/macOS_Hardening

a collection about macOS

GNU General Public License v3.0GPL-3.0

macOS stable GitHub last commit

Device Recommendations

  • Mac with Apple Silicon Chip (M1 or newer) because of secure ARM architecture. Newer chips have better security features, so it's best to stick with the most recent ones.
    older devices (with T2 or T1 chips) are no longer recommended because they are vulnerable to checkm8, Passware Kit Forensic T2 Add-on and lack some hardware security features.

First steps

  • Distrust all networks by disallowing all incoming connections in Firewall settings (stealth mode).
  • Check for updates and enable automatic updates for OS and also App Store.
  • If multiple people use your Mac, limit the number of users with administrator privileges and set up a user account for each person, so that one person can’t modify the files needed by another
  • Enable FileVault

General Tips

Advanced users/special use case

Reading/Informational Material