When your computer is connected to the Internet via a direct connection to a cable modem or DSL line, it can be a direct target for attack from outside. Earlier in the chapter, you learned how to use network sharing and services. Now let's find out what security issues are related to their use. (To put it bluntly, the more network services that are running, the greater the chance that a potential intruder can discover and access your system.) Network Sharing ServicesAlthough it's tempting to go through your system and activate every feature in the Sharing panel, doing so isn't always a good idea. If you turn on everything in the Sharing Preferences panel, someone else could scan your system over the Internet and find the following services active and available for use:
To disable any of these built-in network services, follow these steps:
FirewallsThe "ultimate" solution to network security is the use of a firewall , a piece of hardware or software that sits between your computer and the Internet. As network traffic comes into the computer, the firewall looks at each piece of information, determines whether it's acceptable, and, if necessary, keeps the data from getting to your machine. (Examples of data it would block are attempts by unauthorized users to contact the services listed earlier.)
Though both hardware and software-based firewalls are available, a software firewall is the quickest way to get unwanted traffic blocked from your machine. Mac OS X 10.2 includes a built-in personal firewall, accessible from the Firewall tab of the System Preferences Sharing panel shown in Figure 27.17. Figure 27.17. The Mac OS X personal firewall can be enabled to secure the services/port you don't want to operate .
To activate the firewall, click the Start button. Checked boxes appear next to those services/ports that you've turned on under the Services pane of the Sharing Preferences panel. Other than starting or stopping your personal firewall, there are no other settings to configure in the Firewall panel. Because disabling a port disables its service and unenabled ports require no securing, you must go to the Services panel to change the active/inactive status of the services in the Firewall panel. If you need more flexibility, there are several other firewall builder packages that make it easy to point-and-click your way through setting up a firewall on your computer. You may want to consult another source, such as Maximum OS X Security, for deeper coverage of security issues. |