|Paid content will be excluded from the download.
| Matches : 24002
|Disable the Insecure SSH Version (Non privileged accounts)
The SSH Version should be explicity set to Version 2. Version 2 supports strong crypto and was rewritten from scratch to resolve several weaknesses in Version 1 that make it extremely vulnerable to attackers. The weaker crypto in Version 1 is potentially susceptible to certain forms of replay attacks. The system default is to only enable ...
Disable the Prompt for Apple ID and iCloud
The prompt for Apple ID and iCloud must be disabled, as it might mislead new users into creating unwanted Apple IDs and iCloud storage accounts upon their first login.
Disable Wi-Fi if Not Required
The kernel extension for Wi-Fi network devices such as Airport must be removed to ensure that users will not be able to reactivate wireless networking at a later time. System updates will sometimes replace deleted kernel extensions. Administrator users may need to periodically check to ensure that the file remains deleted. Alternately, the wireless card hardware may ...
Display the Mandatory DoD Notice and Consent Banner to Users at Logon
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
System use notifications are required only for ...
Don't Send ICMPv4 Redirect Messages
ICMP redirects are broadcast in order to reshape network traffic. A malicious user could use the system to send fake redirect packets and try to force all network traffic to pass through a network sniffer. Disabling ICMP redirect broadcasts mitigates this risk.
Don't Forward Source-Routed Packets
A source-routed packet attempts to specify the network path that the system should take. If the system is not configured to block the sending of source-routed packets, an attacker can redirect the system's network traffic.
Drop Incoming ICMPv4 Redirect Messages
ICMP redirects are broadcast in order to reshape network traffic. A malicious user could craft fake redirect packets and try to force all network traffic to pass through a network sniffer. If the system is not configured to ignore these packets, it could be suspectible to this kind of attack.
Drop Incoming ICMPv4 Timestamp Requests
ICMP Timestamp requests reveal information about the system and can be used to determine which operating system is installed. Precise time data can also be used to launch time based attacks against the system. Configuring the system to drop incoming ICMPv4 timestamp requests mitigates these risks.
Drop Incoming Source-Routed Packets
A source-routed packet attempts to specify the network path the packet should take. If the system is not configured to block the incoming source-routed packets, an attacker can redirect the system's network traffic. Configuring the system to drop incoming source-routed IPv4 packets mitigates this risk.
Enable Application Firewall
The Application Firewall is the built in firewall that comes with Mac OS X and must be enabled. Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network.
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2400
© 2013 SecPod Technologies