Difference between revisions of "Mac OS X"

From CELS IT Wiki
Jump to: navigation, search
(Mac backup using TSM)
(Disabling services/Enabling the Mac firewall)
Line 52: Line 52:
 
When on potentially hostile networks you should disable all unnecesary services and enable the Mac OS firewall. The MCS network, or your home network if it sits behind a NAT, would not be considered hostile.  Starbucks or any other public WiFi is generally considered hostile.
 
When on potentially hostile networks you should disable all unnecesary services and enable the Mac OS firewall. The MCS network, or your home network if it sits behind a NAT, would not be considered hostile.  Starbucks or any other public WiFi is generally considered hostile.
  
From the "Sharing" System Preference:
+
From the "Sharing" System Preference, disable all unneeded services.
  
#In the Firewall tab turn the Firewall on
+
In the "Security and Privacy" Preference Pane,
#In the Firewall tab disable all ports
+
 
#In the Services tab disable all services
+
# In the FileVault tab, turn FileVault on
#In the Internet tab turn Internet Sharing off
+
# In the Firewall tab turn the Firewall on
 +
# In the Firewall Options button, block all incoming connections (top checkbox).
  
 
If you need to share, only enable the necessary services or ports while you are actively using them.
 
If you need to share, only enable the necessary services or ports while you are actively using them.

Revision as of 18:36, 29 October 2018

Welcome to the CELS home for Mac OS.

If you are interested in sharing information with other MCS Mac users, have questions that other Mac users might be able to answer, or want updates about the evolving CELS Mac environment, please subscribe to the MCS e-mail list mac-users. To subscribe, visit the subscription management page.

If you don't want to receive mac-users e-mail, but would occasionally like to check postings to the list, you can subscribe, but choose no mail delivery as an option. That allows you to view the archive at https://lists.mcs.anl.gov/mailman/private/mac-users/.

Mac OS X Software

NOTE: If you are not in CELS, you must contact your own IT support to install this software.

Argonne licensed software can only be installed on Argonne owned machines.

You may need to be on an internal network to download these packages:

  • Eracent: required for installing Adobe, Parallels or Microsoft products. Recommended for all machines.
  • Adobe Acrobat Professional
    • The Lab has a site-wide agreement with Adobe for their software. For any Adobe product, please see your respective Help Desk for installation.
  • Parallels
    • The Lab has a site-wide agreement with Parallels. Please see your respective Help Desk for installation of Parallels.
  • Microsoft Office 2016
    • Licensed per computer. First install the "Installer" package, then the "Serializer" to activate it. Also, install the Eracent package and then E-mail help@cels.anl.gov to notify us you've installed it.
  • Avast Mac Security (External Link)
  • Cisco Systems VPN Client
    • You must request access to the VPN. E-mail help@cels.anl.gov to be added.
  • Endnote X8
  • Mac (backup) Client, documentation *(External Link)
    • Send an email to systems@mcs.anl.gov to have a TSM account set up for your machine.
  • LibreOffice.org Free alternative to Office.
  • DOE Warning Banner

The following packages are not available for general download, and are purchased on an as-needed basis. Contact systems@mcs.anl.gov if you wish to order a copy.

  • iWork
  • VMWare Fusion

Documentation

Printing

See Printers/Mac_OS_X

Securing a Mac

We recommend the following best practices for securing you Mac.

Install the latest Mac OS patches and security updates

Apple releases patch and security updates regularly. New vulnerabilities are often the target of attackers. We recommend that you apply Apple patches and security updates as soon as they are released. When critical security updates are released we will notify all MCS users; for less important updates we will notify individuals subscribed to the mac-users e-mail list.

Disabling services/Enabling the Mac firewall

When on potentially hostile networks you should disable all unnecesary services and enable the Mac OS firewall. The MCS network, or your home network if it sits behind a NAT, would not be considered hostile. Starbucks or any other public WiFi is generally considered hostile.

From the "Sharing" System Preference, disable all unneeded services.

In the "Security and Privacy" Preference Pane,

  1. In the FileVault tab, turn FileVault on
  2. In the Firewall tab turn the Firewall on
  3. In the Firewall Options button, block all incoming connections (top checkbox).

If you need to share, only enable the necessary services or ports while you are actively using them.

Consider AntiVirus software

To protect your Mac from e-mail viruses you should not open attachments unless you know the sender, were expecting that attachment, and you know what it is. If you receive an unexpected attachment from someone you know, you should confirm that they intended on sending it before opening it.

For extra security, you can also install Avast Antivirus, available on the Mac Software page. It will detect and neutralize infected e-mails and disk images.

Argonne also provides McAfee antivirus for lab-managed machines. Contact help@cels.anl.gov to get it installed on your machine.

Apple Mail configuration

See Mail/Mail

Links

Apple

News

Other

  • SecureMac
  • Fink - Unix software for the Mac
  • MacPorts - Like Fink, but different. Formerly known as DarwinPorts.