaštene promjene postavki sustava^{(System Preferences )} računala spriječene su upotrebom male ikone lokota u donjem lijevom kutu.

Ako želite zadržati postavke sustava^{(System Preferences)} sigurnima, kliknite lokot da biste ga zatvorili. Ako ga želite ponovno otvoriti kako biste nešto promijenili, morat ćete unijeti administratorsku lozinku.

Nemojte se prijavljivati ​​kao administrator^{(Do Not Log In As An Administrator)}

Još jedno ne-ne je prijava na računalo i korištenje za rutinske zadatke kao "administrator".

Korisnik s administratorskim povlasticama može sve raditi na računalu. Instaliranje^(Installing) i uklanjanje softvera, kao i dodavanje i uklanjanje korisnika su samo dva od njih. Ako je netko tko je ušao u vaše računalo već prijavljen kao administrator, predaje mu ključeve kraljevstva.

Rješenje za to je napraviti običan neadministratorski račun i koristiti ga za svakodnevnu rutinsku upotrebu računala. Ostavite administratorski račun na miru i koristite te podatke za prijavu samo kada ih računalo zatraži.

Da biste napravili novog korisnika, idite na Postavke sustava – Korisnici i grupe^{(System Preferences – Users & Groups)} . Provjerite je li lokot otključan pri dnu, a zatim kliknite "+" ispod Mogućnosti prijave^{(Login Options)} . Učinite novi račun standardnim^(Standard) .

Onemogući korisnike gostiju^{(Disallow Guest Users)}

Mnogi ljudi kažu da je dobra ideja da imate korisnički račun za goste kako bi drugi ljudi koristili vaše računalo. Ali ja zauzimam suprotno stajalište.

Iako gost korisnik ima mnogo ograničeniji pristup vašem računalu, još uvijek ima pristup dvama važnim područjima. Prvo^(First) , imaju pristup svim instaliranim aplikacijama koje mogu koristiti za obavljanje bilo koje zlonamjerne radnje.

Drugo, također imaju pristup tmp direktoriju gdje se mogu pohraniti zlonamjerne skripte i zlonamjerni softver.

Stoga idite na Postavke sustava – Korisnici i grupe^{(System Preferences – Users & Groups)} i isključite opciju Gost korisnik^{(Guest User)} .

Provjerite jesu li uključena automatska ažuriranja^{(Make Sure Automatic Updates Are Turned On)}

Kao i svaki drugi operativni sustav, Apple redovito izbaci MacOS ažuriranja. ^(MacOS)Isto je i sa softverom – ako je potrebna zakrpa, programer će je napraviti i poslati.

Stoga je besmisleno ako zakrpa stoji tamo spremna za instalaciju i nemate uključena automatska ažuriranja. Osim ako ne volite ručno provjeravati svaki dan i tko ima vremena za to?

Da biste uključili automatsko ažuriranje^{(Automatic Updates)} , idite na Postavke sustava – Ažuriranje softvera^{(System Preferences – Software Update)} . Označite okvir koji kaže Automatski održavaj moj Mac ažurnim^{(Automatically keep my Mac up to date)} .

Ako zatim kliknete okvir Napredno^(Advanced) , vidjet ćete dostupne opcije. Predlažem da ih sve označite.

Uključite vatrozid^{(Turn On The Firewall)}

Ovaj je također malo bezveze, ali opet, mnogi se jednostavno ne zamaraju.

U usporedbi s Windows vatrozidima, koji mogu uključivati ​​mnogo podešavanja, macOS vatrozidi su dogovor jednim klikom. Odlaskom na Postavke sustava – Sigurnost i privatnost^{(System Preferences – Security & Privacy)} , a zatim na karticu Vatrozid^{(Firewall )} , možete uključiti vatrozid jednim klikom. I to je stvarno to.

Nikada nisam^(never) morao ništa dodirnuti u odjeljku Mogućnosti vatrozida^{(Firewall Options)} . Uskoro ću raditi članak o “Stealth načinu rada” MacOS Firewall-a, ali općenito ostavite stvari kakve jesu na snimci zaslona ispod.

Anonimizirajte mrežni naziv vašeg računala^{(Anonymize The Network Name Of Your Computer)}

Ovo mi je ne tako davno predložio prijatelj, a to je nešto o čemu nikad prije nisam razmišljala.

Ako netko upadne u vašu mrežu, očito će vidjeti nazive svih uređaja povezanih s tom mrežom. Ako postoji samo jedan uređaj (vaš MacOS uređaj), onda će to imati ograničen učinak. Ali ako imate više uređaja u svojoj mreži, možete pokušati zakamuflirati svoj MacOS uređaj tako da anonimizirate njegovo ime.

Na primjer, dok me nisu obavijestili o tome, moje računalo se zvalo “Markov MacBook Air”. Mislim, možda sam i stavio znak na kojem piše “Uđi! Donesite^(Get) sve moje datoteke ovdje!”. Ali promjenom imena u nešto bezazleno, sada je među svim mojim drugim povezanim uređajima.

Očito, ovo nije sigurno. Svatko može provjeravati svaki uređaj jedan po jedan, ali to će im potrajati duže i stvari će mu biti još više gnjavaža.

Idite na System-Preferences – Sharing i na vrhu ćete vidjeti naziv vašeg računala. Kliknite lokot na dnu zaslona, ​​unesite svoju administratorsku lozinku i gumb za uređivanje pored naziva računala odjednom će postati aktivan. Kliknite ga.

Sada ćete biti pozvani da promijenite ime u koje god želite. Ne označite "Koristi dinamičko globalno ime hosta"^{(“Use dynamic global hostname”)} .

Isključite dijeljenje^{(Turn Off Sharing)}

Dok ste u odjeljku Dijeljenje^{(Sharing )} , vrijeme je da isključite sve ove opcije – osim jedne – predmemorije sadržaja.

Prema onome što sam uspio pronaći, predmemoriranje sadržaja^{(Content Caching)} je u redu i čini se da vam zapravo koristi. Ovo zauzvrat uključuje Internet Sharing , pa pretpostavljam da možete ostaviti i to. Ali ostale, kao što su Dijeljenje zaslona^{(Screen Sharing)} , ​​Dijeljenje datoteka^{(File Sharing)} , Udaljena prijava –^{(Remote Login –)} isključite ih (osim ako ih nemate velike potrebe za uključivanjem).

Zaključak^(Conclusion)

Kao što sam rekao na početku, ove mjere samo će zaustaviti slučajnog njuškala u kafiću ili lopova koji želi ugrabiti vaš laptop za brzi novac.

Ako ste napadnuti od strane vladine agencije ili nekog drugog oblika profesionalaca, ove mjere će ih usporiti – ali samo na kratko.

Ali ipak, bolje nego ništa, zar ne? Zašto im olakšati?

How to Make it Harder For Someone to Hack into Your Mac

When I was at Frankfurt airport rеcently, I saw a businessman lеave his very expensive MacBook Air laptop on the table to go and get coffee. He was gonе for five minutes but іn those five minutes, somebody could either have stolen the computer or hacked into it for valuаble data.

These days though, hackers don’t need physical access to the machine. Using network sniffers, they can prowl public wifi spots looking for weaknesses, or enter private wifi spots which don’t have passwords.

So from the get-go, you need to protect your macOS computer from these “bad actors”. You have to bear in mind, though, before we continue that you are never going to have 100% iron-clad security, and if you are up against a government agency, these basic steps are nowhere near going to help.

But to stop the casual opportunist? Read on.

Add a Passcode To Your Computer

This is an absolute no-brainer, but I am stunned at the number of people who don’t bother with it. This is like going on vacation and leaving your front door unlocked, and wondering when you got back why you were burglarized.

Adding a passcode is simple. Go to System Preferences – Security & Privacy. In the General tab, you can set a password, as well as specify how long after the computer sleeps the password is required. Obviously immediately is the best option.

You can also add a password hint in case you forget your password, but unless you make the hint extremely vague for anyone else reading it, I wouldn’t recommend doing this. Just make the password something you are guaranteed to remember.

Turn On FileVault

One of the great things about a MacOS device is that when you have it fully powered down, the files contained on the hard drive are totally inaccessible. But for you to take advantage of that, you need to turn on FileVault.

Located in System Preferences – Security & Privacy, FileVault encrypts the hard drive, but the encryption only kicks in if the computer is shut down completely. So try not to use sleep mode too often, especially if you are out and about with your laptop in your bag.

When you switch it on, it will take a few hours for the entire hard drive to be encrypted, but it is totally worth it for peace of mind. If there is only one thing you should do from this article, it is FileVault. The rest is just icing on the cake.

Make Sure The Padlock Is On In System Preferences

Unauthorized changes to the computer’s System Preferences are prevented by the use of a small padlock icon in the bottom left-hand corner.

If you want to keep System Preferences secure, click the padlock to close it. If you want to open it again to change anything, you will be required to enter the administrator password.

Do Not Log In As An Administrator

Another no-no is logging into the computer and using it for routine tasks as the “administrator”.

A user with administrator privileges is able to do everything on the computer. Installing and removing software, as well as adding and removing users being just two of them. If anyone that got into your computer is already logged in as the administrator, it hands them the keys to the kingdom.

The solution to this is to make an ordinary non-administrator account and use that for everyday routine computer usage. Leave the administrator account alone and use those login details only when the computer requests them.

To make a new user, go to System Preferences – Users & Groups. Make sure the padlock is unlocked at the bottom then click the “+” below Login Options. Make the new account a Standard one.

Disallow Guest Users

A lot of people say it is a good idea for you to have a guest user account for other people to use your computer. But I take the opposite view.

Although the guest user has much more restricted access to your computer, they still have access to two important areas. First, they have access to all the installed applications which they can use to perform any manner of malicious action.

Second, they also have access to the tmp directory where malicious scripts and malware can be stored.

So go to System Preferences – Users & Groups and turn off the Guest User option.

Make Sure Automatic Updates Are Turned On

Like any other operating system, Apple pushes out MacOS updates on a regular basis. The same with software – if a patch is needed, the developer will make one and send it out.

So it is pointless if the patch is sitting there ready to be installed and you don’t have automatic updates switched on. Unless you like to manually check every single day and who has time for that?

To switch on Automatic Updates, go to System Preferences – Software Update. Tick the box that says Automatically keep my Mac up to date.

If you then click the Advanced box, you will see the options available. I suggest you tick all of them.

Turn On The Firewall

This one is also a bit of a no-brainer, but again, many people just don’t bother.

Compared to Windows firewalls, which can involve a lot of tweaking, macOS firewalls are a one-click deal. By going to System Preferences – Security & Privacy, and then the Firewall tab, you can switch the firewall on with one click. And that is really it.

I have never had to touch anything in the Firewall Options section. I will shortly be doing an article on MacOS Firewall’s “Stealth Mode”, but in general, keep things as they are in the screenshot below.

Anonymize The Network Name Of Your Computer

This is one which was suggested to me by a friend not that long ago, and it was something I had never really previously considered.

If someone hacks into your network, they are going to obviously see the names of all the devices connected to that network. If there is only one device (your MacOS device), well then this is going to have limited to no effect. But if you have multiple devices in your network, you can try to camouflage your MacOS device by anonymizing the name of it.

For example, until I was advised of this, my computer’s name was “Mark’s MacBook Air”. I mean, I may as well have put up a sign saying “Come on in! Get all my files here!”. But by changing the name to something innocuous, it is now sitting amongst all of my other connected devices.

Obviously, this is not foolproof. Anyone can check each device one by one but it will take them longer and make things more of a hassle for them.

Go to System-Preferences – Sharing and at the top, you will see the name of your computer. Click the padlock at the bottom of the screen, enter your administrator password and the edit button next to the computer name will suddenly become active. Click it.

You will now be invited to change the name to whatever you want. Keep “Use dynamic global hostname” unchecked.

Turn Off Sharing

While you are in the Sharing section, it’s time to turn off all of these options – except for one – content caching.

From what I have been able to find, Content Caching is fine and seems to actually benefit you. This in turn turns on Internet Sharing, so I guess you can leave that one too. But the others, such as Screen Sharing, File Sharing, Remote Login – switch them off (unless you have a huge need to have them on).

Conclusion

As I stated at the beginning, these measures are only going to stop the casual snooper at the coffee shop, or a thief looking to snatch your laptop for some quick cash.

If you are being assaulted by a government agency or another form of professional, these measures will slow them down – but only for a very short while.

But nevertheless, better than nothing, right? Why make it easy for them?

Related posts

• Kako spriječiti da vaš Mac spava

• Kako ponovno mapirati Fn tipke na vašem Macu

• Određene tipke na vašem Macu ne rade ispravno?

• 5 načina da prisilno zatvorite aplikacije na vašem Macu

• Kako stvoriti simbolične veze na vašem Macu

• Napravite sigurnosnu kopiju vašeg Mac računala pomoću Time Machinea

• Kako skupno preimenovati datoteke na vašem Macu

• 5 najboljih alternativa alata za izrezivanje za Mac

• APFS vs Mac OS Extended – koji je Mac disk format najbolji?

• Kako se spojiti na udaljeni ili lokalni poslužitelj na Macu

• Najbolji tipkovnički prečaci za Mac OS X

• 20 savjeta kako najbolje iskoristiti Finder na Macu

• 5 aplikacija koje će vaš novi Mac podići na sljedeću razinu

• Kako premjestiti datoteke u Mac OS X

• Miš stalno nestaje na Macu? 10 stvari koje treba isprobati

• Mac tipkovnički prečaci za kada se vaš Mac zamrzne

• Mac vatrozid: kako ga omogućiti i konfigurirati

• Kako stvoriti šifriranu sliku diska u OS X

• Pregledajte spremljene lozinke za Wi-Fi (WPA, WEP) na OS X

• Trebate li nadograditi svoj Mac na Mojave?