How do you set up OS X so it's secure on the internet?
I've only started using OS X in the last 10 days or so and I was noticing (from a shareware app) that I have constant data entering my computer. I've turned on the firewall and turned off file sharing from day 1.
Are there other software switches I need to set?
And what data could be entering my machine?
Thanks in advance to all who answer.
Are there other software switches I need to set?
And what data could be entering my machine?
Thanks in advance to all who answer.
Comments
Originally posted by penseive
What shareware app?
Menumeters (and someother shareware app that expires after 3 hours).
But X is really safe and all that activity is normal. What you want to watch is your upstream. If you are trasnmitting data when frequently when you don't think you should be, that's time to start looking for something misbehaving. Note that things like network time server updates, auto software update, IM clients, webbrowsers, programs like photoshop and some other network serial apps, weather checkers, etc all periodically send requests and will show up.
With the firewall up, services down and no nasty software running, you've got a pretty rock solid system going for you!
If you do not need to access your machine from remote or if you are not Terminal.app savvy, turn off sshd (remote login).
Those are two services that are known to have a lot of vulnerabilities (and new ones are found on a monthly basis).
Additionally, turn off samba (windows sharing), ftp and any other service you do not absolutely need.
Additional security points for putting a NAT router between you and the net. Additional points for putting a NAT router/firewall combination between you and the net.
step 1: turn it on
step 2: ???
step 3: profit
but seriously, even without the firewall on, there is little or nothing an evil hacker can do to your computer, with your services/servers off.
Remote login is the most dangerous, for there tends to be a security hole found (and patched) every few months.
BitTorrent is horrendous in that it requires you to pull down data then it allows others to search and download that data from your computer, mostly unbeknowst to the casual user.
On my Mac, the result reported is complete invisibility to the Internet from external probes. This doesn't mean you're secure from some worm or other software that might already be on your Mac, but it does mean there's almost no chance that someone outside your network can connect to your computer without your permission (opening a port or installing specific software).
It looks like the data I'm seeing is just internet chatter since it's not that much. My firewall is turned on and file sharing is turned off. I may try the link that tests your system since I'm getting ready to wipe this drive and install 10.3.
Originally posted by thuh Freak
Steps to secure Mac OS X:
step 1: turn it on
step 2: ???
step 3: profit
I"ll try— gadzooks! My boxer shorts are missing!
Originally posted by johnq
Are you running any file sharing apps like BitTorrent? (Don't)
BitTorrent is horrendous in that it requires you to pull down data then it allows others to search and download that data from your computer, mostly unbeknowst to the casual user.
Uh, that's completley wrong.
BitTorrent allows others to 'see' parts of the file you are downloading at the time. It only has access to the file system to allocated and resume downloads at the start. That's all. It isn't some trojan.
Think of Kazaa, winMX or eDonkey. They let people access your 'shared files' directory, or unless you are really stupid and think it's a good idea to share the whole of C: (or /)
But seriously, don't spread FUD. bittorrent is a great great program and system.