How secure is my mac?

Discussion in 'Mac Basics and Help' started by SpaceGirlM, Jun 5, 2009.

  1. SpaceGirlM macrumors newbie

    Joined:
    Jun 5, 2009
    #1
    Hello,

    I just have a question about how secure my mac is..

    I use ethernet to connect to the internet with the DHCP configurations. My firewall is turned on and my sharing options off.

    But I also have NetBarrier. The firewall option for this was set on:

    Client, Local Server

    Having it set up like this, do you know if someone could access my mac? :confused:

    Thanks.
     
  2. MTI macrumors 65816

    Joined:
    Feb 17, 2009
    Location:
    Scottsdale, AZ
    #2
    If there's someone "out there" determined to get access, then they likely will.

    Another feature that you can switch is to have the router not respond to any "ping" requests.

    Perhaps the biggest security threat to our computers is actually physical access rather than electronic. When another person can put their fingers on your keyboard, it's literally seconds before they can bypass passwords and access data unless data encryption has been activated.
     
  3. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #3
    This is an extremely loaded question. There's a bajillion pieces to the "security" puzzle.
    Answer these questions:

    1) having 2 firewalls running is probably a needless waste of CPU cyles.
    2) is this computer at home? Behind a router that undoubtedly has NAT? Then having a software firewall (nevermind 2) running is overkill.
    3) is it up to date with patches?
    4) do you have a good, strong password? Do you change it at regular intervals?
    5) do you use autologin?
    6) do you allow shoulder surfers or social engineers to view you at your Mac?
    7) do you spend time websurfing on or downloading questionable materials from questionable sources?


    Good practices will keep 99% of people "out" of your Mac, same with Windows.
     
  4. SpaceGirlM thread starter macrumors newbie

    Joined:
    Jun 5, 2009
    #4
    2) is this computer at home? Behind a router that undoubtedly has NAT? Then having a software firewall (nevermind 2) running is overkill.

    Yes, the computer is at hom.. No it is not behind a router as far as I know.

    3) is it up to date with patches?

    I don't know, how can I tell if it is..?

    4) do you have a good, strong password? Do you change it at regular intervals?

    Password for what??

    5) do you use autologin?

    What is autologin?

    6) do you allow shoulder surfers or social engineers to view you at your Mac?

    No.

    7) do you spend time websurfing on or downloading questionable materials from questionable sources?

    Yes I use the internet for websurfing but nothing else.


    Could someone see/access my files on my local server if I have the firewall option set to "client, local server" but my sharing options off..

    Is there a way to test how secure my mac is?
     
  5. uberamd macrumors 68030

    uberamd

    Joined:
    May 26, 2009
    Location:
    Minnesota
    #5
    Do a port scan from the outside. Thats a start. Google online port scanner, type in your external IP, and see what ports are open.
     
  6. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #6
    What do you plug into for network? Still, 2 firewalls is a total waste of CPU cycles.

    Apple menu -> Software Update

    For logging into your Mac. Your admin password?

    When you restart your Mac, does it log directly into your user? Or do you have to choose a user and enter a password (I'm guessing not)

    You have a local server? I expect "local server" means computers on your subnet are allowed to connect to whatever services are running on your computer. If file sharing is off, then people cannot see your files via file sharing. But security typically isn't measured by file sharing on/off.


    In my opinion, NO your Mac is not very secure because you're not following basic security practices.
     
  7. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #7
    The application firewall in system preferences is weak, if you really want security, download WaterRoof and use it to configure IPFW (the other built in firewall, which is hidden and disabled by default.)

    Unless you're using filevault, don't bother with a super strong login password. All someone has to do is stick a linux CD into your computer and they can read all your files, or start your computer in Firewire target mode, or remove your hard drive.

    Download Nessus and run a scan against your computer (IP address you'll need to use is 127.0.0.1)

    http://www.nessus.org/nessus/

    It's used to detect vulnerabilities that could be used to attack your computer remotely.
     
  8. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #8
    I'm not sure I'd call it weak. But I totally agree with WaterRoof, it make configuring ipfw2 much easier. But I suspect the complication might be over the OP's head in that case. Besides, she's already using NetBarrier which should suffice for her purposes.

    While this is true, you're advocating a weak password? Physical access to the computer is a much less likely situation than remote attack. So advocating a weak password is a bad idea.

    Given the level of the OP's understanding, I suspect this might be overkill, particularly since she is undoubtedly behind a router and hardware NAT of some sort. A local server, then running a local client would mean any scan would be of the local machine only and not really be indicative of possible attack vectors from beyond her router/subnet. Additionally, I'm not sure she'd know what to make of the report.

    I think it's better to start out with the basics and build from there. Good password, unnecessary services off, machine patched, informed internet use.
     
  9. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
  10. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #10
    Not a a weak one, but a 20 character password is not needed, unless you're going to use Filevault.
     
  11. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #11
    Well I never said one needed a 20 character password, however one

    a) should have a password
    b) it should be strong and at least 8 characters
    c) change said password at least every 180 days

    Not knowing your admin password, having a blank admin password, or some pathetic excuse for a password is really a poor idea if you're at all interested in how secure your Mac is.
     

Share This Page