[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 30192 Download | Alert*

Infrared [IR] kernel support must be disabled to prevent users from controlling the system with IR devices. By default, if IR is enabled, the system will accept IR control from any remote. Fix: To disable IR, run the following command: sudo defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -bool FALSE

Firewall logging must be enabled. This ensures that malicious network activity will be logged to the system. This requirement is NA if HBSS is used. Fix: To enable the firewall logging, run the following command: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on

Enabling Show Bluetooth status in menu bar is a security awareness method that helps understand the current state of Bluetooth, including whether it is enabled, Discoverable, what paired devices exist and are currently active. Bluetooth is a useful wireless tool that has been widely exploited when configured improperly. The user should have insight into the Bluetooth status. Fix: /usr/bin/default ...

Over time passwords can be captured by third parties through mistakes, phishing attacks, third party breaches or merely brute force attacks. To reduce the risk of exposure and to decrease the incentives of password reuse (passwords that are not forced to be changed periodically generally are not ever changed) users must reset passwords periodically.This control checks whether a new password is dif ...

Remote access sessions _MUST_ use encrypted methods to protect unauthorized individuals from gaining access. Fix: /bin/launchctl enable system/com.openssh.sshd

SSH _MUST_ be configured to limit the ciphers to algorithms that are FIPS 140 validated. FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meet federal requirements. Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to cryptographic modules. NOTE: /etc/ssh/sshd_config w ...

Use "stealth mode" to make it more difficult for hackers and malware to find your Mac. When stealth mode is turned on, your Mac doesn't respond to either ping requests or connection attempts from a closed TCP or UDP network. Fix: sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on

A custom message that can be displayed at the lock screen and FileVault login screen. Often used to warn people of permitted system actions and possible legal consequences of misuse. The benchmark (macOS) states that displaying an access warning may reduce an attackers tendency to access the system, and it may aid in the prosecution of an attacker. Fix: defaults write /Library/Preferences/com.appl ...

A policy banner is an additional window that is displayed during the login process. It requires users to acknowledge the contents of the banner by clicking an "Accept" button before proceeding to log in. Often used to supplement the lock screen message text, and to warn people of permitted system actions and possible legal consequences of misuse. In the macOS benchmark, enforcing a polic ...

The Guest account, a special managed account, is considered a security vulnerability in most situations because it has no password associated with it. Once an attacker has gained guest-level access, the attacker can try to elevate privileges to further exploit a system. We recommend that the Guest account be disabled on all macOS systems unless there is a clearly demonstrated need to use a Guest a ...

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3019

© SecPod Technologies