Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
11121314151617181920
UNCLASSIFIED
12
3.5 Configuring System Preferences
Basic system configuration follows the installation of the operating system and its
updates. All system configuration guidance given in this chapter should be
performed from an administrator’s account.
The System Preferences program provides a graphical interface for controlling
many of the system security features. To start the System Preferences program,
select System Preferences… from the Apple menu at the top left corner of the
screen, or click on the System Preferences icon in the dock. The System Preferences
program will start in a “Show All” view, displaying icons for configurable system
features.
The following sections review options in the System Preferences application with
security implications and indicate recommended settings.
3.5.1 Desktop and Screen Saver
The Desktop and Screen Saver option in System Preferences should be used to
automatically start the screen saver when the computer has been idle for a specified
amount of time, such as 10 minutes. When used in conjunction with requiring a
password to wake the machine from sleep or the screen saver this will help prevent
an unattended system from being used by unauthorized users.
3.5.2 Security Settings
The Security option in System Preferences controls the FileVault user home
directory encryption feature and allows the administrator to require the password to
wake from sleep or the screen saver.
The FileVault feature for encrypting home folders is recommended for systems that
store home directories and whose physical security cannot always be guaranteed,
such as portables like the iBook and PowerBook. FileVault cannot be enabled on
home directories stored on a file server as would be typical in a network
environment. See the NSA “Mac OS X 10.3.x Panther Security Configuration Guide”
for information on configuring FileVault. Information on FileVault is also available
in Mac Help, from the Finder’s Help menu in the topics “About FileVault,”
“Encrypting your home folder,” and “Turning off FileVault.”
The setting “Require password to wake this computer from sleep or screen
saver” affects only the account currently logged in, but the administrator account is
the only account that should be locally logging into the server. Place a check in the
box for Require password to wake this computer from sleep or screen
saver.