Personal Web Security Memo

Internet security and privacy are a huge concern these days, It’s very important we all pay close attention to how we utilize the internet and digital communications. If we don’t, we’re leaving trails that make it very easy for someone or something to obtain our private information, identity, credit card info, login credentials for anywhere you access online, emails, chats you name it. Not to leave out the fact that all your emails are being sniffed by around 10 different organizations as well as everything you search for with a search engine.. Many people’s reaction to this is “oh well i don’t really care”, probably because it just sounds really complicated. But you can actually lock things down pretty good if you fork up a little effort and you’ll learn something on the way.

Email Security.

The 1st thing everyone should do is enable 2 step verification on with their email provider (if they don’t offer it find a new one) 2 Step Verification, also know as 2 factor verification basically requires a response from code that can be sent via text message or some sort of authentication app on your hand held device (phone). in order for someone to get access to your email account they would need you phone as well. and hopefully you’re using the thumb print reader to lock your phone down. That will make it pretty tough for someone to gain access to your email accounts.

Taking email security to the next level… Addressing the fact that your emails are being sniffed for various reasons buy a handful of firms… Google, Bing, Yahoo, the Government.. the list goes on. We’re taking about our privacy rights and these companies have next to Zero consideration for your privacy. The fact they’re able to access this information legally just shows you how the word truly is complete chaos… Multi billion dollar companies with 1 mission (make as much money as possible) compartmentalized to perfection… All that said they only way to have secure email is to make sure its totally encrypted on the server, while it traverses the internet and on the device that the messages are read and created on. Currently the best email service gauged around your privacy is Proton mail. The level of encryption they use prevents the big corporations and the government from snooping your messages.. Proton mail is a very new service and they do not yet have 2 step verification, they confirm it is on their intimidate road map – I’d use it and enable the feature as soon as it’s available. would be best to reserv your account name ASAP weather you use it prior to this security update or not…

Cloud Security.

All the same mentioned above applies to the cloud… the only option that fully secures your files from sniffing is from Mega ( totally encrypted. but no 2 step verification – my email requesting the feature hasn’t been addressed yet. So that leaves you with a great option of using Dropbox or or Google Drive and taking the encryption into your own hands with Boxcryptor. it works great. Allows you to encrypt your files so they cant be sniffed. done.

more to come.. I’m a busy one =)




Editing the Default User template in OS X

Sys admins use many techniques to modify OS X, some of them involve manipulating the Default User template, or the “English.lproj” folder. This method can be considered ruff around the edges, as their are more elegant methods. But each institution will have different needs & Not all OS X based deployments are designed for developers or students… You may end up designing your experience for a group of old ladies or Artists.. Myself and many other Sys admins have found this method works well.

You can use these instructions in order to customize the default user in OS X.

In the Accounts preference pane of  System Preferences create a new user. I will be calling mine ”test” without admin privileges. Logout and log back in as the new test user. begin making all the modifications that you need to the user. Once you have set everything the way you’d like, Run the following commands from the Terminal.

This command will synchronize your new Test user to the default user template.

sudo ditto -rsrc /Users/test /System/Library/User\ Template/English.lproj

This command will ensure the Permissions are correct.

 chown -R root /System/Library/User\ Template/English.lproj

Create a new “regular” user account and test to see if the home directory is created properly and apps behave as expected. You need to remove the user using the “Users” pref pane
 and you may need to manually delete the user’s home folder..

Remove the following items from your source image ( varies from version os OS X )

rm /private/var/db/BootCache.playlist
rm /private/var/db/volinfo.database
rm /private/var/vm/swap*
rm -r /Library/Caches/*
rm /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist

Remove Library/Caches in any homes as well.

Enable ARD on a remote Mac via the command line.

It is possible to enable ARD on a remote mac via an ssh connection. Use the following command to enable remote access for all users.

Of course you’re going to need admin credentials and an SSH connection to the remote Mac.

sudo /System/Library/CoreServices/RemoteManagement/ -activate -configure -access -on -restart -agent -privs -all

Use this command to enable ARD access on the “Admin” user.

sudo /System/Library/CoreServices/RemoteManagement/ -activate -configure -access -on -users admin -privs -all -restart -agent -menu

You can simply kick start ARD with this command.

sudo /System/Library/CoreServices/RemoteManagement/ -restart -agent

You can deactivate ARD with this command.

sudo /System/Library/CoreServices/RemoteManagement/ -deactivate -configure -access -off

Allow Standard users to add printers in OSX

By Default, Standard Users are unable to add printers in OS X. So your going to need Admin credentials each time you need to add a new Printer to the system. This default can be changed by adding Users to the print group.

Use this command in the terminal to give all users on the system the ability to add printers.

sudo dseditgroup -o edit -t group -a everyone _lpadmin

This command will add a specific user to the Print group, replace “userx” with the user you would like to elevate.

sudo dseditgroup -o edit -a userx _lpadmin

Use this command to add all domain users to the print group.

/usr/sbin/dseditgroup -o edit -n /Local/Default -a 'Domain Users' -t group lpadmin