Improvements of the security on Mac
SDU-IT now improves the security on macOS
This is a requirement from the security organization at SDU and will correspond to security level on Windows.
The Mac users at SDU-IT have been using these settings for a while, with no problems.
The only visible effects are that programs get the extension .app, and documents get the extension of the program they can be opened with, i.e. .docx
Below is how security increases on you Mac:
• Turn off NFS. NFS is an outdated, insecure way of sharing files.
• Turn off internet sharing. Turns off the ability to share the internet connection from your Mac.
• Turn off SMB sharing. Removes the ability to share a folder on the network from your Mac.
• Disable SSH. Turns off an insecure remote access option. This only affects access via SSH to your Mac, not from your Mac to other servers.
• Always show file extensions in Finder. Shows file extensions so you can see the file type.
• Set NTP Server. Sets the time on the Mac with a time server.
• Ask for admin authentication (password or fingerprint) everywhere in System settings.
• Disables automatic opening of "safe" downloads in Safari.
• Ensure that keyboard entries in the Terminal are not intercepted/recorded by other processes.
• Set the log size higher than default.
• Turn on Firewall logging.
• Ensures that the install log is saved for a minimum of 365 days with no maximum size.
• Limit login attempts to 5.
• Limit password reuse.
• Enforce minimum password length.