Securing Macs in the enterprise

7/9

Locking-down and DLP

OS X has built in Parental Controls in System Preferences that can lock down certain aspects of OS X, such as the ability to change passwords, to use particular applications and more. Click Enable Parental Controls for the first account you want to lock down, then check the appropriate settings for the restrictions you want to apply.

Parental Controls enables a basic form of DLP, by stopping CD burning: check Limit CD and DVD burning in the Other tab.

Greater control, including locking down of USB access, is built in, but only available through other, more advanced mechanisms, such as OS X Server,DeviceLock and Endpoint Protector

Once you have configured the Parental Control settings for one account, they can be easily copied to other accounts using the cog button:

If you choose to allow USB drive access, you can apply FileVault encryption to removable USB drives by right-clicking on the drive on the Mac’s desktop.

However, it is not cross-platform so if the drive is to be used by Windows as well, you should investigate encryption software such as TrueCrypt or hardware such as Kingston’s DT Locker+ G2 USB sticks that work with both platforms.

Read article >>

View All Photo Stories