Security & Privacy Preferences on Your MacBook
The Security & Privacy group of the System Preferences window on your MacBook are where you protect your MacBook from unwanted users or where you can choose to turn off your firewall protection (not advised!).
Settings here are divided into three tabs:
General: To add an extra layer of password security for your MacBook, select the Require Password After Sleep or Screen Saver Begins check box. Mac OS X then requires that you enter your login password before the system returns from a sleep state or exits a screen saver.
Click the pop-up delay menu to specify when the password requirement will kick in (it’s immediate by default). If you’re an admin-level user, you can set the global security features in the For All Accounts on This Computer section, which affect all user accounts.
You can choose to do the following: disable the automatic login feature; force Mac OS X to require a login password each time that a System Preference pane is opened; automatically log off any user after a certain amount of inactivity; and display a message when the screen is locked.
You can also specify whether Lion should update Safari’s safe download list automatically. (Safari uses this list to determine what files should be opened after downloading, which helps you prevent attacks by viruses and malware.)
Don’t want small fingers accidentally controlling your MacBook with the Apple Remote? If you don’t need the Remote on a regular basis, click the Disable Remote Control Infrared Receiver check box to select it. (But don’t forget to turn your IR receiver back on for your next movie night!)
FileVault: These controls allow you to turn on FileVault hard drive encryption, which makes it virtually impossible for others to access files on your Mac. Click the Turn On FileVault button to enter the passwords for each user, because even if you’re using an Admin account, each user on your Mac must enter her password to enable her account for use with FileVault, which allows her access to data on the hard drive.
Click Continue to display the recovery key — go ahead and write that key down and store it in a very safe place — and then click Continue to enable FileVault encryption for the user who’s currently logged in; the user’s Login password becomes his FileVault password as well.
If you forget both your login password and the recovery key, not even the technical experts at Apple can retrieve your data!
Firewall: Mac OS X includes a built-in firewall, which you can enable from this pane.
To turn the firewall off entirely, simply click the Stop button. This is the very definition of Not a Good Thing; any MacBook hooked up to a network or the Internet should have the system firewall turned on.
(The only exception is if you’re using a network that you know to be secure and your access to the Internet is through a router or sharing device with its own built-in firewall.)
When the firewall is enabled, click the Advanced button to set firewall options.
To turn the firewall on with only Mac OS X application exclusions, click Block All Incoming Connections — only the sharing services you select on the Sharing pane in System Preferences are allowed through your firewall.) This is a good choice for the most security-conscious MacBook owner, but your firewall will block third-party applications that try to access your network or the Internet.
To turn the firewall on with exclusions, click Automatically Allow Signed Software to Receive Incoming Connections. (Yep, this is the correct option for just about every MacBook owner.) Any connection to a service (such as Web Sharing) or an application (such as iChat) that isn’t listed is blocked, but you can enable access for third-party applications on an as-needed basis.
In firewall-speak, these entries are rules because they determine what’s allowed to pass through to your MacBook.
It’s easy to enable communications with a Mac OS X service: Just use the Sharing pane within System Preferences to turn on a service, and Lion automatically configures your firewall to allow communications. I describe the Sharing pane in detail later in this chapter.
To add a third-party application, click the Advanced button at the bottom of the Firewall pane, then click the button with the plus sign. Navigate to the application that needs to communicate with the outside world. Click the application to select it and then click Add. To delete an application, select it in the list and click the button with the minus sign.
Remember, you don’t have to add any of the applications provided by Apple with Lion, such as Apple Mail, iChat, or Safari; only third-party applications that you install yourself need a firewall rule.
You can edit the rule for a specific service or application by clicking the rule at the right side of the entry. By default, the rule reads Allow Incoming Connections (including both your local network and the Internet); however, when you click the rule, you can also choose Block Incoming Connections to temporarily deny access to that application.
For heightened security, click the Enable Stealth Mode check box, which prevents your Mac from responding to attempts to identify it across your network and the Internet.
If you suddenly can’t connect to other computers or share files that you originally could share, review the rules that you’ve enabled from this pane. You can also verify that everything’s shipshape in the Sharing pane in System Preferences.