How safe is my iMac?

Posted:
in macOS edited January 2014
How do I test how secure my iMac 800 is from hackers? I use Brickhouse X and the only default I changed was to allow iDisk access. But what sort of security auditing software can I use to test my system? MacAnalysis looks like it's only for servers. I know my iMac is probably safe, I'm just curious.

Comments

  • Reply 1 of 19
    I think the Sheilds Up! security checker will work for you.





    <a href="http://www.grc.com"; target="_blank">www.grc.com</a>



    click on the sheildsup! logo.
  • Reply 2 of 19
    For a bit more detail on a few more ports, you should try the free <a href="http://www.securitylogics.com/portscan.adp"; target="_blank">SecurityMetrics Port Scan service</a>.



    If BrickHouse is properly configured, you should get "stealth" on all tests.



    [ 04-25-2002: Message edited by: starfleetX ]</p>
  • Reply 3 of 19
    alfredhalfredh Posts: 29member
    All ports were disabled on OSX by default.

    Check the /etc/inetd.conf file to seen what ports have been uncommented.

    I normally have to enable ftp, telnet and ntp by hand.

    If you are talking about other ports then ignore this mail.
  • Reply 4 of 19
    mithrasmithras Posts: 165member
    [quote]Originally posted by alfredh:

    <strong>I normally have to enable ftp, telnet and ntp by hand.

    </strong><hr></blockquote>



    Why?

    If you want to connect to your computer, you really should use SSH, not telnet.



    If you protest that "not every computer I want to use has SSH", then go here:

    <a href="http://www.isnetworks.com/ssh"; target="_blank">http://www.isnetworks.com/ssh</a>;



    and download the free Mindterm applet, which is a SSH client that runs in a browser window. Put the applet web pages in your Apache docs folder, and you can access your Mac via SSH from anywhere.



    As for FTP: (1) you can turn it on in the Sharing preference pane. (2) As you no doubt know, it also sends cleartext passwords.



    So the safer route is to turn on FTP, but have your firewall block the port. Instead of using FTP directly, log in with SSH, and set up an FTP tunnel. (The Mindterm documentation shows how to do this automatically).



    As for NTP, I don't know what reason you might have for using it, but be aware that root exploits on NTP do turn up occasionally. Unless you have a special time that you are trying to synchronize your other computeres to, why not just set each machine on the LAN to synchronize to the same external NTP server?



    My university laboratory's Solaris box was rooted and trashed (this was a number of years ago) thanks to some random service we had turned on unwittingly. Once is enough to experience that!



    And besides, leaving your box open to crackers isn't just your problem - it's mine, too, since they can then use your machine to launch new attacks.



    [ 04-26-2002: Message edited by: Mithras ]</p>
  • Reply 5 of 19
    Vodka - I think that the app you referred me to is Windows only. I didn't see any Mac stuff.



    StarFleet X - I ran the port scanner app you suggested and it listed a couple of ports as "stealth," while the rest were listed as "closed." The app then suggested that being listed as "closed" was not as good as being listed as "stealth," and that I needed to change this. Apparently the knowledge that a particular port is closed may be useful to a hacker.



    I'm using the Brickhouse firewall app. Is there any way to get it to list all of my ports as "stealth" rather than "closed." Thanks.
  • Reply 6 of 19
    [quote]Originally posted by gobble gobble:

    I'm using the Brickhouse firewall app. Is there any way to get it to list all of my ports as "stealth" rather than "closed." Thanks.<hr></blockquote>



    Good question. <img src="confused.gif" border="0">
  • Reply 7 of 19
    zozo Posts: 3,115member
    from <a href="http://grc.com/faq-shieldsup.htm#IDENT"; target="_blank">http://grc.com/faq-shieldsup.htm#IDENT</a>;



    ShieldsUP! shows my ports as 'Closed' and not 'Stealth', but I want Stealth! How do I get 'Stealth'?



    'Stealthed' ports are a, strictly speaking, a violation of proper TCP/IP rules of conduct. Proper conduct requires a closed port to respond with a message indicating that the open request was received, but has been denied. This lets the sending system know that its open request was received so that it doesn't need to keep retrying. But, of course, this "affirmative denial" also lets the sending system know that a system actually exists on the receiving end . . . which is what we want to avoid in the case of malicious hackers attempting to probe our systems.



    I coined the term 'Stealth' when I developed this site's port probing technology to describe a closed port that chooses to remain completely hidden by sending nothing back to its attempted opener, preferring instead to appear not to exist at all.



    Since 'Stealthing' is non-standard behavior for Internet systems, it is behavior which must be created and enforced by means of a firewall security system of some sort. The native TCP/IP interface software used by personal computers will ALWAYS reply that a port is closed. Therefore, some additional software or hardware, in the form of a 'stealth capable firewall' must be added to the computer system in order to squelch its "closed port" replies.



    To get full stealth-mode status from your system, I highly recommend using the completely FREE ZoneAlarm 2 firewall from ZoneLabs, Inc. Visit their website at <a href="http://www.ZoneLabs.com"; target="_blank">www.ZoneLabs.com</a> to learn more about this excellent and free firewall, then download the latest version.
  • Reply 8 of 19
    [quote]Originally posted by gobble gobble:

    <strong>I'm using the Brickhouse firewall app. Is there any way to get it to list all of my ports as "stealth" rather than "closed." Thanks.</strong><hr></blockquote>As others have pointed out, "stealth" means you are invisible to scans. My guess is that you just have BrickHouse configured for the wrong type of connection. I've spent a lot of time configuring mine and have gone from knowing nothing about firewalls to setting up dozens of rules so nothing would leave or enter my computer without my knowledge. Paranoid? You bet'cha! Though, it was pretty easy to learn by just tinkering with BrickHouse and running those portscans.



    Start off by running BrickHouse's setup assistant. Note: it's *very* important to carefully read the first screen. By default, it configures for regular ethernet connections. I forgot that I was using PPPoE for my DSL connection and had everything configured wrong, blocking absolutely nothing. Once I switched over, everything showed up as stealth.



    If you have any questions on specifics, feel free to post them.



    [ 04-30-2002: Message edited by: starfleetX ]</p>
  • Reply 9 of 19
    I checked brickhouse and there are two options for cable modem users. Either "DSL or Cable Ethernet (Regular Ethernet)" or "DSL or Cable PPPoE." How do I know which one is appropriate for me? I have an iMac 800 SD and use Comcast cable for my internet connection.



    I ran both options against the port checker app and got the same results. Two ports are in stealth mode and the rest are open.
  • Reply 10 of 19
    Well, my BellSouth DSL is PPPoE but my friend's RoadRunner cable uses DHCP (regular ethernet). I don't know what Comcast uses. Check your System Prefs Network pane. If by "configure" it has "Using PPP" selected, then you're using PPPoE.



    In BrickHouse, be should have Deny for the default incoming filter. Also, don't forget to hit the Save, Apply, and Install buttons whenever you make changes.



    Hmmm... if you are still having trouble, try this. Click "Add Filter" and use these settings:



    Action: Deny

    Service: Custom Service

    Protocol: TCP

    Port: 1-65535

    Source: other... Host IP: any

    Destination: other... Host IP: any




    That should block *all* traffic coming in and out of your computer. Apply and try to go somewhere online. You should get error messages saying the host is unavailable. In OmniWeb, I get the message "Unable to connect: Permission denied" when that filter is up.



    Now, let's add another filter so you can at least surf the internet. Add a filter with these settings:



    Action: Allow

    Service: World Wide Web

    Source: My Computer

    Destination: The Internet




    Drag this filter above the first one so it is higher in the list. Apply and try a web browser again. Now, visit one of those portscan sites and let it test you.



    [ 04-30-2002: Message edited by: starfleetX ]</p>
  • Reply 11 of 19
    Okay I have DHCP and a regular cable ethernet connection. But now I can't seem to play Starcraft online. I get a "UDP Port 6112" blocked message. How do I unblock this?
  • Reply 12 of 19
    whoops! you got a solution before i finished editing that post... I'll post instructions to allow starcraft in a sec...
  • Reply 13 of 19
    Okay now all of my ports are listed as "stealth" since I think I didn't hit save or apply or something last Friday. But Port 6112 UDP is still blocked. Any ideas?
  • Reply 14 of 19
    Hmm.... nevermind that, I'm having troubles too... I'll let you know when I get the right filter for it.



    [ 04-30-2002: Message edited by: starfleetX ]



    [ 04-30-2002: Message edited by: starfleetX ]



    [ 04-30-2002: Message edited by: starfleetX ]</p>
  • Reply 15 of 19
    Starfleet X,



    Thanks! I did just that (but you meant "allow" not "deny") and everything worked just fine. Consider this another notch on your bedpost of good deeds. Take care.



    GG



    p.s. I'm in Virginia in the D.C. suburbs, not too far from you.



    [ 04-30-2002: Message edited by: gobble gobble ]</p>
  • Reply 16 of 19
    Actually everything you suggested worked fine except the action was "allow." Did you put "deny" in yours?



    [ 04-30-2002: Message edited by: gobble gobble ]</p>
  • Reply 17 of 19
    Actually, this one is a little trickier than I had expected. Here are the proper settings for *two* filters you should have (you'll only really need these if you have an "überblock" filter like I described previously ).



    Action: Allow

    Service: Custom Service (you can rename it to "StarCraft" if you want)

    Protocol: UDP

    Port: 6112

    Source: any

    Destination: any



    Action: Allow

    Service: Custom Service (you can rename it to "StarCraft" if you want)

    Protocol: TCP

    Port: 6112

    Source: My Computer

    Destination: The Internet




    [ 04-30-2002: Message edited by: starfleetX ]</p>
  • Reply 18 of 19




    [ 04-30-2002: Message edited by: gobble gobble ]</p>
  • Reply 19 of 19
    Okay - I skipped the uberfilter and just went with the allow UDP 6112 filter you mentioned in your previous message. It seems to work fine. I think I'll go play a game of Starcraft and test it.
Sign In or Register to comment.