 |
Macintosh Network Safety |
How I stopped worrying about being hacked on the Internet, |
So many people (and a very large percentage of Apple Macintosh users) are on the internet these days. To those who are the very experienced users we see these people as either those who can be helped, and some "hackers" see these people as people who can be exploited. In general, the "classic" Macintosh OS is generally hack-proof. There are however some new attacks, similar to the type of attack performed on Microsoft's web server in October 2000, which are remote administration types of attacks which can be carried out from anyone on the internet with a modicum of knowledge. These attacks and others even more dangerous can be performed on your Mac. Let's stop those bad guys in their tracks. Here's how we can accomplish this very easily. The first thing to do is to be able to identify an attack. This will require firewall software. A firewall denies access to anyone else who remotely wants to "get into" your software, for whatever reason, in theory and in practice. Without firewall software of some kind it will be very difficult to identify an attack, because you simply will not know if you are being remotely accessed. Thankfully there is a really great Mac-like (read easy to use) firewall software for about $59.00 available via download purchase. This is the Norton Personal Firewall package. You may download or read about this software from: With this excellent piece of software installed on your Mac-in either OS (OR X), every time someone tries to access your computer a small unobtrusive dialog box will pop up with the type of access attempted. This software also contains a control strip so that you can turn off the firewall easily and conveniently as well. This is important because whenever you need to use ftp (file transfer protocol) services, to either download software from an ftp server, or wish to upload a web page or web pages, you will need to turn off the firewall. Have no fear however, because DoorStop will log access to your Mac with the firewall off as well as on. However with the firewall off, access to your machine will be granted. This is what you wish to avoid however. This begs the question as to how you can protect yourself legitimately while you are using ftp services, AND how you can be sure that you can FULLY and COMPLETELY deny access to your Mac, without engaging in a reverse attack, which still may not stop the bad guys from getting in, and may get you into trouble with your ISP for engaging in cyber attacks! There is no point in being booted off permanently from that great broadband service because you violated end user use policy. Shooting someone after you yourself have been shot will not protect you from being shot in the first place. Basically all the bad guys need to do with a trojan horse remote admin package is insert a small file on your machine which will invisibly allow them to download any software on your machine, insert a computer virus, steal personal information, such as your identity, credit card information...whatever you may imagine-can be done to you! If you are on a network, such as cable modem or dsl, you are basically on the internet all the time, even if you are not using your web browser or other internet services. The bad guys know the range of addresses used by broadband services, and will scan them frequently, looking for machines to attack. They especially love folks who leave their computers turned on for hours at a time, because this allows them to make mayhem to their heart's content with your valuable data. So the first thing to keep in mind ALWAYS is to turn off your machine when it is not in use, or when you will not be monitoring it. Now comes a really clever piece of software which will allow you to disconnect anyone who is remotely attempting access to your machine. This software requires a firewall, because it is necessary to identify the IP address of the person you wish to disconnect from your machine. Fortunately for Mac 8.1-9.x.x users there is a really great program available called Port Fake. It may be downloaded here: Port_Fake_1.5_FAT.sit.hqx Port Fake will simply disconnect anyone who is trying to access your machine from doing so. Simply make an alias to your Apple menu of this program so it is ready to hand when some goon tries something, and he/she will be perplexed to say the least as to why he got disconnected from your machine. This software will not crash anyone elses computer, nor will it attack them either. It also will not remotely disconnect anyone from the internet. Just select a range of ports that the attack is coming from. If perhaps an attack comes from port 1243 you simply type in port 1200 to 1300, and hit start. It simply will stop them from attacking you by disconnecting them from your machine. That's all. It also will not violate any end user policy by your ISP. In fact, your ISP will not mind this at all, and may want to know where you got such cool software. I did not write this program, and take no responsibility for it's use. It is "freeware" software. This means it has been written for free distribution, and anyone may use it. I have used this software with NO issue on my Mac, and imagine that you won't have any trouble with it either. No more problem! You have to be watching your machine, however, so you see if your firewall reports an attack. By double clicking any line in your Norton Personal Firewall log, (Or in OS X your BrickHouse or Firewalk firewall software log) a lovely small dialog box will pop up with the ability for you to learn a great deal about the access attempt on your machine for you. In Norton Personal Firewall by clicking on the Learn More button, Norton Personal Firewall will launch your web browser and take you to a remote web site where full information can be gathered easily about the individual who attacked you. Copy their URL of this remote web site to insert into an email. Norton Personal Firewall will also provide you with the ability to copy the server log entry to your clipboard, where you can also insert it into an email to complain about the attack attempt to your ISP, or better yet, to the offending ISP. If you also use the ARIN WHOIS service, you can get specific information about the other machine by typing the offender's IP into the search window. Norton Personal Firewall's More Info web page contains a link to this free service. Copy and paste this information into your email as well, or you may go directly to the ARIN WHOIS web page: You should copy all the information from an Arin Whois Search and provide it to the offenders ISP, as well as the copy of your server log for each attempted access, and the unique url which the Norton Personal Firewall provides through it's Learn More Button-or alernately copy the information from your OS X firewall log. These 3 easy pieces of information sent to the offender's ISP is irrefutable proof, and will cause the hacker to be terminated from his service, as a cyber attack DOES violate ANY ISP end user policy. Also if the ofender's ISP is in the state of Pennsylvania, you may report this information to the Pennsylvania State Police if you wish, as Pennsylvania has specific anti-hacker laws as of October 2000. If you are a commercial server, there are federal commercial anti-hacking laws as well. Time to contact the FBI! I very much recommend you report any attempts to insert a trojan horse (aka Back Orifice) into your machine, as these types of attacks are becoming more and more common, and are potentially highly harmful. Should DoorStop report an access attempt at port 27374, you may rest assured that this IS the Windows sub 7 trojan horse (Back Orifice) attack. Reply by running Port Fake between ports 27000 and 28000 if desired just to get the feel of running Port Fake. No, that trojan horse will not harm your Mac in any way, but if you report those attacks it will reduce the level of hacking out there, and as an added bonus will make you lots of friends in the wintel community, and will allow others to see the value of the Macintosh platform in a way that has been largely overlooked! You can be the hero.....and invulnerable! In any event, any attack should be reported to the offender's ISP. If you are attacked by an AOL user, try emailing the data to tosemail1@aol.com. If any other ISP, using the more info button in the firewall to find the offender's ISP. Simply report the bad guy to abuse@(name of ISP here) (example-abuse@monmouth.com). I hope this has been useful information to you, and will save you from a cyber attack. Also please remember to TURN OFF YOUR Mac WHEN NOT IN USE! One-Step Mac OS X SecurityIN OS X I reccomend you use the bulit-in firewall which came with the operating system. Simply open System Preferences, then open the Sharing Preference, click the Firewall tab, then click the Start button. This will start the OS X Firewall. This Firewall can be customized easily for use by the end user. Below Mac OS X 10.2 Jaguar I recommend the Brickhouse Firewall, or for more security in either Mac OS 9 or OS X I recommend the Norton Personal Firewall. THE Best Security Device: Router With Hardware FirewallFor very good security you should purchase a router with a built-in hardware firewall. All the Hollywood movies that talk about popping the firewall are mostly jokes. Also with a Firewall in both software and hardware you couldn't be more secure. While we're discussing Routers, you should also know that they are also very good (as opposed to the cheaper standard 10/100 base T ethernet hub) because they act as a full-speed & bandwidth full transfer hub for more than one computer networked at your location (a hub simply shares an available internet/intranet signal and splits it amongst available computers on the network-and can't assign independent IP addresses, so you have to buy a second IP from your service provider, as per their individual rental rates per month). Routers can automatically assign IP addresses for all your computers automatically or manually if necessary for full internet/intranet compatability with narrow-range IP print servers. A Router will allow you to connect multiple computers to one internet connection-saving you money every month on your internet bill, and each machine can use the maximum bandwidth of the available connection Automatic Portscanners An automatic portscanner is the final nail in the coffin to any would-be hacker trying to break into your Mac. Along with all the other implementations discussed earlier, with automatic portscanning implemented on your Mac you'll be bulletproof from ANY hacker's cyberattack, except maybe a mailbomb. All attempts to get into your Mac will never happen in 1000 years though for all forseeable intents and purposes. A Free Portscanner is available for Mac OS X called Port Sentry. This is really pretty easy information to follow actually as everything you need to know is posted there. In Mac OS 8.x - 9.x.x portscanner software such named IP NetSentry, which you read more about and may download here, is the portscanner of choice! These block attacks of various types. See my SecureMac web site link on my home page, now that you have a good basis of inforamtion on how network security works-and get further information on security. If desired, I will perform a Network Evaluation of your machine-at the fee of $500.00 per machine. Regarding "Opener" type shell scripts There is a shell script dubbed "opener" that, if installed with proper authentication on a Mac OS X system, can trigger several vulnerabilities including password compromising and activity tracking. Fortunately, there is no immediate threat posed by this, or any other malicious shell script currently in circulation -- running the "opener" script and allowing it to do any damage requires root authentication, which must be locally entered by a Mac OS X administrator. There is currently no vector for this or any other malicious Mac OS X script, i.e. no way for the script to autonomously take hold of the system or propagate itself to other systems without express administrator permission. In other words, it is not spreading, and cannot spread without a vector that is capable of gaining root access. That said, this security scare should remind users to take some precautionary measures that will lessen the chances of another individual gaining the ability to install and run a threatening script. First of all, make sure to use strong passwords, and never send your administrator password in the clear, without encryption, or to an untrusted third party. Check out the utilities PassGenX or PasswordMaster if you are unfamiliar with generating strong, secure passwords. Second, make sure to apply all of Apple's security updates up through the most recent revision. These are available through Software Update or Apple's download page. Particularly important are updates that plug secure shell (SSH) protocol vulnerabilities. Finally, and perhaps most importantly, never provide your administrator password to an untrusted application or install routine. Make sure, when downloading applications from any source, that the author is reputable and (if possible) other users have already tested the release. Unwittingly giving arbitrary code the permission to run is perhaps the greatest current security threat for Mac OS Xeat for Mac OS X There is a great set of articles on Macintosh Security HERE. Many articles cover OS X! THe National Security Agency has published a PDF file on OS X 10.3 Panther security and setup and is available HERE The REAL Truth about Mac OS X Security! A 12 month study by the security firm mi2g concludes that Mac OS X and Open Source BSD are the "world's safest and most secure 24/7 online computing environments." The mi2g Intelligence Unit study analyzed 235,907 successful security breaches of continuously Web connected PCs worldwide. Of the nearly quarter million breaches carried out by hackers from November 2003 to October 2004, only 4.82% were against Mac OS X or BSD based online computers. "More and more smart individuals, government agencies and corporations are shifting towards Apple and BSD environments in 2004," said DK Matai, Executive Chairman of mi2g. "There is an accelerating paradigm shift visible in 2004 and busy professionals have spotted the benefits of Apple and BSD because they don't have the time to cope with umpteen flavors of Linux or to wait for Microsoft's Longhorn when Windows XP has proved to be a stumbling block in some well chronicled instances." The study revealed that Linux is now the number one most breached 24/7 online computing environment in terms of manual hacker attacks at 65.64%, with 154,846 successfully compromised computers. The number of successful manual hacker attacks against Microsoft Windows based online computers has remained steady and accounts for 25.19% of all breaches recorded, with 59,419 successfully compromised Windows targets of all versions. The number of recorded breaches against government online computers running BSD or Mac OS X worldwide remains very low at 1.74%, the firm said. In terms of global economic damage from hacker attacks, mi2g estimated the damage to have been between $103 billion and and $126 billion. These figures exclude malware attacks through viruses, worms and trojans which account for an additional estimated damage of between $166 billion and $202 billion worldwide. Identity Theft and What it Means to YOU There are two pdf files here laid out for printing because they are very important to read and follow rather than I go into detail here. They are courtesy of Virginia State Police Officer David Martin. They go into depth as to what YOU can do to protect yourself against Identity Theft!!!! |