Running head: SYSTEM HARDENING AND CHILD’S FACEBOOK ACCOUNT

System Hardening and Child’s Facebook Account

System Hardening and Child’s Facebook Account

This paper will describe methods for hardening a new Apple MacBook computing system. Although I myself do not use a MacBook I recently had the opportunity to harden my daughters newly won MacBook within the timeframe of this course. In the Information Technology (IT) world hardening is a term that describes the process of configuring a system so that it is secure, for the purposes of preventing unauthorized access, providing protection from malware and maintaining integrity, security and privacy of personal or proprietary data. This paper will also describe methods for setting up and securing a child’s first Facebook account.
Wireless Access Point Hardening
Once our MacBook has been hardened, the next step should be connecting to the Internet through a Wireless Access Point (WAP), a function that is available through a wireless router, provided by the Internet Service Provider (ISP) or self-purchased. A wired connection would be more secure but, as a matter of functionality with a laptop it is more practical to configuring and utilize a wireless connection.
The default service set identifier (SSID), which is basically the name of the WAP, will probably be set at the default of the name and model of the router. For security purposes the SSID should be changed to something unique and set to not broadcast this information. This increases the difficulty for any nearby threats scanning for and gaining access to your WAP for free internet or worse, using it as a gateway to try and access any systems connected to it. Next you should set the WAP access key; the standard Wi-Fi Protected Access 2 (WPA2) security utilizes 256-bit encryption, making it difficult for threats to crack. The same practices for creating strong passwords; use upper case and lower case letters, with numbers and special characters and at least 10 to 16 characters in length, should be followed when designating a WAP access key. Remember, by using only words or something simple and easy to remember, birth dates or other personally identifiable information (PII), you just make it easier for any threats out there. There are other security related settings you can adjust on the router, but incorporating media address control (MAC) address filtering is one of the musts. MAC addresses are uniquely assigned alphanumeric strings for your network interfaces, to include wired and wireless ports. Setting this feature, the router will allow access to only those devices that have been identified within a MAC address list, filtering out unidentified devices. Finding the MAC address of the wireless card on the MacBook is easy; under the advanced network settings, click on the “Hardware” tab.
MacBook Hardening
Before interacting with the MacBook, obtain anti-virus software, because by default the MacBook does not come pre-loaded with such. Suitable anti-virus software can be purchased from at a local store or through an online retailer, just make sure you use an already hardened computer if purchasing online. When first powering on the MacBook you will be guided through some settings for personalizing it to you. Establishing ownership and initial account creation will be performed during this process. The first account created will, by default, be an account with administrative privileges and through this account we can configure security settings, install additional applications and create additional user accounts.
Once these steps have been completed and you are logged into your administrative account, installation of the pre-obtained anti-virus software should be conducted. The most important part of the initial anti-virus software setup is making sure that automatic anti-virus software and virus definitions updates are set for regular intervals and turned on. Even though most anti-virus software will provide out of the box protection and should give you the freedom to conduct normal activities online, be sure to check for software and definition updates when first getting online with your new system.
With the anti-virus software installed, we can continue hardening the MacBook. The MacBook provides a settings interface with a wide range of settings; settings to further personalize appearance, to add additional users, to add printers, to setup networks, the list is robust. “Security and Privacy” may be the most important one within the list. The “Security and Privacy” settings have the following tabs; “General, FileVault, Firewall and Privacy. Under the “General” tab you should ensure that “Require password” is checked and is set to “immediately” for resuming from a “sleep” or “screen saver” state. Be sure to “Disable automatic login” by checking its radial button/box. These two settings are to make sure that a password is required in order to login to the system. An application installation setting can be found under this tab as well, dictating where applications can be installed from on the system; applications from the “Mac App Store, Mac App Store and identified developers or Anywhere”. Selecting “Mac App Store” is probably the best for the system. This option allows for only verified and signed by Apple applications being installed on the system by default, cutting down on chances for malware being introduced to a minimum. You can also change your login password from this tab.
The “FileVault” tab allows data on the system to be encrypted, as a precaution in case the MacBook ever gets lost or stolen. Turn “FileVault” on; it will take some time initially to encrypt all the contents, but it is quicker to do it now than later since there is less data to encrypt at this time. A recovery key is generated for use as another verification method, separate from your password, for accessing your data. Loss of your password and recovery key will result in all of your information on the system being lost so it is imperative that you store the key in a safe place.
Under the “Firewall” tab be sure to turn the firewall on. This is a very important setting in protecting your system from hackers entering your system through possible weaknesses or exploits within various applications and services. From the options tab you are allowed to block all incoming connections or to tailor it to your specific needs. There are applications like iTunes or various chatting apps and printer sharing that require incoming connections, so it is suggested to make any changes as necessary.
“Privacy” is final tab, this tab deals with “Location Services” and sharing of information in applications like “Contacts, Calendars and Reminders” and “Diagnostics and Usage” with other applications or even Apple itself. You can choose which applications or who you wish to share information with, I set this MacBook to not share any information.
Going back to the main settings interface there is a setting for the “App Store”, this is where update settings are set for Apple software and applications. Best practice is to put a check mark next to the “Automatically check for updates, Download newly available updates in the background, and Install system data files and security updates” options. This will allow the download of Apple updates, but you can still decide on when to install them.
Web Browser Hardening
Undoubtedly you will use a web browser application for interaction with the Internet. My preference is Mozilla’s Firefox, over Apple’s Safari, so I downloaded and installed the Firefox software on the system. For further strengthening Firefox has its own set of security settings that can be configured and additional security related add-ons that can be installed. Within Firefox’s security settings is the “Master Password” feature, it requires a password for Firefox when using stored login and password information for different sites. If someone were to find your unattended system in a logged in state, they could not open your browser, any of your bookmarks that may have login and password information stored or be able to access your accounts.
Of course the best practice is to never store login and password information to sensitive or private in nature sites (banks, social networking and even email) with the web browser. Furthermore, settings for browser history and web site tracking should be disabled as well. Below is listed some of the various security and privacy related add-ons that are available from Firefox and have been installed on this MacBook’s browser:
Master Password+ - enhancements for the built in master password feature
Public Fox - Provides password based locks on bookmarks, add-ons and downloads
Ghostery – allows you to see what sites are tracking you and block them
Adblock Plus - deals with ads and banners
Adblock Edge and Plus Pop-up - deals with ads and pop-ups
Better Privacy - deals with new types of cookies (LSO) and flash-cookies
Web of Trust (WOT) - provides information on a website's trustworthiness, based off of user ratings
World IP - Anti-phishing, protection against DNS spoofing and fake sites, domain and webserver information
No Script – protection from active content, allowing from only trusted sites, protection from attacks like cross site scripting (XSS) and Clickjacking
That wraps up the basic hardening process that I performed for my daughters new MacBook, at this time it is safe to connect to our WAP and check for system, application, anti-virus and browser related updates and install them. By no means is the process that I used to be considered the only method of hardening a system. There is always more than one way to “crack a nut” and I in no way, shape or form believe this method as all inclusive.
Online Banking
In today’s connected society managing finances online is commonplace and though there will always be threats out there trying to exploit in place security measures of financial institutions, technology seems to be one step ahead for the most part. Banks have taken measures to protect themselves and their customers, but as customers we must make sure that we take precautions to protect ourselves as well. Secure Sockets Layer (SSL) certificates are involved in verifying the validity of web sites to include web sites of financial institutions. A secure website is one that is denoted by “https” at the beginning of the web address, you should also see a closed padlock icon on the address bar of your browser, denoting that it is indeed a verified site that supports encrypted communications. Verifying these two things as well as visual confirmation that the web address itself reflects the proper name of your financial institution (there are too many spoofed naming conventions that will take you to an unsecure site that looks just like the real site) can offer confirmation that they are encrypted and using proper certificates.
Creating and Configuring a Facebook Account for a Child
Creating a child’s Facebook account is no different than creating your own account, the only stipulation is that the child is at least 13 years of age. The process is the same; a valid email account and choosing a password are all it takes. But unlike most adult user, a child may be unaware of the different dangers that may be encountered online. Prior to creating a Facebook account for my child, I would sit down with him and have a long, in depth discussion covering the responsibilities of using and maintaining an account, the dangers of online social networking and finally we would have to come to an agreement on ground rules of what he can and cannot do online.
Ground rule number one being that his mother and myself would have full access to his account, this would be for the security and protection of my child and not be a matter of trust. I would initially be monitoring their activities and verifying that he was using Facebook properly, exposed to only material appropriate for his age and of course that there were no signs of predators trying to interact with him. We would go through all the settings on Facebook, configuring them together and I’d explain what each one is for. Setting it so that only “Friends and Family” can interact with him and that he does not post too much personal information and any personal information that he does post is configured so that it is only shared with people he knows and trusts.
Most importantly a guideline would be set so that he must let my wife or I know immediately if there is anyone that he does not know trying to befriend him or he sees or receives any type of questionable activity geared towards him. Establishing the importance of not sharing too much information online, because of things like identity theft and keeping operational security in mind. Making sure he understands not to give out information like; “we are going on vacation for two whole weeks and no one is going to be home”. Allowing him to have a Facebook account is a serious and important responsibility and he would have to fully understand that there are serious threats out there, especially with the ones that prey on children.
As well as setting the ground rules for Facebook, we would create and configure a managed computer account with minimal permissions, full parental controls limiting when he could be logged into the account, the amount of time online and access to only specific web pages, further limiting other online threats.