Re: Net Security: How do I secure my Mac?
Security 101...
Firstly, Apple has done an excellent job of setting up the defaults of Mac OS X in a secure way. 90% of the time, you can just use it and feel pretty secure. That being said, it's easy to make changes that make your Mac less secure by changing defaults and/or installing 3rd-party software. The following steps can help protect you from these and other security issues that may arise in the future.
There are two things that you're probably trying to address here:
1) How do I protect my machine from unintended access?
2) How do I ensure that I don't accidentally expose documents or other machine access if I have a web site?
STEP #1: First line of defense...
- If you have broadband, get a home router/firewall ($50 - $100). This will help to protect your machine from people outside of your local network and will allow you to open up only what you intend to allow access to.
- It will also allow you to do useful things like printer sharing and local file sharing between multiple machines without opening those things up to the rest of the world.
STEP #2: Second line of defense...
- Only turn on services from the "Sharing" panel in your System Preferences for what you want to share with others.
- Keep other services turned off unless you need them, especially if you don't have the router/firewall from step 1.
STEP #3: Allow people on the Internet to access your Web site...
On the Router/Firewall
- If you have a router/firewall, you will need to allow access to port 80 on your Mac (this is what allows people to visit your web site from the Internet - by default the firewall would block them from being able to see your web site)
- You will need to consult your router/firewall instructions to do this
On the Mac
- Enable "Personal Web Sharing" on your Mac by clicking the appropriate checkbox in your "Sharing" System Preferences
- Navigate to your "Home" folder and then to the "Sites" folder inside of that. Put your web pages here.
- By default, your machine is set up to protect files outside of this "Sites" folder from being accessed.
STEP 4: Keeping it secure...
- Don't put *any* files into your HOME:Sites folder that you don't want other people to see. Don't do this even if you think that they don't have a link to them.
- Don't install 3rd-party software that modifies the default Apache setup
- Use "Disk Utility" (located in Applications:Utilities) to "Repair Disk Permissions" periodically. This will help to "fix" permissions which may have been set insecurely by an installer.
- DO install any security updates that Apple sends you via software update
- DON'T install any supposed "security updates" that someone sends you via email or that you see on a non-Apple Web site (even if it looks like it's coming from Apple)
- DON'T run any programs that someone sends you via an email attachment if you weren't expecting to receive it and know exactly what it is. NEVER run funny "joke" programs that someone may send to you via email. These may contain "viruses" or "trojans" that can compromise your system security.
- Be wary of installing CGI and PHP code which may have flaws or back doors that allow access to the rest of your machine
- Get a good antivirus program, run it regularly and keep your virus definitions up-to-date. Viruses are not as much of a problem on the Mac as they are on the PC, but they do exist and the potential for future viruses is high.
STEP 5: Learn more...
- Read about access permissions and understand how the operating system and Apache protect files
- Experiment by changing the permissions on a file within the sites directory and verifying that the file can no longer be viewed from the web
- Review file permissions on your personal files to ensure that they are not marked as "world readable". It's not a bad idea to keep a special folder for very sensitive documents and to protect it further by saving it as an encrypted disk image (using "Disk Copy" in the Applications:Utilities folder)
