Net Security: How do I secure my Mac?

Discussion in 'Mac Help/Tips' started by Darby, Feb 9, 2003.

  1. Darby macrumors newbie

    Jan 30, 2003
    Orange County, CA

    I am a novice. So, please forgive my naive questions :)

    After reading the "Apple Rumor Casualty" thread, I can't help but wonder what steps I can take to make my mac secure?

    If I have a website, how do I keep the files, etc secure?

    I'm unsure how I go about preventing any private info I have on my computer from being accessed when I am online???

    What do you do to secure your computer/website/etc.?

    Thank-you in advance,
    Darby :)
  2. FattyMembrane macrumors 6502a


    Apr 14, 2002
    bat country
    if you're running 10.2, there is a built in firewall in the "sharing" pane of the system preferences. all you have to do is turn it on and you should be set. if you are using the personal web-sharing on your computer, people will only be able to access your webpage, not other files on your computer. the guy in the news article was sharing other files of which he was unaware, but you have to have set them to shared status at sometime, so as long as you are only using the webserver and firewalling everything else, you will be fine.
  3. oldMac macrumors 6502a

    Oct 25, 2001
    Re: Net Security: How do I secure my Mac?

    Security 101...

    Firstly, Apple has done an excellent job of setting up the defaults of Mac OS X in a secure way. 90% of the time, you can just use it and feel pretty secure. That being said, it's easy to make changes that make your Mac less secure by changing defaults and/or installing 3rd-party software. The following steps can help protect you from these and other security issues that may arise in the future.

    There are two things that you're probably trying to address here:

    1) How do I protect my machine from unintended access?
    2) How do I ensure that I don't accidentally expose documents or other machine access if I have a web site?

    STEP #1: First line of defense...

    - If you have broadband, get a home router/firewall ($50 - $100). This will help to protect your machine from people outside of your local network and will allow you to open up only what you intend to allow access to.
    - It will also allow you to do useful things like printer sharing and local file sharing between multiple machines without opening those things up to the rest of the world.

    STEP #2: Second line of defense...

    - Only turn on services from the "Sharing" panel in your System Preferences for what you want to share with others.
    - Keep other services turned off unless you need them, especially if you don't have the router/firewall from step 1.

    STEP #3: Allow people on the Internet to access your Web site...

    On the Router/Firewall

    - If you have a router/firewall, you will need to allow access to port 80 on your Mac (this is what allows people to visit your web site from the Internet - by default the firewall would block them from being able to see your web site)
    - You will need to consult your router/firewall instructions to do this

    On the Mac
    - Enable "Personal Web Sharing" on your Mac by clicking the appropriate checkbox in your "Sharing" System Preferences
    - Navigate to your "Home" folder and then to the "Sites" folder inside of that. Put your web pages here.
    - By default, your machine is set up to protect files outside of this "Sites" folder from being accessed.

    STEP 4: Keeping it secure...

    - Don't put *any* files into your HOME:Sites folder that you don't want other people to see. Don't do this even if you think that they don't have a link to them.

    - Don't install 3rd-party software that modifies the default Apache setup

    - Use "Disk Utility" (located in Applications:Utilities) to "Repair Disk Permissions" periodically. This will help to "fix" permissions which may have been set insecurely by an installer.

    - DO install any security updates that Apple sends you via software update

    - DON'T install any supposed "security updates" that someone sends you via email or that you see on a non-Apple Web site (even if it looks like it's coming from Apple)

    - DON'T run any programs that someone sends you via an email attachment if you weren't expecting to receive it and know exactly what it is. NEVER run funny "joke" programs that someone may send to you via email. These may contain "viruses" or "trojans" that can compromise your system security.

    - Be wary of installing CGI and PHP code which may have flaws or back doors that allow access to the rest of your machine

    - Get a good antivirus program, run it regularly and keep your virus definitions up-to-date. Viruses are not as much of a problem on the Mac as they are on the PC, but they do exist and the potential for future viruses is high.

    STEP 5: Learn more...

    - Read about access permissions and understand how the operating system and Apache protect files

    - Experiment by changing the permissions on a file within the sites directory and verifying that the file can no longer be viewed from the web

    - Review file permissions on your personal files to ensure that they are not marked as "world readable". It's not a bad idea to keep a special folder for very sensitive documents and to protect it further by saving it as an encrypted disk image (using "Disk Copy" in the Applications:Utilities folder)
  4. Darby thread starter macrumors newbie

    Jan 30, 2003
    Orange County, CA

    ;) ;) ;)

    Thank-you FattyMembrane & OldMac!

    I have printed your replies out.
    I really appreciate the information.

    You guys are the best!

    Darby :)

Share This Page