Download
| Alert*
oval:org.secpod.oval:def:71683
Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. One method of minimizing this risk is to use complex passwords and periodically change them. If the operating system does not limit the lifetime of passwords and force users to chang ... oval:org.secpod.oval:def:71700 The Application Firewall is the built in firewall that comes with Mac OS X and must be enabled. Firewalls protect computers from network attacks by blocking or limiting access to open network ports. Application firewalls limit which applications are allowed to communicate over the network. oval:org.secpod.oval:def:71679 When automatic logins are enabled, the default user account is automatically logged in at boot time without prompting the user for a password. Even if the screen is later locked, a malicious user would be able to reboot the computer in order to log in. Disabling automatic logins mitigates this risk. oval:org.secpod.oval:def:71712 The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. Thi ... oval:org.secpod.oval:def:71675 Controls when, and if, a password hint is given the user, based on the number of failed login attempts. In loginwindow.plist, set the RetriesUntilHint key = X to show a hint after X login failures, or set the key = 0 to disable hints. oval:org.secpod.oval:def:71713 The default global umask setting must be set to '027' for user applications. The setting '027' ensures that user created files and directories will be readable, but not writable, by users that share the same group id. Users with a different group id will not be able to read or write those files. Thi ... oval:org.secpod.oval:def:71716 Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and p ... oval:org.secpod.oval:def:71656 Automatically checking for updates makes it easier for the user to know when updates are available. It is important that a system has the newest updates applied to prevent unauthorized persons from exploiting identified vulnerabilities. oval:org.secpod.oval:def:71698 The operating system must enforce a minimum 15-character password length. The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one fact ... oval:org.secpod.oval:def:71676 Controls whether inactivity logs out a user and, if so, how many minutes are required to trigger logout. In .GlobalPreferences.plist, delete the AutoLogoutDelay key to disable inactivity logout. oval:org.secpod.oval:def:71658 This setting allows macOS updates to be installed automatically once they are available from Apple. Because patches need to be applied as soon as possible, allowing for automatic updates ensures that the users device is updated in a timely manner rather than be left vulnerable to additional security ... oval:org.secpod.oval:def:71682 Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that deter ... oval:org.secpod.oval:def:71651 The Guest account, a special managed account, is considered a security vulnerability in most situations because it has no password associated with it. |