[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30426 Download | Alert*

A filename extension is a suffix added to a base filename that indicates the base filenames file format. Visible filename extensions allow for the user to identify file types and the applications that files are associated with. It would help in identifying malicious files. Fix: defaults write /Users/"$currentUser"/Library/Preferences/.GlobalPreferences.plist AppleShowAllExtensions -bool ...

A source-routed packet attempts to specify the network path that the system should take. If the system is not configured to block the sending of source-routed packets, an attacker can redirect the system's network traffic. Fix: To configure the system to not forward source-routed packets, add the following line to /etc/sysctl.conf: net.inet.ip.sourceroute=0

Infrared [IR] kernel support must be disabled to prevent users from controlling the system with IR devices. By default, if IR is enabled, the system will accept IR control from any remote. Fix: To disable IR, run the following command: sudo defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -bool FALSE

Firewall logging must be enabled. This ensures that malicious network activity will be logged to the system. This requirement is NA if HBSS is used. Fix: To enable the firewall logging, run the following command: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on

Enabling Show Bluetooth status in menu bar is a security awareness method that helps understand the current state of Bluetooth, including whether it is enabled, Discoverable, what paired devices exist and are currently active. Bluetooth is a useful wireless tool that has been widely exploited when configured improperly. The user should have insight into the Bluetooth status. Fix: /usr/bin/default ...

Over time passwords can be captured by third parties through mistakes, phishing attacks, third party breaches or merely brute force attacks. To reduce the risk of exposure and to decrease the incentives of password reuse (passwords that are not forced to be changed periodically generally are not ever changed) users must reset passwords periodically.This control checks whether a new password is dif ...

Remote access sessions _MUST_ use encrypted methods to protect unauthorized individuals from gaining access. Fix: /bin/launchctl enable system/com.openssh.sshd

SSH _MUST_ be configured to limit the ciphers to algorithms that are FIPS 140 validated. FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meet federal requirements. Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to cryptographic modules. NOTE: /etc/ssh/sshd_config w ...

Use "stealth mode" to make it more difficult for hackers and malware to find your Mac. When stealth mode is turned on, your Mac doesn't respond to either ping requests or connection attempts from a closed TCP or UDP network. Fix: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on

A custom message that can be displayed at the lock screen and FileVault login screen. Often used to warn people of permitted system actions and possible legal consequences of misuse. The benchmark (macOS) states that displaying an access warning may reduce an attackers tendency to access the system, and it may aid in the prosecution of an attacker. Fix: defaults write /Library/Preferences/com.appl ...


Pages:      Start    21    22    23    24    25    26    27    28    29    30    31    32    33    34    ..   3042

© SecPod Technologies