PWN to OWN. This is the name of the contest that made most Mac users worldwide seriously think about reading a security book or two to learn about securing their Macs ASAP. During the aforementioned contest a Mac running OS X Leopard was the first to give in to the intrusion attempts. It may not have been the brightest day in Apple’s history but it surely was the one when every Mac owner out there gave a second thought to the “Macs are the most secure” theory.
So, if Macs aren’t as secure as we have previously thought (I did too and even bet on the Vista computer that it would be the first to be compromised), what can we do to defend ourselves against attacks? One way would be to fire up the old integrated Mac OS X firewall and configure it to accept only incoming connections from IP addresses we know.
Although this is a good thing to do, the integrated firewall doesn’t do as good of a job as Apple would want us to believe. If you are not a very experienced user you’ll probably end up just enabling the damn thing and what protection do you think you’ll get? I’ll tell you: not very much because the machine that got “owned” at the PWN to OWN contest had the default settings and it went down pretty fast.
I know, this really is kind of hilarious, but hey, what else can you do? See, Apple really thinks about everything. It even allows you to stay online giving you a fake sense of security, kind of like walking through a black alley with a gun in your pocket (a gun filled with blanks).
So, this time for real, what can you actually do to protect the data on your Mac? To your surprise, and mine, the answer is given by the guys at Apple. Don’t know if you still remember but a while ago the company released a security configuration document for Leopard in which you can find a huge array of security tips that can help you protect your Mac more efficiently.
I have read the whole 240 pages and picked out the most important 5 tips – in my opinion – that you can use to be sure no one will ever be able to get access to your private data, or at least make their life a living hell while trying to breach into your system.
Tip 1 - Secure the network sharing services
The first and easiest way that comes to mind when dealing with securing your data is to prevent access to it from the outside. The easy way to do that would be to secure its network sharing services. How can this be done? Easy as pie: simply turn off the sharing services that you consider unnecessary and only leave running the ones that you really need.
Under this paragraph you will find the command-line commands you will have to enter to stop the following sharing services: DVD or CD sharing, screen sharing aka VNC, file sharing (trough FTP, SMB and AFP), web sharing (HTTP), remote login (SSH), remote management (ARD), Xgrid sharing, Internet sharing and Bluetooth sharing. Quite a handful if you ask me and as many opportunities for strangers to get their hands on your data.
The following commands are all available in the Leopard security configuration document published by Apple at the beginning of June 2008. To be able to use them you have to open a Terminal window, write each of them in the command-line and hit ENTER to run them. If possible use a copy/paste technique to be sure you don’t miss any characters because you will be the only one responsible in case you break your system.
## Disable DVD or CD Sharing.
service com.apple.ODSAgent stop
## Disable Screen Sharing.
srm /Library/Preferences/com.apple.ScreenSharing.launchd
## Disable FTP.
launctl unload -w /System/Library/LaunchDaemons/ftp.plist
## Disable SMB.
defaults delete /Library/Preferences/SystemConfiguration/
com.apple.smb.server EnabledServices
launctl unload -w /System/Library/LaunchDaemons/nmbd.plist
launctl unload -w /System/Library/LaunchDaemons/smbd.plist
## Disable AFP.
launctl unload -w /System/Library/LaunchDaemons/
com.apple.AppleFileServer.plist
## Disable Web Sharing service.
launctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist
## Disable Remote Login.
service ssh stop
## Disable Remote Management.
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/
Resources/kickstart -deactivate -stop
## Disable Remote Apple Events.
launchctl unload -w /System/Library/LaunchDaemons/eppc.plist
## Disable Xgrid Sharing.
xgridctl controller stop
xgridctl agent stop
## Disable Internet Sharing.
defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -
dict Enabled -int 0
launctl unload -w /System/Library/LaunchDaemons/
com.apple.InternetSharing.plist
## Disable Bluetooth Sharing.
defaults -currentHost write com.apple.bluetooth PrefKeyServicesEnabled 0
Tip 2 - Secure local access to your system
Once you have stopped the unnecessary sharing services it is time to secure local access to your system. The easiest way to do this is by managing the users that can get administrative privileges on your system. In the UNIX world, obtaining such privileges means that you are able to use the sudo command that will allow you to run any command you want as the one and only superuser aka root.
Why is it important to restrict access to this command? Because if an intruder gains access to your Mac and manages to get his/her hands on the root account (its hands if it’s some kind of super hacking robot) then he/she can do anything he/she wants on your system besides removing pieces of hardware out of the case (although they can be disabled if the intruder has the necessary skills).
To restrict access to the sudo command on certain accounts and only allow the trusted users to be able to run commands as superuser you will have to edit the /etc/sudoers file using the “sudo visudo” command (without the quotes). Next, remove the line that begins with %admin and, for each user that you want to be able to get superuser privileges, add “user ALL=(ALL) ALL” (where user is the user’s shortname). Now what remains to be done is to save and quit.
After editing the /etc/sudoers file this way you will have to repeat the same steps if you add other users to the system and want them to be able to use sudo.
Tip 3 - Encrypt your home folder
Now that you have secured the network and local access to your system and data, the time has come to further reinforce protection by encrypting your home folder. The easiest way to accomplish such a task is to use FileVault, an integrated OS X application that will help you encrypt a user’s home folder and files.
FileVault acts by moving everything you have in your home folder to a bundle disk image that can be encrypted using AES-256 encryption. The only downside to using it is that it will only act locally and will not protect and/or encrypt any data that you decide to move to a removable device or over the network.
Despite the fact that FileVault is not able to protect data outside your home folder, you can still have a bit of security enabled for the data that you temporarily store outside your home directory. When deleting such data you can make sure no one will ever get access to it by securely deleting it. Which brings us to the next tip.
Tip 4 - Securely erase data from your hard drive
I’ve mentioned above that you can securely erase data from your hard drive, which means that an ordinary deletion will not do the trick if you do not want later attempts of retrieving your data from your hard disk to be successful. When you delete something from the drive the system will not actually send it to oblivion. The only thing it actually does is remove the information related to that certain piece of data from the file system. In other words, it just causes itself a bad case of amnesia.
Albeit this will render all your attempts to recover the files using less advanced methods unsuccessful, there still are ways to retrieve it if you have the necessary software. Such a solution is called recovery software and it will be successful in its task if the hard disk space your data has been on has not been overwritten.
To make sure you will always securely erase your data from Finder go to Finder’s Preferences, click on the Advanced tab and there check the “Empty Trash securely” entry.
There are of course other ways to securely delete data on your Mac using the Disk Utility, the srm command-line command, securely emptying the Trash using Finder’s “Secure Empty Trash” option. To get a more detailed overview on how you can use them just download Apple’s document from HERE and head over to the “Securely Erasing Data” sub-chapter.
Tip 5 - Intrusion detection system
What do you call a secure system without an intrusion detection system? Well you can call it anything you want but one thing is certain: there is no system out there that can be considered 100% secure (except maybe the ones with no Internet connection but even those can be stolen).
In case of an intrusion you definitely want to know everything possible related to it. As Apple says, an intrusion detection system is the answer to this problem, because it will allow you to easily monitor everything that happens on your Mac and to examine the data that gets transferred through the network interfaces.
The exact same system will be the one that will automatically alert you in case of suspicious activity and, most of the time, it will also prevent malevolent actions before they are even performed.
The intrusion systems that you can use are of two kinds: network based and host based. From the first category I recommend you to install and use the free HenWen security application for OS X that will allow you to run and configure Snort, which will scan the network for undesirable traffic. The second category’s performer in my opinion is the also free Radmind Assistant, a solution that acts as a tripwire, being able to quickly detect and reverse changes to file system objects like folders, files, links, etc.
Share and Enjoy:
Tags:apple,
Apple Events,
bluetooth,
document,
file sharing,
firewall,
ftp,
Internet,
Library,
Mac,
Mac OS,
Mac OS X,
macs,
os x firewall,
os x leopard,
Security,
security book,
security tips,
SSH,
Tip,
X Leopard
Related posts
Written by Jason on August 6th, 2008 with no comments.
Read more articles on 1340 and 1354 and 1426 and 1429 and 1673 and 169 and 2065 and 2157 and 401 and 544 and Apple and Contributors and Firewall and Internet and Mac and Security and file sharing and mac os x and tip.
PC security starts with an assessment of the security risks. The security of your computer depends on the operating system you are running. If you are running one of Microsoft’s Windows versions, then you are probably familiar with the security issues of earlier Windows versions. With the increased use of the internet, security has become an even more important issue. As such, it is no surprise that regular updates and patches to Windows XP and Vista are still released.
Obviously there is more to security than just the operating system. Every PC that is connected to the internet requires a firewall to keep out undesired internet traffic. Next to that, a good antivirus program is essential to keeping your PC safe.
But where do you start if you want to find out how secure your system is? You may think that you have all the required PC security in place, but how can you be sure? Well one of the first steps is to check the baseline security and Microsoft has a great free tool that enables you to check your system security.
There are a number of download links on the page, so make sure you pick the right one. The last 2 characters before the “.msi” indicate the language. The x64 stands for the 64 bit version and the x86 stands for the 32 bit version.
An installation wizard will guide you through the installation process. Once installation is completed, you can start the Baseline Security Analyzer through the icon on your desktop. The startup screen allows you to start a security scan of a computer.
If you click Scan a computer, the default suggestion is to scan the current computer, but you can also scan a different PC in your network if you know the name or IP address.
The program will download updated information and then start the security scan. After the scan, it will show you a report with the results.
You can now use this report to assess your system’s baseline security and fix any issues that you feel need improvement. Each issue that you find will have a link to “How to correct this”, with information on how to improve the PC security based on the issue found.
The Microsoft Baseline Security Analyzer is a great little tool to assess your PC’s security. Use it as a first step in improving your computer’s security, protecting you from internet attacks, viruses, malware and other security related PC problems.
Tags:Analyzer,
antivirus,
baseline security analyzer,
Computer,
firewall,
how to,
Internet,
internet security,
malware,
Microsoft,
pc security,
Security,
system security,
traffic,
Windows,
Windows Vista
Related posts
Written by Jason on August 1st, 2008 with no comments.
Read more articles on 1340 and 1354 and 1426 and 1429 and 1673 and 169 and 2065 and 2157 and 401 and 544 and Contributors and Firewall and Internet and Security and Windows Vista and antivirus and computer and how to and malware and microsoft and windows.
These days, security becomes a problem to more and more people. I am not talking about terrorism as we all know it, but you can consider this a form of terrorism too, because computer viruses are surely a tool of terror. Why do I say this? Well, the less you know about computer security, the more likely you’ll get frightened when your antivirus will detect “something,” or when your operating system will display error messages. Since knowledge is power, today I’ll provide you some valuable computer security advice, because that’s what you need, before anything else.
While most of you are probably using Windows, most of these tips apply to other operating systems, and some of them are also useful in real life situations, like interacting with people your don’t know if you can trust or not. All right, these being said, let’s see today’s 10 security tips, shall we?
1. Don’t rely on suppositions, and don’t EVER say “that can’t happen to me.” Try to find at least 10 minutes per week to find out more about latest threats and to get some computer security advice.
2. Use a good antivirus, and don’t rely on your friend’s advice regarding this matter. Go visit Checkmark, AV-Test.org and AV-Comparatives to see for yourselves that the program you’re going to spend some money for is really worth it…or not!
3. If your antivirus is not an all-in-one package, try using a firewall. My personal suggestion is Comodo Firewall Pro, one of the best out there, and also a free product! Obviously, you don’t have to take my word for granted, so feel free to check some of the many firewall test results available on the Internet.
4. Be careful with incoming email, especially when your antivirus is not capable of scanning incoming messages, or you have disabled this feature. Even friends can send viruses without knowing it, so always double check strange attachments.
5. Don’t use passwords easy to guess. Your phone number or your birth date can be easily found through trial-and-error, while a password like “7yhfX_8dh7z_1sZ3″ is not something one would guess. Try to make your passwords as complicated as needed so you won’t remember them, and store them in a safe location, like a USB drive.
6. Getting back to emails, don’t answer spam. If someone you don’t know sends you a message without sufficient identification data, better avoid answering too, although it may not look like spam.
7. Avoid sharing your personal documents on the network, as well as installing useless toolbars, programs you don’t need, and those coming from sources you can’t fully trust.
8. Keep your operating system and applications up to date, but don’t use automatic updates. Why? Some updates proved to do more damage than the threats they were supposed to fix, so my advice is to wait a few days after an update is issued, and check user feedback before taking that step.
9. Avoid Warez sites, because these are obvious sources of Trojans/spyware/viruses. I don’t have to say that using files you get from such sites is illegal in most cases, but sometimes only by accessing a Warez site you can end up with a virus.
10. Backup, backup, backup! USB drives are extremely cheap these days, and so are DVD discs. Spare at least 30 minutes per week to save your latest documents on a disc or a USB drive, and keep the backups in a safe place. Your data is far more valuable than the hardware used to store it, so don’t suppose your hard drive won’t crash. The warranty can replace the dead drive, but won’t bring back your data!
This is it. I know some of the computer security advice above may seem obvious, but this is like learning to write, especially for beginners. The key is to repeat it all until you’ll find the security measures above to be as natural as breathing. If you have some computer security advice I missed and you’d like to share with the rest of us, please drop your comment below, your effort will be highly appreciated. Thank you in advance!
Tags:AntiVir,
antivirus,
Avoid,
backup,
Computer,
computer security,
error,
ETW,
firewall,
incoming email,
install,
Internet,
knowledge,
problem,
program,
Security,
security advice,
security tips,
Spyware,
Windows
Related posts
Written by Jason on July 8th, 2008 with no comments.
Read more articles on 1354 and 1426 and 1429 and 1673 and 169 and 2065 and 2157 and 401 and 544 and Backup and Contributors and ETW and Firewall and Install and Internet and Security and Spyware and antivirus and computer and computer security and error and problem and program and windows.
1. Vista screensavers in windows xp
2. Download Windows Firewall with Advanced Security
3. Windows SteadyState for Vista and XP
4. The beginner’s guide for portable applications - part 1
5. Download Windows Installer 4.5
6. How Does Windows Product Activation Work
7. Microsoft Offers TCP/IP Fundamentals for Windows
8. Access Sysinternals utilities over the web with command prompt
9. TOP10 - June 2008 Popular Tips
10. XP SP3, Some Problems Emerge
and other popular tips
Tags:Activation,
Advanced,
command,
download,
firewall,
Microsoft,
popular,
Security,
TCP,
TCP/IP,
tips,
Top,
top10,
Windows,
windows vista,
windows xp,
xp sp3
Related posts
Written by Jason on July 1st, 2008 with no comments.
Read more articles on 1354 and 1426 and 1429 and 1673 and 169 and 2065 and 2157 and 401 and 544 and Activation and Contributors and Firewall and Security and TCP and TCP/IP and Tips and Top and Windows Vista and Windows XP and Xp Sp3 and command and computer and download and microsoft and popular and top10 and windows.
This guide shows you how to allow computers to connect to a computer and use it remotely via Remote Desktop.
The only Windows Vista versions than can be connected to via Remote Desktop are Business, Enterprise, and Ultimate editions. All versions of Windows Vista can use Remote Desktop to remote to another computer though.
Enable Remote Desktop
1. Right-click Computer in the Start menu and then select Properties.
2. Click Remote settings in the Tasks list on the left side of the System window.
3. Select Allow connections from computers running any version of Remote Desktop if computers connecting to it will only be from within a local network or are running versions of Windows other than Vista. Select Allow connections only from computers running Remote Desktop with Network Level Authentication if computers connecting to it will connect from the internet or all computers connecting will be Windows Vista.
4. Click OK to save your changes.
Note: If you’re using the Windows Vista firewall, Remote Desktop will automatically be allowed through it. If you’re using another firewall, you’ll need to open port 3389 to allow Remote Desktop connections.
Select Remote Desktop Users
If you have a user account(s) that do not have administrative credentials and you want to use to log in when connecting with Remote Desktop, follow these instructions.
Note: All user accounts with administrative rights are automatically allowed to log in using Remote Desktop.
1. Open the Remote tab in the System Properties window (see instructions above).
2. Click the Select Users button in the Remote tab of the System Properties window.
3. Click Add in the Remote Desktop Users window.
4. Click the Advanced button in the Select Users window.
5. Click the Find Now button.
6. Select the user you want to add to the list of users able to log in with Remote Desktop and then click OK.
7. Click OK in the Select Users window.
Note: Make sure the user you’ve just added is in the object names box.
8. Click OK in the Remote Desktop Users window.
9. Click OK in the System Properties window.
Tags:Advanced,
business,
Computer,
connection,
Desktop,
Enterprise,
firewall,
how to,
Internet,
Level,
local network,
Network,
remote desktop,
Settings,
Ultimate,
Windows,
windows vista,
windows vista versions
Related posts
Written by Jason on June 27th, 2008 with no comments.
Read more articles on 1354 and 1426 and 1429 and 1673 and 169 and 2065 and 2157 and 401 and 544 and Business and Contributors and Desktop and Enterprise and Firewall and Internet and Network and Settings and Ultimate and Windows Vista and computer and connection and how to and windows.
Both Windows Vista and Windows Server 2008 include the next-generation of Windows Firewall, which has become a standard aspect of Microsoft’s client and server operating systems. Windows Firewall with Advanced Security, although not marketed as a replacement for more complex solutions designed to manage network traffic, has the advantage that it ships as a default component integrated with the platforms. On top of this, Windows Firewall with Advanced Security is not as simplistic as it might appear. This is why Microsoft has made available for download a complex design guide of the product.
Windows Firewall with Advanced Security “can filter the network traffic permitted to enter the computer from the network, and also control what network traffic the computer is allowed to send to the network. Windows Firewall with Advanced Security supports IPsec, which enables you to require authentication from any computer that is attempting to communicate with your computer. When authentication is required, computers that cannot authenticate cannot communicate with your computer. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between computers,” revealed Microsoft’s Dave Bishop.
The bottom line is that Windows Firewall with Advanced Security, featured in Windows Server 2008, Windows Vista (with or without SP1) does much more than offer protection to computers against malicious network traffic. In this regard, the Design Guide will offer a wide array of recommendations set up to enable users to take advantage of everything that Windows Firewall with Advanced Security has to offer. Details such as planning for exemption lists, Isolated Domains, Boundary and Encryption Zones, as well as for Network Access Groups and many more are all described in the Guide.
“The interface for Windows Firewall with Advanced Security is much more capable and flexible than the consumer-friendly interface found in the Windows Firewall Control Panel. They both interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel meets the needs for protecting a single computer in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment,” Bishop added.
Windows Firewall with Advanced Security Design Guide is available for download here.
Tags:access,
Computer,
control panel,
download,
encrypt,
encryption,
firewall,
Management,
Microsoft,
Network,
Security,
Windows,
windows firewall,
windows vista
Related posts
Written by Jason on June 9th, 2008 with no comments.
Read more articles on
