iMac security

eoineen · 16-07-2006 9:18pm #1

I am relatively new to OS X and the world of mac but I have one question because I don't seem to be able to find it put plainly anywhere: what are the basic security preacuations I need on my OS X 10.4.7 iMac when using broadband? Please bear in mind the following:

I have turned on the firewall
I know there are no wild viruses for mac out there
I use ClamXAV for my windows using friends

Thanks

K.O.Kiki · 17-07-2006 4:20pm

There's a firewall??
Huh; that's news to me!

Yeah, your security concerns now are basically:

Use Camino, Firefox or Opera for browsing (there are a few Safari exploits)
Check for updates once a week
Don't give out your personal details (credit card numbers etc) unless the site's secure (it starts with https/ ) & you know who's receiving the info.

... And that's, basically, everything.

eoineen · 17-07-2006 6:34pm

Yes, thanks for those. Am using Firefox since my windoze days. Spotlight the word Firewall... that should get you there.

ZENER · 17-07-2006 11:13pm

I think he was being tongue in cheek but perhaps a bit like most Mac users have become (myself included) - complacent !

I doubt we will stay safe for ever so I guess it's a good thing to get into the routine of protecting your system. Even if for now you are basically stopping the spread of windows viruses (virii ??) to other windows users via your Mac.

Sophos also produce an AV system and is well regarded. My experience of Norton for mac is not a happy one as I think many will agree but it's there if you want it I think. Up till now there haven't really been any adware things released that function on the Mac and I have yet to see an Ad-Aware type program for our OS - although I could well be wrong.

Keep doing what you're doing and also use the features of your router/modem if used. NAT can be usefull as it can blocking badies before they even hit your network and for blocking access to sites you don't want accessed (handy where kids are involved). I personally use a Smoothwall box to look after everything bound for the internet.

Good luck !!

ZEN

eoineen · 18-07-2006 5:28pm

ZENER wrote:

Keep doing what you're doing and also use the features of your router/modem if used. ZEN

Thanks for that but one more question. I've gone wireless again and would like to know more about setting up WEP or WPA for my iMac 10.4.7. I did it through the router itself and got nowhere. Are specific kinds of WEP not so good for the mac?

Finding an easy to understand step by step guide ain't easy.

ZENER · 18-07-2006 9:46pm

The new iMacs use Airport Extreme 802.11g and are compatible with WPA security. To get started and to confirm you can connect with the router and the 'net disable these features and just get the network functioning. There's an app called MacStumbler that's handy for finding local WiFi points and the security protocols employed by them.

With this achieved turn off SSID broadcast or on some WAPs it's called a Closed Network. With this you will need to inform the MAc to connect to a preferred network in the Network > Airport preferences pane. Select no security to begin with, again to confirm you can still connect. Now on the Wireless AP enable WPA2 Personal and supply the password required by the clients. Enable WPA 2 Personal on the MAc and supply the same password and hopefully everything should still function.

Your Access Point (AP) should be configured to supply IP information for easy operation. If you're savvy then supply your own network info to the clients manually.

Try this and report your success level.

ZEN

SouperComputer · 18-07-2006 10:39pm

TBH, don't bother diasabling the SSID broacast. All it will do is cause extra hassle for you.

SSID enabled or not, anyone who is knowledegable\determined enough to sucessfully crack a WPA key SSID will make no difference. Nor will MAC filtering for that matter.

Forget about using WEP as it is trivial to circumvent.

eoineen · 18-07-2006 10:59pm

SouperComputer wrote:

Forget about using WEP as it is trivial to circumvent.

Thanks for the step thru Zener.

But SouperComputer: are you saying that WEP or any other form of encryption is unnecessary? Im not that bothered by next door leeching from me - god knows I do it when I really need to.

Urban Weigl · 19-07-2006 1:48pm

K.O.Kiki wrote:

Yeah, your security concerns now are basically:
Use Camino, Firefox or Opera for browsing (there are a few Safari exploits)

Not quite sure where you got your information from, but Safari is actually more secure than Firefox, and has less exploits (no current known exploits). This is confirmed by various exploit tracking and secuirty companies, like @stake etc.

So if you're really concerned about security, use Safari instead of Firefox. That said, Firefox is pretty secure as well (miles better than IE anyway), and it's patched quickly anyway, so either choice will be safe. In the interest of full disclosure, I use both.

Hugh_C · 19-07-2006 2:13pm

SouperComputer wrote:

Forget about using WEP as it is trivial to circumvent.

Pointers? How? Where?

m_stan · 19-07-2006 2:25pm

Best bet for wireless security in my view is to restrict it by mac address if your AP supports that. Combine that with WEP and it's about as tight as you'll get it. At least, that's what allows me to sleep sound at night so please don't correct me if I'm wrong

SouperComputer · 19-07-2006 5:37pm

eoineen wrote:

But SouperComputer: are you saying that WEP or any other form of encryption is unnecessary? Im not that bothered by next door leeching from me - god knows I do it when I really need to.

No i'm saying WEP is pretty weak and that you should use WPA with a random 64 character key wherever possible. Of course this can be cracked, but its a hell of a lot harder than WEP.

hughcal wrote:

Pointers? How? Where?

Download a copy of kismac and google for a guide. Its so trivial its hilarious! WPA as I say is more difficult.

Video, M_Stan may not want to watch this!: http://video.google.com/videoplay?docid=-1021256519470427962

MAC filters are semi-pointless as during the very first stages of examinng network traffic, a list of vaild connected MAC addresses appears. You can simply clone one of these addresses on your hardware to gain access.

It could be argued that MAC filtering means that you cannot connect as one of the exisiting machines, but you can send packets to the router to disconnect the client machines, allowing you to connect.

Urban Weigl · 19-07-2006 8:05pm

If you are worried about security on your wireless network, as has already been said, you can forget about WEP completely. My advice is to go straight to WPA2. Read about it here.

Remember to use a secure password or pass-phrase as well. Mac OS X includes a password generator as well that you can use.

WPA2 is much more secure, and has not been broken.

iMac security

Comments