How to Use Security Preference on Mac
With the Mac’s Security preference pane, you can control the levels or user accounts on your Mac. Additionally, this pane is the place for configuring the firewall and data encryption for the current user account.
Let’s begin with its look. It is divided into 3 sections:
- General. Here you can take control over all passwords, automatic logging in and out, and also specifying whether services can have access to Mac’s location.
- FileVault. It is responsible for data encryption for all user data including the Home folder.
- Firewall. Enables and disables the built-in firewall by your choice. You can also configure your firewall here.
By the way, I have recently found a cool app for Mac called Setapp, subscription to which allows me to save money and access more than 100 popular Mac apps. Try it too (Setapp it’s free for Download).
How to Configure Your Security Settings
Launch the pane:
- Go to ‘System Preferences’ by selecting it from the Apple menu or in the Dock.
- Click ‘Security’ in the ‘Personal’ section.
- Head to the next page with ‘General’ options.
1. Configuring General Security Settings
Select ‘General’ from 3 tabs on the top to start configuring your Mac’s security settings. There are basic preferences of Mac’s security, but before changing them, you have to identify yourself and enter your password.
Select the icon with a lock on it in the lower left pane’s corner. Type in your admin username and password, click OK. After that, the picture on the icon will be changed to an unlocked one. You are now able to make any changes.
Require password. A check here means that anyone who will want to use your Mac will have to enter the password for exiting the sleep mode or for turning off the screensaver. This option is important for those who work with sensitive data and private files.
You can select a time interval for requiring the password. Choose a convenient interval so you won’t be interfered by the screensaver while working.
Disable automatic login. It will make users to type in the password any time they log into the system.
Require password for unlocking the System Preferences pane. Authentifications is required for making any changes to the security preferences.
Log out after __ minutes of inactivity. Account can be automatically logged out after some time of inactivity.
Secure virtual memory. All your RAM will be encrypted no matter whether it works in a usual mode or in a sleep mode.
Disable location services. You Mac won’t provide any location data to apps using this kind of information. You can even remove any already saved location data by clicking on ‘Reset Warnings’.
Disable infrared receiver. This point is for Macs with an IR receiver. If you disable it, it won’t receive any commands from other IR devices.
2. Setting FileVault
This feature uses AES-128 (128 bit) encryption scheme for protecting your data from unauthorized access. No one will be able to see your files and folders without providing your personal username and password. It is useful for Macbooks as this measure protects your information from theft. All this will be available after providing login information. In any other case, others will see nothing as your Mac will show and hide data on the fly. Sounds well, but it can cost you the smoothness of performance and easiness of accessing large files.
Here are the steps for configuring FileVault:
First, actions are the same to what we have done in the 'General’ tab. Confirm your username and password. Select the icon with a lock on it in the lower left pane’s corner. Type in your admin username and password, click OK. After that, the picture on the icon will be changed to an unlocked one. You are now able to make any changes.
Set master password. This password is fail-safe and will help you reset the user password even you forget everything. However, if you forget the master password, everything will be lost.
Turn on FileVault. After turning it on, it will start encrypting your user data. Type in your authorization data to configure the next options:
- Use secure erase. Your data will be overwritten when emptying the trash. It makes it completely unrecoverable.
- Use secure RAM. Any virtual memory data will be encrypted before it is written to the hard drive.
After you turn on the FileVault, it will log you out until it encrypts your data from the Home folder. The time necessary for finishing the process depends on the size of the folder. After everything is done, you will see the login screen.
3. Configuring Firewall
The built-in Mac’s firewall is based on the ‘ipfw’ UNIX firewall. Apple has added a socket-filtering system, you can know it like an ‘app firewall’. You won’t need any technical information for configuring it. You should just specify which apps have the right to establish connections with the Internet.
So, select the Firewall tab and let’s configure it.
First, do the same actions to what we have done in the other two tabs. Confirm your username and password. Select the icon with a lock on it in the lower left pane’s corner. Type in your admin username and password, click OK. After that, the picture on the icon will be changed to an unlocked one. You are now able to make any changes.
Start. This button turns the firewall on. After it has started its work, the button changes to ‘Stop’.
Advanced. This button will let you to set the firewall configurations. It is available only while the firewall is on.
Configuring advanced options
Block all incoming connections. This will prevent receiving any connections to all non-essential services. To show which services are essential, we have made this list:
- Configd: for DHCP and network services.
- mDNSResponder: for Bonjour protocol.
- raccoon: for Internet Protocol Security.
This way, everything from file sharing to wireless printing will be blocked.
Automatically allow software to receive connections. This option adds software to the list apps that are allowed to receive incoming connections. Add or remove them manually using + or - buttons.
Enable stealth mode. This will make you Mac closed for any network queries, it will simply not respond to them. This will also make it invisible to the network.