Defending Your Mac from Net Attacks


The Internet is a major source of threat to the health and well-being of your Macs and the network to which they are connected. You face two fundamental types of threats: viruses and hackers. Although viruses receive more media attention, defending against viruses is easier than defending against attacks from hackers. However, with some relatively simple activity, you can protect yourself from both threats.

Defending Your Mac from Virus Attacks

No matter what level of computer user you are, because of the extensive media hype about viruses, you are likely to be keenly aware of them. Although many viruses are relatively harmless, some viruses can do damage to your machine. Part of practicing smart computing is understanding viruses and taking appropriate steps to protect your machine from them.

CAUTION

Under previous versions of the Mac OS, there were many fewer viruses on the Mac platform than for Windows or other operating systems. And, as of the release of Mac OS X, version 10.4, this is still the case. However, because Mac OS X is based on Unix, Unix viruses can be a threat to machines running Mac OS X. Until this threat is more fully understood, Mac OS X users would do well to pay additional attention to virus threats.


Understanding the Types of Viruses

Although there are many types of individual viruses, there are two major groups of viruses of which you need to be aware:

  • Application viruses These viruses are applications that do something to your computer. What they do might be as harmless as displaying a silly message or as harmful as corrupting particular files on your hard drive.

  • Macro viruses A macro virus can be created in and launched by any application that supports macros (such as the Microsoft Office applications). When you open a file that has been infected by a macro virus, that virus (the macro) runs and performs its dirty deed.

Covering the multitude of viruses that are out there is beyond the scope of this book and, besides, there is no real need to become an expert on the viruses that exist. It is more important to understand how to protect yourself from these viruses and be able to recover from an infection should one occur.

Preventing Virus Infection

I hate to use this cliché, but when it comes to viruses, an ounce of prevention is indeed worth a pound of cure. The main way to avoid viruses is to avoid files that are likely to have viruses in them. Following are some practices to help you "stay clean":

  • Find and use a good antivirus software program; keep the virus definitions for that application up-to-date.

  • Be wary when you download files from any source, particularly email. Even if an email is apparently from someone you know, that doesn't mean the attachments it contains are safe. Some users will unknowingly transmit infected files to you (especially beginning users). Some viruses can use an email application to replicate themselves. Before you open any attachment, be sure it makes sense given who the sender appears to be.

  • When you do download files, download them from reputable sites, such as magazine sites or directly from a software publisher's site. These sites scan files for viruses before making them available so your chances of getting an infected file are lower. Remember the expression, "Consider the source."

  • After you download a file, run your antivirus software on it to ensure that it isn't infected. Most programs let you designate the folder into which you download files and automatically check files in this folder.

Identifying Virus Infection

Even with good preventive measures, your Mac might occasionally become infected. Hopefully, you will find out you have been infected by being notified by your antivirus softwarethat means it is doing its job. But if you suddenly notice that your computer is acting peculiarly, you might have become infected. What does acting peculiarly mean? Viruses can have many different effects on your computer; some of the more common effects are the following:

  • Weird messages, dialog boxes, or other unexpected interface elements Sometimes viruses make themselves known by presenting something odd onscreen. So, if you suddenly see a strange dialog box, you might have stumbled across a virus (for example, one of the Word macro viruses causes a happy face to appear in Word's menu bar). They can also cause menu items to disappear or be changed in some way.

  • Loss in speed Viruses often make your computer work more slowly.

  • Disappearing files Some viruses cause files to be deleted or hidden.

  • Errors Many viruses cause various errors on your computer and prevent applications from working properly. If you haven't changed anything on your machine for a while and you suddenly start experiencing errors, you should check your computer for a possible infection.

Using Antivirus Software

Although the best defense against viruses is being very careful about the files you transfer onto your machine, you should also obtain and use a good antivirus application. Good antivirus applications generally perform the following functions:

  • Monitor activity on your computer to identify potential infection

  • Periodically scan your drives to look for infections

  • Notify you if an infection is discovered

  • Repair the infected files and eliminate the virus

  • Delete infected files if repairing them is impossible

  • Enable you to identify particular folders that should be scanned automatically, such as the folder into which you download files

  • Update themselves automatically

NOTE

Most viruses are identified by their code. The antivirus software knows about the virus's code through its virus definition file. As new viruses appear, this virus definition file needs to be updated so that the new viruses will be recognized as being viruses. You can usually obtain an updated virus definition file from the website of the manufacturer of your antivirus software. Most programs automate this process and can update the virus definition at intervals you set.


NOTE

One of the important things to look for in an antivirus program is that it can detect and repair macro viruses. Macro viruses are easy to create and spread, and some of them are quite nasty.


As with previous versions of the Mac OS, there are several major antivirus applications, including Norton AntiVirus for Mac and Virex.

These applications provide most of the features in the previous list, and they work well. You should obtain and use one of these applications to protect your Mac against viruses and to repair your Mac should it become infected.

If you have a .Mac account, you can download a free copy of Virex. When you download and install Virex, you can keep its virus definitions current and access other virus resources as well.

To get more information about Virex and to download it (if you have a .Mac account), visit www.mac.com and click the .Mac tab.

Viruses and You

Frankly, viruses are less of a problem than they appear to be from the tremendous amount of media hype they receive, especially for Mac users. Most of the time, you can protect yourself from viruses by being very careful about the files you receive in email or download from the Web. Because the only way for a virus to get onto your machine is for you to accept a file in which it is contained, you can protect yourself from most viruses by using common sense. For example, if you receive an email containing an oddly titled attachment (such as the famous I Love You file), you should either request more information from the sender before you open the file or simply delete the message.

This is one case is which being in the minority as a Mac user is beneficial. The vast majority of viruses are designed for Windows machines and have no affect on a Mac.

Adding and using an antivirus application makes your machine even safer, but if you are very careful about downloading files, you might find that you can get by just fine without one.


Defending Your Mac Against Net Hackers

If you have a broadband connection to the Internet such as a cable or DSL modem, being attacked by hackers is a much more real threat than are viruses. And with a broadband connection, you will be attacked, daily if not hourly or even more frequently. Hackers are continuously looking for machines they can exploit, either to do damage to you or to use your machine to do damage to others (such as using your machine to launch a spam attack). Most of these attacks are carried out by applications, so they can be both automatic and continuous.

CAUTION

Never expose a machine containing sensitive or production data to a broadband connection without protecting that machine from network attack. Doing so makes everything on such a machine vulnerable to exposure to a hacker, and the machine itself can be used to carry out attacks on other networks and machines.


There are two fundamental ways you can prevent your Mac from being hacked through your broadband Internet connection: Use a server/hub to isolate the machines on your network from the outside world or use a software firewall to protect each machine on the network from attack.

Using a Server and Firewall to Protect Your Network

You can isolate the machines on your network from attack by placing a physical barrier between them and the public Internet. You can then use a Dynamic Host Configuration Protocol (DHCP) server that provides network address translation (NAT) protection for your network, or you can add or use a hub that contains a more sophisticated firewall to ensure that your network can't be violated. A benefit to these devices is that you can also use them to share a single Internet connection.

To learn how to install and use a DHCP server or firewall, p. 973.


NOTE

One of the easiest and best ways to protect machines on a local network from attack and to share an Internet connection is to install an AirPort base station. These devices provide NAT protection for any computers that obtain Internet service through them, and for most users, this is an adequate level of protection from hacking.


Using a Software Firewall to Protect Your Network

You can also install and use a software firewall; a software firewall prevents unexpected access to your Mac from the Internet. Software firewalls can be quite effective and might be the best solution if you have only a single Mac connected to the Internet.

CAUTION

Unlike a hardware firewall or NAT hub, a software firewall must be installed on each computer attached to your network.


A software firewall works by blocking access to specific ports on your Mac; these ports are linked to specific services. If hackers can access these ports on your machine, they can use them to attack your machine directly to launch attacks on other computers, servers, and networks (such as denial-of-service attacks, in which a system is overloaded by repeated requests from many machines).

Because Mac OS X is based on Unix, it has built-in firewall protection. You can enable this firewall to protect a Mac from Net attacks by doing the following:

1.

Open the System Preferences application.

2.

Click the Sharing icon to open the Sharing pane.

3.

Click the Firewall tab.

4.

Click the Start button. The firewall begins working and blocks inappropriate requests for access to your Mac (see Figure 35.10).

Figure 35.10. Enable Mac OS X's built-in firewall by clicking the Start button on the Firewall tab.


5.

If you want to enable specific ports for a service that you are allowing access through the firewall, select the service and click Edit. (You can't change the ports for built-in services, such as personal file sharing.)

6.

Click the Advanced button. Use the resulting sheet to configure more advanced settings for the firewall (see Figure 35.11).

Figure 35.11. Use the Advanced sheet to configure additional aspects of your Mac's firewall.


7.

To block all UDP traffic, check the "Block UDP Traffic" check box. The UDP protocol is designed mostly for broadcasting messages.

8.

To record hits (or attacks) against your firewall, click the "Enable Firewall Logging" check box. When you want to view the log, click the Open Log button. A Console window will open and show you the attempts to access your system.

9.

If you don't want any attempts to communicate with your Mac to be responded to, check the "Enable Stealth Mode" check box. This prevents a hacker from learning that there is even a computer at the address he is attempting to access, much less being able to access it. You should always leave this option active.

10.

Click OK. The firewall will be protecting your Mac.

Only the services you allow will be permitted to access your Mac. All others will be denied. This provides more than adequate protection for most Mac users.

TIP

You can use the New button to add new services to your Mac. In the resulting sheet, choose the type of service you want to add and enter port numbers, if appropriate. Click OK to add the service.


You can gain more specific control over the firewall if you choose to. However, configuring this firewall directly requires a fairly complete understanding of Unix and firewalls and requires more energy and time than most Mac users will care to spend on it. For most situations, using the built-in firewall is a better option.

Defending Users from Online Attacks

In addition to protecting your Mac itself from attack, you can also protect individual users from various kinds of danger by blocking specific types of access for individual accounts. For example, you might want to control the kind of email a child who uses your Mac receives. You control various types of access via the Accounts pane of the System Preferences application.

Limiting Email Access of Others to Your Mac's Users

You can determine from which email addresses a user can receive email to shield that user for unwanted emails. Set this up with the following steps:

1.

Open the Accounts pane of the System Preferences application.

2.

Select the user whom you want to protect from unwanted emails.

3.

Click the Parental Controls tab (see Figure 35.12).

Figure 35.12. You can use the Parental Controls tab to limit the emails a user can receive.


4.

Check the Mail check box. The Mail configuration sheet will appear.

5.

Click the Add Email address button (the +) located at the bottom of the allowed email list.

6.

Type the address from which you want to allow the user to receive email (see Figure 35.13).

Figure 35.13. So far, this user will be able to receive email from only one email address.


7.

Repeat steps 5 and 6 until you have added all the email addresses from which you want to allow emails to the list.

8.

If you want to receive a permission email each time an email from an address not on the list is received, check the "Send permission emails to" check box and enter the email address where you want the permission emails to be sent in the box.

9.

Click OK to close the sheet and enable the email limits.

TIP

You can change the settings for the Mail filter by clicking the Configure button and using the Configure sheet. To remove an address, select it and click the Remove button (the -).


Any email addressed to the user from addresses not on the list you configured will be rejected. If you enabled the permission email option, a permission email will be sent to the address you configured. If permission is granted via that email by clicking the Always Allow button, the email from the unlisted address will be allowed, as will future emails from the same address (it will be added to the list of allowed email addresses).

TIP

You can prevent additional emails from the same address by clicking the No Longer Allow button in the permission email.


NOTE

When the Mail parental control is active for a user account, you will see the status message Parental Control on in the Mail window title bar.


Limiting the Chat Access of Others to Your Mac's Users

iChat is a great way to keep in touch with others via text, audio, or video chatting. However, you might want to limit the access a user has to chat sessions, especially if you have young children who like to chat. You can use the Parental Controls tools to limit the chat access a user account has by performing the following steps:

NOTE

Before a person can be added to the approved chat list, that person should have an address card in your Address Book.


To learn how to add people to the Address Book, p. 400.


1.

Open the Accounts pane of the System Preferences application.

2.

Select the user whom you want to protect from uncontrolled chatting.

3.

Click the Parental Controls tab.

4.

Click the iChat check box and then click its Configure button. The Chat Configuration sheet will appear (see Figure 35.14).

Figure 35.14. Use this sheet to determine who can chat with a specific user.


5.

Click the Add User button (the +). The Buddies dialog box will appear.

TIP

You can add a person to your Address Book by clicking the New Person button in the Buddies dialog box.

6.

Locate and select the person with whom you will allow chats and click Select Buddy. The person will be added to the allowed list.

7.

Repeat steps 5 and 6 until you have added all the people with whom you will allow chatting to the list.

8.

Click OK to save the list.

When this control is configured, the user will be able to chat only with people on the allowed list.

CAUTION

The Parental Controls work only with Mail, iChat, and Safari. Other applications that perform the same functions will not be limited by these controls.


Limiting the Websites Your Mac's Users Can Access

The Web is often a great place to be, but it can also be a dangerous or disgusting place to be as well. You can protect users by limiting the websites they can visit by doing the following steps:

1.

Open the Accounts pane of the System Preferences application.

2.

Select the user whose website access you want to limit.

3.

Click the Parental Controls tab.

4.

Check the Safari check box and then click the Configure button.

5.

Log in under the user account whose access you are configuring.

6.

Launch Safari.

7.

Click the "Show all bookmarks" button.

8.

Authenticate yourself with an administrator account.

To learn how to configure Safari bookmarks, p. 470.


9.

Configure bookmarks for the sites you want to allow the user to access.

10.

Log out of the user account.

The user will only be able to access web pages for which you have configured bookmarks. If the user attempts to access any other pages, such as by entering a URL, that access will be blocked.



Special Edition Using MAC OS X Tiger
Special Edition Using Mac OS X Tiger
ISBN: 0789733919
EAN: 2147483647
Year: 2003
Pages: 317
Authors: Brad Miser

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net