PDA

View Full Version : SECURITY question!


Mr. Monsieur
May 20, 2004, 12:36 PM
Is there any way I can be ABSOLUTELY certain that there are no leaks/holes either into or out of my iBook? I've enabled the OS X firewall, but I'm wondering how to configure it properly and also, even if it is configured properly, is it completely secure? I would like to seal up my computer airtight...at very least, I would like to be notified/asked when there is any movement in or out of the computer...any ideas suggestions as to what I should do? Thanks!

MisterMe
May 20, 2004, 12:53 PM
Is there any way I can be ABSOLUTELY certain that there are no leaks/holes either into or out of my iBook? I've enabled the OS X firewall, but I'm wondering how to configure it properly and also, even if it is configured properly, is it completely secure? I would like to seal up my computer airtight...at very least, I would like to be notified/asked when there is any movement in or out of the computer...any ideas suggestions as to what I should do? Thanks!To be "absolutely" certain that your iBook is secure, you will have to turn it off and lock it up in a safety deposit box. However, that is not the standard. You want to reasonably secure. You can be reasonably secure by turning off ports that you don't need and by using a wired router to connect to the outside world.

SiliconAddict
May 20, 2004, 01:27 PM
Is there any way I can be ABSOLUTELY certain that there are no leaks/holes either into or out of my iBook? I've enabled the OS X firewall, but I'm wondering how to configure it properly and also, even if it is configured properly, is it completely secure? I would like to seal up my computer airtight...at very least, I would like to be notified/asked when there is any movement in or out of the computer...any ideas suggestions as to what I should do? Thanks!

There is no such thing as an absolute when it comes to computing. Computing is all about reasonable risk. When it comes to OSX the out of the box risk of hacking cracking is negligible due to the small amount of open ports OS X has on by default. That being said always stay on top of patches. That is your #1 guard against having your computer compromised. Beyond that you said you enabled a firewall. Make sure its as secure as possible by going to:

https://grc.com/x/ne.dll?bh0bkyd2
or
http://www.auditmypc.com/freescan/scanoptions.asp
or
http://www.hackerwatch.org/probe/

and scan your system. It should give you a reasonable idea of how secure your firewall is set.
Also you might want to try BrickHouse (http://www.versiontracker.com/dyn/moreinfo/macosx/9103)
It's a GUI interface for tweaking the built in firewall. From what I've read itís a solid, and free, app.

musicpyrite
May 20, 2004, 01:55 PM
Is there any way I can be ABSOLUTELY certain that there are no leaks/holes either into or out of my iBook? I've enabled the OS X firewall, but I'm wondering how to configure it properly and also, even if it is configured properly, is it completely secure? I would like to seal up my computer airtight...at very least, I would like to be notified/asked when there is any movement in or out of the computer...any ideas suggestions as to what I should do? Thanks!

Thats easy, if you want to be ABSOLUTELY secure, all you have to do is one thing:


Unplug the ethernet cord. (or Airport card)

varmit
May 20, 2004, 03:13 PM
Thats easy, if you want to be ABSOLUTELY secure, all you have to do is one thing:


Unplug the ethernet cord. (or Airport card)

Someone could still walk up to his computer and use it. :eek: So the safty deposit box doesn't look that bad to make it absolutely secure. I did those websites and no holes, and I don't even have the firewall up.

Mr. Monsieur
May 21, 2004, 12:06 AM
To be "absolutely" certain that your iBook is secure, you will have to turn it off and lock it up in a safety deposit box.
Any suggestions as to where the safest safe deposits are?...all right, all right...so I'm a bit uptight about my privacy...THANKS, in any case for your posts...they have been helpful!

cjc343
May 21, 2004, 02:29 AM
If you make your iBook airtight it will overheat.....


Just keep the firewall on, with no ports open, put yourself behind a router, set up password protection for waking from sleep/screen saver, install folding@home (it might help... right?), if you are using a wireless network, allow only your MAC addresses, turn up encryption, change the network name from the default and make it a closed network (doesn't broadcast itsself).

That's all I can think of now, any questions?

It would help to know more about your setup (how you connect to the internet, what different boxes and wires you go through....

GiantsFan
May 21, 2004, 02:41 AM
how do i turn on the firewall and close the ports? sorry if this sounds stupid, i'm a new mac switcher.

cjc343
May 21, 2004, 03:12 AM
how do i turn on the firewall and close the ports? sorry if this sounds stupid, i'm a new mac switcher.


System Preferences > Sharing under Services, set all to off... under Firewall, uncheck all of the boxes, and then click start, if some can't be unchecked, disable the services.... under internet, make sure sharing is off... now your computer is a bit more secure....

cb911
May 21, 2004, 06:52 AM
i'm was in a similar situation... i wanted to know when there were any ingoing or outgoing connections that shouldn't have been happening.

there are a couple of things you can do. there is a neat little app called Little Snitch, it catches any outgoing connections, and lists that app that is making the connection, and where it is trying to connect to. you can tell it to either disallow the connection, or allow it. very useful. ;)

then to stop unwanted incoming connections, there's an app called PeerVanguard. it has a list of IPs to block, so it will keep out the ad companies, RIAA http://www.portedmods.com/modules/Forums/images/smiles/icon_evil.gif etc. and it works. i just turned it on thismorning for the first time, then i could see that i had 4 access attempts, i think from ad companies. i think PeerVanguard is the Mac equivalent of PeerGuardian as well.

hope that helps you out. :)

Finiksa
May 21, 2004, 07:49 AM
I would like to be notified/asked when there is any movement in or out of the computer...

Little Snitch (http://www.obdev.at/products/littlesnitch/index.html) should do exactly what you're looking for. I've been using it for about a year, it's pretty damn good but at $25 a bit overpriced.

SiliconAddict
May 21, 2004, 12:04 PM
Any suggestions as to where the safest safe deposits are?...all right, all right...so I'm a bit uptight about my privacy...THANKS, in any case for your posts...they have been helpful!


I've heard Swiss Banks are DAMN secure. :cool:

Mr. Monsieur
May 21, 2004, 02:15 PM
Just keep the firewall on, with no ports open, put yourself behind a router, set up password protection for waking from sleep/screen saver, install folding@home (it might help... right?), if you are using a wireless network, allow only your MAC addresses, turn up encryption, change the network name from the default and make it a closed network (doesn't broadcast itsself).

That's all I can think of now, any questions?

It would help to know more about your setup (how you connect to the internet, what different boxes and wires you go through....

OK...I follow some of this (sorry I'm a real newbie!)...could you explain how I can "allow only my MAC addresses," and "turn up encryption"? I changed something in the network section of Sys. Prefs., but I'm not certain that it's right (it didn't mention a 'closed network,' the only options were, where it reads, under Airport: 'By default join: ''automatic' or 'a specific network.' Is the latter what I want?
In answer to your question, at present I go through a wireless router using AE...apart from that, no other boxes/wires...Any more ideas?

7on
May 21, 2004, 03:15 PM
MAC address filtering has to do with the AE base-station and not the iBook itself.

Should be somewhere in the AE configuration tool.

cjc343
May 21, 2004, 09:04 PM
ok, I find AE works fine as a router....


Applications > utilities > Airport Admin Utility

Select your network, click "configure" enter password assigned when creating network, click "Show All Settings"


Check the box that says "Create a Closed Network" this makes it so that the AEBS does not broadcast its existence, you should set your computers to automatically join the correct network using the correct password, if you haven't assigned one, do that.


Click on "Base Station Options..." Uncheck the first 4 boxes if any are checked

If Wireless security is not enabled, click "Change Wireless Security..." In my experience, WPA personal is most secure, (except for enterprise, but you probably won't be able to set that up... and I couldn't help) but not all wireless cards support it. After that, 128 bit WEP and then 40. You will set a passord for logging onto the network here....

Now, click on the "Access Control" tab at the top. Click the "+" and then select "This Computer"

If you have any other computers on the network, you will need to add them manually... the MAC address can be found in System Preferences > Network > Airport > Airport ID

If you need to add PeeCees, I cna give instructions for that too, but I won't unless you ask....


This counselling session will be $70 ;)

Any more questions?

Mr. Monsieur
May 21, 2004, 10:14 PM
This counselling session will be $70

Hey! My Mac's still under warranty! :D But seriously...THANKS a lot...I really do appreciate all the help I've gotten from you and others on this very neat website! I'm going to go and try to do things you suggested now...:)

cjc343
May 22, 2004, 01:10 AM
Hey! My Mac's still under warranty! :D But seriously...THANKS a lot...I really do appreciate all the help I've gotten from you and others on this very neat website! I'm going to go and try to do things you suggested now...:)


Under warranty means that Apple will replace non-working parts and assist you if your computer is not working correctly... I don't think that personal security is covered under warranty, but they might help you.....


You are welcome, if you have any questions, or run into any problems setting all this up, I will be happy to help....


Now if you were using WINDOWS, that $70 fee wouldn't be a joke....

Mr. Monsieur
May 22, 2004, 10:34 AM
If you need to add PeeCees, I cna give instructions for that too, but I won't unless you ask....


All right...so I'm an idiot...I didn't clarify that my iBook is running through a Netgear router connected to my parents' Hewlett Packard Pee Cee... :o
IF it's easy, it'd be great to figure out how to deal with that...I will, in any case, save this thread for that inevitable day when I will be connected through an Apple Airport Base Station...

cjc343
May 22, 2004, 01:42 PM
ok... I don't know much about setting up netgear.... but I need a clearer picture of your setup.



start at the wall, find the cord, and just write the order of everything after it. including the wall jack first.


Again, I probably won't be able to help with Netgear, but someone else might be able to.

Mr. Monsieur
May 24, 2004, 11:15 AM
start at the wall, find the cord, and just write the order of everything after it. including the wall jack first.


All right...I'll go and have a look at it...

Mr. Monsieur
May 25, 2004, 06:40 PM
start at the wall, find the cord, and just write the order of everything after it. including the wall jack first.

All right...so...it goes: wall socket>UPS>Cable Modem>Netgear Wireless Router>HP Pee Cee.

Does that sound about right?

cjc343
May 25, 2004, 07:17 PM
so the PC is wired?

Mr. Monsieur
May 25, 2004, 11:54 PM
so the PC is wired?

Sorry...you're speaking with a real newbie...how do you mean 'wired'? The PC is hooked up to a cable modem, through the wireless router, which is used for the other computers in the house.

cjc343
May 26, 2004, 12:17 AM
The PC is connected to the internet over a wire, not wirelessly? It is only the laptop that is wireless?

Mr. Monsieur
May 26, 2004, 09:16 AM
Ahh...right...yes, the PC is connected through an ethernet cable... :o

pncc
May 26, 2004, 09:59 AM
Hi,

I just read through this thread.

the cable modem and router are wired correctly. The PC is connected to the router by hard wiring, your iBook is connected wirelessly.

The Netgear router SHOULD have a web based configuration. What you need is the IP address and password.

In System Prefs/Networking, look at your iBook's Airport configuration. There will be a IP address, Subnet mask, and gateway. They probably look like:
192.168.1.100
255.255.255.0
192.168.1.254

The gateway is the router's IP address. Open Safari and type in that IP address. You shouid get a login window to the router, type in the password.

Look back through this thread and look for the options discussed. Come back when you have more questions.