Mac Security: Fact and Fiction

Page 3 of 6

When I’m using a wireless network at home, I’m totally safe.

TRUE and FALSE Wireless Wi-Fi networks use radio waves, which often extend well beyond the four walls of your home. That’s no big deal if most of the inhabitants of your neighborhood are crickets, but if you live in an apartment building or a dense urban area, it’s easy for a neighbor or a visitor to a nearby business to hop onto the network. Less frequently, people might make it their mission to enter your network and try to access your computers.

Because you’re not a Windows user, there’s no current need to worry about people on your AirPort network corrupting your computer with viruses or malevolent programs. So far, there’s no such animal that doesn’t also require an administrative password. But you should be concerned if your network has no protection. In that case, someone could try to connect to your computers and browse your shared folders.

By default, guests can connect only to the Public folder in each user’s Home directory, which means they can see only files that you’ve placed there on purpose. If you don’t want uninvited guests to access that, secure your computers. Go to System Preferences: Sharing: Services, and turn off Personal File Sharing, Windows Sharing, Personal Web Sharing, and FTP Access.

Locking Down the Airwaves If you don’t want to risk anyone connecting to your computer, turn on wireless security. Under AirPort, you can enable WEP (Wired Equivalent Privacy). It’s not the best security standard, but it will rebuff all but determined crackers. If you use AirPort Extreme and all of your computers are running Panther or Windows XP, you can opt for the stronger WPA (Wi-Fi Protected Access). Here’s how to turn WEP or WPA on:

1. Launch AirPort Admin Utility (Applications: Utilities).

2. Connect to your base station. (Configure all base stations this way if you have more than one with the same settings.)

3. Click on Change Wireless Security.

4. Choose WPA Personal or 128-bit WEP.

5. For WPA, enter a long passphrase that contains letters and numbers in the Network Password field, and verify it by re-entering it in Verify Password. A phrase like “M*y ct hAZZ fleez9!” is better than “My cat has fleas.” The former has no words a cracker can discover using a dictionary attack (when a program tries to find a password by combing through and combining all the words in a dictionary).

6. Click on OK.

7. Click on Update to restart the base station.

On each computer that connects to this base station, use the AirPort menu to connect, choose the method of encryption that you chose in the AirPort Admin Utility, and enter the passphrase. Change it regularly for greater security.—GLENN FLEISHMAN

When I’m using a public hotspot, all of my passwords are being stolen.

TRUE It’s not literally true that your passwords for e-mail, FTP (File Transfer Protocol), and Web sites are always being nabbed whenever you use Wi-Fi in a coffee shop, a hotel lobby, or an airport. But the potential is so high that you might as well consider it to be true.

People connecting to the same Wi-Fi network can see all the data passing over it if they have readily available free packet-sniffing software installed, and they can snatch your passwords, e-mail messages, and files out of the air.

Safe Passage for Particular Data If you lug a laptop around for business or for pleasure, you can secure your Internet activities one by one. For instance, encrypt your e-mail using a Web mail service that supports SSL (Secure Sockets Layer) for browsing or that can secure POP, IMAP, and SMTP with SSL. All major Mac e-mail clients include SSL support. In Apple’s Mail, go to the Accounts pane in Preferences and select the Use SSL option in Account Information: Server Settings (outgoing e-mail) and the Advanced tab (incoming e-mail). Another option is FastMail (free to $40 per year, depending on service level), which offers secure browsing and secure e-mail.

Web designers often need to transfer files to update Web sites while on the road. You can encrypt FTP using SFTP (Secure FTP). If you’re running your own FTP server on OS X, turn on SSH (Secure Shell) on the machine that has the file repository. Go to System Preferences: Sharing: Services and turn on Remote Login and FTP Access. There is an increasingly large number of Web hosts that also support SFTP for transferring files. You need an SFTP-equipped FTP program such as Interarchy, too, on the computer that’s connected to your repository.

When you shop or bank online, your data is almost always already secured with SSL. But if you hate the idea of your surfing being observed, use a service such as Secure-Tunnel, which offers free anonymous surfing. Secure surfing costs $8 per month.

Private Networks in Public Places If you want a more comprehensive way to protect your wireless activities when you’re out and about, consider securing your sessions with a virtual private network (VPN) connection. A VPN encrypts all the data that enters and leaves a computer over a network connection, such as AirPort, preventing all snooping.

VPNs aren’t just for corporations anymore. OS X Server 10.3 (Panther) includes both flavors of VPN servers currently in wide use. The regular version of Panther includes a VPN client. (Go to Applications: Internet Connect, and select File: New VPN Connection).

If you don’t have your own Panther server, subscribe to a VPN service—for example, HotSpotVPN. This site charges $9 per month for unlimited VPN connections to its VPN servers located at high-speed data centers, from which your Internet traffic is then relayed out to the rest of the world.

Pick a Secure Connection Finally, at Starbucks, FedEx Kinko’s, Borders, and other T-Mobile HotSpot locations, you can connect to the Internet securely from within Panther through T-Mobile’s 802.1x service, a for-fee network that lets you log in without using the typical gateway Web page that greets you. Instead, you log in just as you would to a dial-up network. The hotspot’s login server then automatically provides your system with a unique encryption key that protects your data from everyone on the same network.—GLENN FLEISHMAN

If you don’t want uninvited guests hopping onto your wireless network and browsing your public folders, turn off file-sharing services.
| 1 2 3 4 5 6 Page 3
Shop Tech Products at Amazon