Avoid file-sharing risks
Editor’s Note: The following article is an excerpt from the just-released Take Control of Sharing Files in Leopard, a $10 electronic book available for download from TidBits Publishing. The 89-page ebook looks in depth at everything that's involved with file sharing between a few Macs, among a mixed-platform office workgroup, and between distant computers on the Internet.
In Take Control of Sharing Files in Leopard , I help you identify the right computer setup for exchanging files among users in your situation, with a particular emphasis on users working on networked computers. But before digging into the details of how to share files, we need to consider the risks of file sharing and possibly take action to avoid them.
And, no, I’m not talking about storm troopers of the Recording Industry Association of America * bursting into your bedroom—that’s only a concern if you’re using peer-to-peer file-sharing networks to share works that aren’t licensed for that kind of sharing.
Rather, you risk having unintended others accessing your files or abusing your storage space. This can happen even if you share files only over your local network; unless you set up a firewall or other protection, you may unintentionally leave your files available to outsiders. It can also happen if you don’t carefully protect your passwords while you work on insecure networks: your file servers could be hijacked using your own accounts.
* Tip : The RIAA would like you to believe that sharing any music is illegal. Not so. Some music is licensed under broad terms that encourage sharing, such as forms of the Creative Commons license, a standard set of copyright terms designed to make it easy to retain rights while allowing reuse and distribution of any creative work. Some bands also explicitly allow trading of music recorded at live shows, or certain tracks they release online. See Creative Commons for more details.
Problems with open servers
Our Windows brethren have long been aware of the problem of accidentally running an open file server, because before Windows XP, Microsoft’s default configuration made it easy to turn on file sharing without any protection. On the first cable-modem networks, which work essentially like large Ethernet networks, people could troll through their neighbors’ unprotected files with abandon. Whoops.
The Internet is so large and so fast, and full of so many jokers, that it has become something like a large local network. If you purposely or accidentally expose more than you intended, it’s likely that some automated evil—a scanning program that looks for open fileserver connections—will suck down your data. Less maliciously, however, because search engines like Google follow all links from public Web pages, many Word, PDF, and other files have entered Google’s maw unintentionally from an obscure but linked location of a Web site.
Worse, if your computer is hijacked (taken over) by crackers, it could become a depository for warez, which is the slang name for pirated software. A number of years ago, I ran an FTP site with a few files in it, but I misconfigured it to allow both read and write access to anyone. A huge spike in bandwidth led me to discover hundreds of megabytes of pirated materials uploaded by others. Even though you probably wouldn’t face legal action for your negligence (though that’s not a guarantee these days), you could lose time and money cleaning up the problem, and your ISP might sever your Internet connection for violation of their acceptable use policies.
If you think unintentionally hosting pirated software is bad, it could be worse. Your server could also become a repository of child pornography. Some countries, including the United States, have presumptive guilt. Mere possession can get you thrown in jail, fined, or otherwise sanctioned, and require a long process to clear your name. Many reports over the last couple of years have revealed that a large percentage of spam and pornography is served from hijacked computers.
There’s one more scenario that stinks: if anyone can write files to a drop box on your server (even if no one can read those files once uploaded), a malicious jerk could upload hundreds of megabytes of crud, saturating your available bandwidth and filling your server’s hard disk, and making the machine unreachable until you clean up the unwanted files. This sort of vandalism may sound unlikely, but with all the hijacked computers in the world, it’s all too easy, and it does happen.
Warning: Even running peer-to-peer software for legitimate purposes distributing legal files could cause you difficulty. For instance, a few years ago, Take Control publisher Adam Engst downloaded legally distributed audio files of musicians performing at the South by Southwest (SXSW) music festival via BitTorrent, the festival’s preferred distribution method. Unfortunately, he left BitTorrent running, became a seed node, overloaded his long-range wireless link, and was temporarily shut down by his ISP.
Recommendations for avoiding risks
I recommend that before you turn any type of file sharing on, you think carefully about who needs access, and what kind of access they need. Here are some specific recommendations:
Set up specific accounts for users who need access: Most of the time, you should set up an individual account for each user or you should set up a single account to be shared by a group of users who need access to files.
If you are sharing files from a Mac running Leopard, you can set up a Sharing Only account that provides limited access, and a Sharing Only account may be most appropriate for limiting users’ access to only the files they need.
You should also restrict users’ ability to write files to the file server, using techniques such as these:
Tip : If you’ve never configured a file server before, you might not know that you can control the extent to which other users (or even yourself, when logged in as a user) can work with files stored on the server. For instance, you can let users just read files and browse folders; or just upload files without then seeing that they uploaded; or read, write, delete, and otherwise totally control a volume.
Limit where guests or anonymous users can upload files: You can quickly get in trouble if users who don’t need an account to gain access to your server can write files. Generally, don’t let guests write files. If there’s a reason for it, set up a write-only or drop-box folder into which they can copy or upload files but cannot read the contents or copy files out.
Make sure that iDisk HomePage users assign a password to the HomePage area: iDisk has several ways to share files that are risky if you don’t read Apple’s well-written instructions. For instance, you can assign a password to your Public Folder on iDisk that allows others to access it via WebDAV. However, if you enable Web-based sharing through HomePage, you must assign another password in the HomePage area. (For an existing site, click Protect This Site at the top of the page, or select a site and click Edit to the right below the listing.) If you don’t assign a password, anyone can gain access to those files over the Web if they know the URL.
Test your setup: I typically test any file-sharing setup by using another computer with no login privileges to see what I can get to without a user name. Can I read and write files when I shouldn’t? Am I gaining anonymous access when I should be asked for a password? I tweak until I get it exactly right. Have a friend test it from outside your network, too.
Add a firewall: If you’re even slightly concerned about who might access files you are sharing from your network, you can turn on a firewall. The firewall that’s part of Leopard is woefully restrictive, however, focusing on applications and their capability to receive data. Instead, I suggest that you install a full-featured firewall that lets you control which IP addresses can access a precise set of servers on your machine.
Some Wi-Fi and broadband routers include full-featured firewall software that can protect an entire network, including network-attached storage; Apple’s AirPort Extreme does not.
For an individual Mac, two firewall packages for Mac OS X that accomplish advanced protection tasks have been updated at this writing, more will likely follow:
Tip : There’s such a thing as being too observant. One of my editor friends at a publishing house was convinced her Panther system was the victim of viruses and attacks. It wasn’t, as far as I could determine. Instead, her discovery of a Windows-focused worm probing her networked computers—a typical automated cracking behavior—led her to set her firewall settings for so much logging and rejection that it bogged down her system to an almost unusable level.
Currently, neither I nor any of my colleagues know of any way that someone can connect to a Leopard system that’s sharing files and gain access to control the computer or install and execute programs on it. This doesn’t mean it can never happen.