Avoid file-sharing risks
Editor’s Note: The following article is an excerpt from the just-released Take Control of Sharing Files in Leopard, a $10 electronic book available for download from TidBits Publishing. The 89-page ebook looks in depth at everything that's involved with file sharing between a few Macs, among a mixed-platform office workgroup, and between distant computers on the Internet.
In Take Control of Sharing Files in Leopard , I help you identify the right computer setup for exchanging files among users in your situation, with a particular emphasis on users working on networked computers. But before digging into the details of how to share files, we need to consider the risks of file sharing and possibly take action to avoid them.
And, no, I’m not talking about storm troopers of the Recording Industry Association of America * bursting into your bedroom—that’s only a concern if you’re using peer-to-peer file-sharing networks to share works that aren’t licensed for that kind of sharing.
Rather, you risk having unintended others accessing your files or abusing your storage space. This can happen even if you share files only over your local network; unless you set up a firewall or other protection, you may unintentionally leave your files available to outsiders. It can also happen if you don’t carefully protect your passwords while you work on insecure networks: your file servers could be hijacked using your own accounts.
* Tip : The RIAA would like you to believe that sharing any music is illegal. Not so. Some music is licensed under broad terms that encourage sharing, such as forms of the Creative Commons license, a standard set of copyright terms designed to make it easy to retain rights while allowing reuse and distribution of any creative work. Some bands also explicitly allow trading of music recorded at live shows, or certain tracks they release online. See Creative Commons for more details.
Problems with open servers
Our Windows brethren have long been aware of the problem of accidentally running an open file server, because before Windows XP, Microsoft’s default configuration made it easy to turn on file sharing without any protection. On the first cable-modem networks, which work essentially like large Ethernet networks, people could troll through their neighbors’ unprotected files with abandon. Whoops.
The Internet is so large and so fast, and full of so many jokers, that it has become something like a large local network. If you purposely or accidentally expose more than you intended, it’s likely that some automated evil—a scanning program that looks for open fileserver connections—will suck down your data. Less maliciously, however, because search engines like Google follow all links from public Web pages, many Word, PDF, and other files have entered Google’s maw unintentionally from an obscure but linked location of a Web site.
Worse, if your computer is hijacked (taken over) by crackers, it could become a depository for warez, which is the slang name for pirated software. A number of years ago, I ran an FTP site with a few files in it, but I misconfigured it to allow both read and write access to anyone. A huge spike in bandwidth led me to discover hundreds of megabytes of pirated materials uploaded by others. Even though you probably wouldn’t face legal action for your negligence (though that’s not a guarantee these days), you could lose time and money cleaning up the problem, and your ISP might sever your Internet connection for violation of their acceptable use policies.
If you think unintentionally hosting pirated software is bad, it could be worse. Your server could also become a repository of child pornography. Some countries, including the United States, have presumptive guilt. Mere possession can get you thrown in jail, fined, or otherwise sanctioned, and require a long process to clear your name. Many reports over the last couple of years have revealed that a large percentage of spam and pornography is served from hijacked computers.
There’s one more scenario that stinks: if anyone can write files to a drop box on your server (even if no one can read those files once uploaded), a malicious jerk could upload hundreds of megabytes of crud, saturating your available bandwidth and filling your server’s hard disk, and making the machine unreachable until you clean up the unwanted files. This sort of vandalism may sound unlikely, but with all the hijacked computers in the world, it’s all too easy, and it does happen.
Warning: Even running peer-to-peer software for legitimate purposes distributing legal files could cause you difficulty. For instance, a few years ago, Take Control publisher Adam Engst downloaded legally distributed audio files of musicians performing at the South by Southwest (SXSW) music festival via BitTorrent, the festival’s preferred distribution method. Unfortunately, he left BitTorrent running, became a seed node, overloaded his long-range wireless link, and was temporarily shut down by his ISP.
Recommendations for avoiding risks
I recommend that before you turn any type of file sharing on, you think carefully about who needs access, and what kind of access they need. Here are some specific recommendations:
Set up specific accounts for users who need access: Most of the time, you should set up an individual account for each user or you should set up a single account to be shared by a group of users who need access to files.
If you are sharing files from a Mac running Leopard, you can set up a Sharing Only account that provides limited access, and a Sharing Only account may be most appropriate for limiting users’ access to only the files they need.
You should also restrict users’ ability to write files to the file server, using techniques such as these:
Tip : If you’ve never configured a file server before, you might not know that you can control the extent to which other users (or even yourself, when logged in as a user) can work with files stored on the server. For instance, you can let users just read files and browse folders; or just upload files without then seeing that they uploaded; or read, write, delete, and otherwise totally control a volume.
Limit where guests or anonymous users can upload files: You can quickly get in trouble if users who don’t need an account to gain access to your server can write files. Generally, don’t let guests write files. If there’s a reason for it, set up a write-only or drop-box folder into which they can copy or upload files but cannot read the contents or copy files out.
Make sure that iDisk HomePage users assign a password to the HomePage area: iDisk has several ways to share files that are risky if you don’t read Apple’s well-written instructions. For instance, you can assign a password to your Public Folder on iDisk that allows others to access it via WebDAV. However, if you enable Web-based sharing through HomePage, you must assign another password in the HomePage area. (For an existing site, click Protect This Site at the top of the page, or select a site and click Edit to the right below the listing.) If you don’t assign a password, anyone can gain access to those files over the Web if they know the URL.
Test your setup: I typically test any file-sharing setup by using another computer with no login privileges to see what I can get to without a user name. Can I read and write files when I shouldn’t? Am I gaining anonymous access when I should be asked for a password? I tweak until I get it exactly right. Have a friend test it from outside your network, too.
Add a firewall: If you’re even slightly concerned about who might access files you are sharing from your network, you can turn on a firewall. The firewall that’s part of Leopard is woefully restrictive, however, focusing on applications and their capability to receive data. Instead, I suggest that you install a full-featured firewall that lets you control which IP addresses can access a precise set of servers on your machine.
Some Wi-Fi and broadband routers include full-featured firewall software that can protect an entire network, including network-attached storage; Apple’s AirPort Extreme does not.
For an individual Mac, two firewall packages for Mac OS X that accomplish advanced protection tasks have been updated at this writing, more will likely follow:
Tip : There’s such a thing as being too observant. One of my editor friends at a publishing house was convinced her Panther system was the victim of viruses and attacks. It wasn’t, as far as I could determine. Instead, her discovery of a Windows-focused worm probing her networked computers—a typical automated cracking behavior—led her to set her firewall settings for so much logging and rejection that it bogged down her system to an almost unusable level.
Currently, neither I nor any of my colleagues know of any way that someone can connect to a Leopard system that’s sharing files and gain access to control the computer or install and execute programs on it. This doesn’t mean it can never happen.
Set your firewall for sharing files
A firewall creates a virtual barricade between one part of a network and another, preventing all kinds of data from passing in and out, depending on how the firewall is configured. A firewall can protect an entire network, but more typically, you install a firewall on a single computer to prevent other computers on a local network or the Internet from accessing any services that you haven’t specifically allowed.
To turn on Leopard’s built-in firewall service, open the Firewall view of the Security system preference pane. You have three distinct options to choose among:
If you have any Sharing services enabled, they appear at the top of the list below Limit Incoming Connections. If you have chosen to control incoming access for specific applications—including Apple programs like iPhoto or iTunes that add themselves to the list with your permission when you enable sharing within those programs—they appear in this list, too. When both services and applications are shown in the list, they’re separated by a line with services on top and applications on the bottom.
Whenever you turn on or off any service, it is added or removed from this list to create or remove an exception to the firewall. If you launch a program that needs access from the outside world, Mac OS X prompts you for permission to allow such access; if you agree, the application is automatically added.
You can also click the plus (+) button to add an application to the list. Or, to remove an application from the firewall settings, select it from the list and click the minus (-) button.
The Firewall view lets you control how the outside world reaches your computer’s services and applications.
Each application can be set to Block Incoming Connections or Allow Incoming Connections, but the setting applies only if you chose Limit Incoming Connections as your overall approach (as seen on the right).
The firewall for Leopard lacks the fine-grained ability that Tiger offered to control access based on ports (see the note below). Port-based access control is a typical feature of a firewall, and it’s odd that Apple changed its philosophy here.
Apple’s firewall has never offered control over which IP addresses or ranges were allowed or banned. Most firewalls can monitor for abuse and lock out specific addresses or networks, or make sure only authorized parties have access by allowing access to a services from only a few addresses.
If you need this level of control or need to control access to services that aren’t supplied with Mac OS X, you need a third-party firewall—such as one of those listed a few pages earlier, or a router with firewall functions built in. These firewalls allow more elaborate rules to permit—among other purposes—file-sharing traffic to pass if you’re trying (wisely) to restrict who connects to your computer. See the table below for the ports you must enable for each service.
Ports to Enable for Different File Sharing Services
|FTP||Incoming 20 and 21, both UDP and TCP, and incoming ports 1024 through 65535 only when queried from another machine’s ports 20 and 21||FTP clients send requests from ports 20 and 21, but if passive FTP is enabled on the client&8212;an option required for some firewalls—the client connects from a high-numbered port.|
|Web||80, 443||80 is regular Web, 443 is the secure version|
|Samba||136-139, 445||Apple opens just port 139 for Samba, but other ports might be required for various Windows networking services.|
Note: Ports 443 and 4500 are needed to enable Leopard’s Back to My Mac feature .
A note on ports: A port is to an IP address like an apartment number is to an apartment building: ports are used to offer services, like file sharing or a Web server, and Internet-enabled software knows at which ports services are typically found. Ports can handle one of two forms of IP data: TCP and UDP. You may be familiar with the name TCP from TCP/IP, the area in the Network preference pane for each adapter in which you set up connectivity. But TCP is one form of wrapping up data; UDP is the other. TCP is typically used for communications in which ever bit of data is important; UDP is often used for streaming media where losing some data doesn’t affect overall reception.
You can configure Leopard’s firewall with one special feature for greater security—Stealth Mode. To access it, from the Firewall view, click the Advanced button.
The Stealth Mode option in the Firewall view lets you lock down Leopard tight as a sealed drum.
Check Enable Stealth Mode (as seen in the screenshot) to make your Mac appear essentially invisible to the outside world. Your computer won’t respond in any way to queries from the outside world that try to see if any port has a service behind it. This is a recommended approach for keeping a low profile. All outbound connections that your Mac originates will still work.
Protect Your Passwords
The last part of protecting your file-serving system is to make sure that neither you nor any of your remote users inadvertently let slip the passwords that are used to access it. Should a password fall into the hands of an unauthorized person, the contents of your read-only repositories will suddenly be available that person. And, a read/write server could be compromised with stolen software, as I noted above.
Web and FTP services that use passwords don’t protect those passwords, nor do they scramble the data that passes back and forth from a client to a server. So, if users connect to your file services over a Wi-Fi hotspot in a public location such as a coffee shop or airport—they should use either a virtual private network (VPN) that encrypts all network traffic or an encrypted version of FTP. They should avoid Samba, too, which poorly protects passwords, and non-SSL-based WebDAV.
Tip : If you don’t have access to a VPN server, and most of us don’t, you can “rent” this encrypted service from WiTopia for $40 per year or publicVPN for $6 per month or $60 per year. Both firms provide a simple way to start or stop a VPN connection. (WiTopia uses a separate application; publicVPN uses built-in Mac OS X support.)
[Glenn Fleishman is editor of Wi-Fi Networking News, a contributing editor for TidBits, the Practical Mac columnist for The Seattle Times, and a regular contributor to Macworld . His latest book is Take Control of Sharing Files in Leopard ( TidBits Publishing, 2007). ]