End-User Security Features
OS X and iOS have many built-in security features, including industry-standard digital signatures and encryption for Apple’s Mail app, and authentication for the Safari web browser.
In iOS, these features are largely invisible to the user, because security is handled by the system without the user’s intervention.
In OS X, the following four features are most visible to users:
The Security system preferences pane
FileVault, which users can configure through the Security system preferences pane
The Accounts system preferences pane
The Keychain Access app
These features are described in this appendix.
Security System Preferences
Security system preferences in OS X let the user configure FileVault and control some aspects of authorization on the computer (Figure B-1).
The Security system preferences dialog lets the user specify whether authorization should be required:
When the computer first boots (automatic login)
To wake the computer from sleep or a screen saver
To unlock each lockable system preference
At the bottom of the dialog is the lock icon provided by the authorization view (see “Designing Secure User Interfaces” in Secure Coding Guide). When this icon shows a closed lock, authorization is required before the user can change the settings in this system preferences pane.
FileVault and Encrypted Volumes
When the user turns on FileVault (see Figure B-1), OS X uses 128-bit AES encryption to encrypt everything on the root volume (or everything in the user’s home folder prior to OS X v10.7).
The system automatically decrypts files upon access if an authorized user is logged in, but the files remain encrypted on disk. This provides maximum security for a user’s files if all of the following are true:
All sensitive data is stored on an encrypted volume (or in the user’s home directory prior to OS X v10.7).
Permissions are set appropriately to protect the data from other users on the system.
Automatic login is disabled.
A password is required to wake from sleep or to wake from the screen saver.
A user can also create new external volumes with FileVault encryption using Disk Utility. Alternatively, if a user wants to securely store files somewhere other than a FileVault-protected volume (such as on an external hard disk or removable media), the user can create an encrypted disk image.
For more information about FileVault, see Apple Knowledge Base Article HT4790.
Accounts System Preferences
When a user installs OS X on a computer, that user automatically becomes a member of the
admin group (described in “The Admin Group” in File System Programming Guide). Subsequently, the user or any other member of the
admin group can use the Accounts system preferences panes to add new users to the system.
For each new user, the administrator can specify whether that user should be a member of the
admin group (Figure B-2).
If the new user is not a member of the
admin group, the administrator can limit the system features and apps to which that user has access (Figure B-3).
Users in the
admin group can turn on FileVault encryption.
Keychain Access is an OS X utility that lets users see and modify the passwords, certificates, and other data that are stored in their keychains.
With Keychain Access, users can:
Create new keychains
Add and delete keychain items
Lock and unlock keychains
Choose one keychain to be the default
See and change passwords stored for various apps, tools, and websites
Securely store other secrets, such as passwords, credit card numbers, and notes
When a keychain is locked and an app or other tool needs to gain access to a keychain item, Keychain Services prompts the user for a password.
In addition, the Keychain Access menu includes items to open the Certificate Assistant and Kerberos Ticket Viewer utilities. The Certificate Assistant enables users to create certificates, request certificates from a certificate authority, create a public/private key pair, or evaluate a certificate. The Kerberos Ticket Viewer lets users see any Kerberos tickets in use on the system, and enables them to renew or destroy a ticket, or change a ticket’s password. Kerberos is described in more detail in Authentication, Authorization, and Permissions Guide.
Apple’s Mail app and other email apps can extract a public key from the signing certificate of any signed email and use it to encrypt messages sent to the owner of that key. See “Digital Signatures” in Cryptographic Services Guide for more information about digital signatures, and see Help in the Mail app for details on sending encrypted email.